Home » Viren, Trojaner & Malware Forum » Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1

Antworten

Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert

16.02.2012, 19:38

Sperle

...neu hier

Beiträge: 7

#1 Hi!

Ich habe die letzten zwei Tage versucht meinen PC sauber zu bekommen leider nur mit kurzem Erfolg. Nach Studie diverser Foren und Abarbeitung der Vorschläge stehe ich quasi wieder am Anfang. Es fällt auf, dass die Meldung nicht angezeigt wird, wenn ich den PC ohne Internetverbindung hochfahre. Folgendes habe ich schon versucht:

- Kaspersky Rescue CD (hat einiges gefunden, leider nicht das richtige)
- Einträge über abgesicherten Modus in der Registry gesucht. (Leider nicht die "typischen" Dateien gefunden. Für mich war nichts zu erkennen)
- Diverse Programme scannen lassen (Spybot, Malwarebytes, Trojaner Killer, SuperAntiSpyware, Avast)

Wäre sehr dankbar, wenn man mir helfen könnte. Habe einige Menge Logs.

Hier mal die logs:

DDS

Code

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.19088  BrowserJavaVersion: 1.6.0_26
Run by HOME at 1:39:00 on 2012-02-15
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.2046.1270 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
B:\Programme\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
B:\Programme\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
B:\Programme\SuperAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
B:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\system32\SearchIndexer.exe
B:\Programme\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
B:\Programme\Avast\AvastUI.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conime.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = 
mStart Page = hxxp://www.onista.de
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 194.170.28.111:80
mSearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - b:\programme\spybot - search & destroy\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - b:\programme\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - b:\programme\java\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - b:\programme\avast\aswWebRepIE.dll
TB: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Advanced SystemCare 5] "b:\programme\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [SUPERAntiSpyware] b:\programme\superantispyware\SUPERAntiSpyware.exe
uRun: [ccleaner] "b:\programme\ccleaner\CCleaner.exe" /AUTO
uRun: [ffdwnd] c:\users\home\appdata\local\mozilla\firefox\firefox.exe
uRun: [SpybotSD TeaTimer] b:\programme\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [avast] "b:\programme\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "b:\programme\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\home\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\home\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-explorer: NoResolveTrack = 0 (0x0)
mPolicies-explorer: NoFileAssociate = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\home\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\home\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - b:\programme\spybot - search & destroy\SDHelper.dll
Trusted Zone: dab-bank.de\www
Trusted Zone: dshs-koeln.de\www
Trusted Zone: tecis.com\www
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4B28DB98-F63F-44E4-BC3B-D2B0400B3543} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5D3A3EF8-429C-4350-876E-941008277236} : DhcpNameServer = 192.168.0.1
Notify: !SASWinLogon - b:\programme\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - b:\programme\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\home\appdata\roaming\mozilla\firefox\profiles\jwys5alp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comunio.de/team_news.phtml|hxxp://www.onvista.de/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4da78dd8&i=23&tp=ab&nt=1&q=
FF - plugin: b:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: b:\programme\adobe\reader\air\nppdf32.dll
FF - plugin: b:\programme\adobe\reader\browser\nppdf32.dll
FF - plugin: b:\programme\java\bin\new_plugin\npdeployJava1.dll
FF - plugin: b:\programme\java\bin\new_plugin\npjp2.dll
FF - plugin: b:\programme\vlc\npvlc.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\users\home\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autoFill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-6-8 16184]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-8 608088]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-8 335320]
R1 SASDIFSV;SASDIFSV;b:\programme\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;b:\programme\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;b:\programme\superantispyware\SASCore.exe [2011-8-12 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;b:\programme\iobit\advanced systemcare 5\ASCService.exe [2012-2-1 497496]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-8 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-6-8 57688]
R2 avast! Antivirus;avast! Antivirus;b:\programme\avast\AvastSvc.exe [2011-6-8 44768]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-10-3 238952]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService.exe [2011-2-4 196912]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-6-17 2214504]
R2 SBSDWSCService;SBSD Security Center Service;b:\programme\spybot - search & destroy\SDWinSec.exe [2012-2-14 1153368]
R2 TomTomHOMEService;TomTomHOMEService;b:\program files\tomtom home 2\TomTomHOMEService.exe [2012-1-23 92592]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-10-3 36608]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2012-1-31 30312]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-8 20464]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-8-11 523264]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2011-9-27 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2011-9-27 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2011-9-27 123648]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-1-31 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-1-31 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-1-31 136808]
S3 stusb2ir;USB 2.0 IrDA-Brücke;c:\windows\system32\drivers\stusb2ir.sys [2006-11-2 41728]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\drivers\gtkdrv.sys [2012-1-4 16128]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-14 23:31:15    --------    d---a-w-    C:\3590F75ABA9E485486C100C1A9D4FF06ZZ..Z.ZZZZZZZZ.Z
2012-02-14 22:18:57    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2012-02-14 09:12:01    6557240    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{fd3693fc-4d51-4f03-97ab-47ae56508f05}\mpengine.dll
2012-02-14 00:10:28    --------    d-----w-    c:\windows\system32\System32
2012-02-13 22:42:01    --------    d-----w-    c:\program files\Hotspot Shield
2012-02-13 22:38:40    --------    d-----w-    c:\users\home\appdata\roaming\tor
2012-02-13 22:25:21    --------    d-----w-    c:\users\home\appdata\roaming\DVDVideoSoft
2012-02-13 11:08:21    231936    ----a-w-    c:\windows\system32\msshsq.dll
2012-02-12 14:06:14    --------    d-----w-    c:\users\home\appdata\roaming\SUPERAntiSpyware.com
2012-02-12 14:06:14    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2012-02-09 01:43:20    --------    d-----w-    c:\program files\Dropbox
2012-02-03 09:41:29    --------    d-----w-    c:\users\home\appdata\roaming\Dropbox
2012-02-01 22:35:51    21848    ----a-w-    c:\windows\system32\RegistryDefragBootTime.exe
2012-01-31 22:38:43    --------    d-----w-    c:\users\home\appdata\roaming\Temp
2012-01-31 22:35:46    --------    d-----w-    C:\Temp
2012-01-31 22:27:26    --------    d-----w-    c:\users\home\appdata\local\Samsung
2012-01-31 22:23:59    4659712    ----a-w-    c:\windows\system32\Redemption.dll
2012-01-31 22:23:14    821824    ----a-w-    c:\windows\system32\dgderapi.dll
2012-01-31 22:23:14    319456    ----a-w-    c:\windows\system32\DIFxAPI.dll
2012-01-31 22:23:14    20032    ----a-w-    c:\windows\system32\drivers\dgderdrv.sys
2012-01-22 13:04:29    --------    d-----w-    c:\program files\iPod
2012-01-22 12:59:29    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-01-22 12:59:29    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-01-22 12:59:29    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-01-22 12:59:29    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-01-22 12:59:29    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-01-22 12:59:29    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-01-22 12:59:29    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin.dll
.
==================== Find3M  ====================
.
2012-02-07 23:12:39    41184    ----a-w-    c:\windows\avastSS.scr
2012-02-07 23:01:10    608088    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2012-02-07 22:59:05    57688    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2012-01-26 23:21:24    237072    ------w-    c:\windows\system32\MpSigStub.exe
2012-01-22 12:12:17    414368    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-04 14:28:36    16128    ----a-w-    c:\windows\system32\drivers\gtkdrv.sys
2011-12-28 23:57:28    37376    ----a-w-    c:\windows\system32\drivers\hssdrv.sys
2011-12-10 14:24:06    20464    ----a-w-    c:\windows\system32\drivers\mbam.sys
.
============= FINISH:  1:39:25,04 ===============

OTL

Code

OTL logfile created on: 15.02.2012 01:55:51 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\HOME\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 48,03% Memory free
4,23 Gb Paging File | 3,05 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 85,00 Gb Total Space | 39,74 Gb Free Space | 46,75% Space Free | Partition Type: NTFS
 
Computer Name: SPERL-FEST | User Name: HOME | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\HOME\Desktop\OTL.exe (OldTimer Tools)
PRC - B:\Programme\Firefox\firefox.exe (Mozilla Corporation)
PRC - B:\Programme\Firefox\plugin-container.exe (Mozilla Corporation)
PRC - B:\Programme\Avast\AvastUI.exe (AVAST Software)
PRC - B:\Programme\Avast\AvastSvc.exe (AVAST Software)
PRC - B:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - B:\Programme\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - B:\Programme\SuperAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\Nitro PDF\Reader\NitroPDFReaderDriverService.exe (Nitro PDF Software)
PRC - C:\Windows\System32\sdclt.exe (Microsoft Corporation)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - B:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - B:\Programme\Firefox\mozjs.dll ()
MOD - B:\Programme\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (avast! Antivirus) -- B:\Programme\Avast\AvastSvc.exe (AVAST Software)
SRV - (TomTomHOMEService) -- B:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AdvancedSystemCareService5) -- B:\Programme\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (!SASCORE) -- B:\Programme\SuperAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (NitroReaderDriverReadSpool) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe (Nitro PDF Software)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (SBSDWSCService) -- B:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (TrojanKillerDriver) -- C:\Windows\System32\drivers\gtkdrv.sys (Windows (R) Win 7 DDK provider)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (SASDIFSV) -- B:\Programme\SuperAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- B:\Programme\SuperAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SmartDefragDriver) -- C:\Windows\System32\Drivers\SmartDefragDriver.sys ()
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV - (stusb2ir) -- C:\Windows\System32\drivers\stusb2ir.sys ()
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.onista.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6F B0 5D 6A 1B C0 CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 194.170.28.111:80
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.startup.homepage: "hxxp://www.comunio.de/team_news.phtml|hxxp://www.onvista.de/"
FF - prefs.js..keyword.URL: "hxxp://search.avg.com/?d=4da78dd8&i=23&tp=ab&nt=1&q="
 
FF - user.js..browser.search.openintab: false
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: B:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: B:\Programme\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: B:\Programme\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: B:\Programme\Adobe\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\HOME\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: B:\Programme\Avast\WebRep\FF [2012.02.14 23:21:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: B:\Programme\Firefox\components [2012.02.11 17:27:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: B:\Programme\Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: B:\Programme\Firefox\components [2012.02.11 17:27:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: B:\Programme\Firefox\plugins
 
[2011.02.07 20:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOME\AppData\Roaming\mozilla\Extensions
[2011.02.07 20:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOME\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.02.02 22:34:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOME\AppData\Roaming\mozilla\Firefox\Profiles\jwys5alp.default\extensions
[2010.05.05 08:50:46 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\HOME\AppData\Roaming\mozilla\Firefox\Profiles\jwys5alp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.14 23:21:26 | 000,000,000 | ---D | M] (avast! WebRep) -- B:\PROGRAMME\AVAST\WEBREP\FF
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: avast! WebRep = C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1125_0\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - B:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - B:\Programme\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - B:\Programme\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - B:\Programme\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast] B:\Programme\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] b:\programme\malwarebytes' anti-malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Advanced SystemCare 5] B:\Programme\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [ccleaner] B:\Programme\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [ffdwnd] C:\Users\HOME\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak)
O4 - HKCU..\Run: [SpybotSD TeaTimer] B:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] B:\Programme\SuperAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\HOME\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\HOME\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\HOME\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - B:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dab-bank.de ([www] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: dshs-koeln.de ([www] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: tecis.com ([www] https in Vertrauenswürdige Sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B28DB98-F63F-44E4-BC3B-D2B0400B3543}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D3A3EF8-429C-4350-876E-941008277236}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (B:\Programme\SuperAntiSpyware\SASWINLO.DLL) - B:\Programme\SuperAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\HOME\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\HOME\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - B:\Programme\SuperAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2a71ca8f-a231-11e0-9120-0019db4101f5}\Shell - "" = AutoRun
O33 - MountPoints2\{2a71ca8f-a231-11e0-9120-0019db4101f5}\Shell\AutoRun\command - "" = I:\autorun.exe
O33 - MountPoints2\{4e1c9d5b-1f23-11df-a28e-0019db4101f5}\Shell\AutoRun\command - "" = J:\setup.EXE
O33 - MountPoints2\{7178755b-f81b-11de-bb22-0019db4101f5}\Shell - "" = AutoRun
O33 - MountPoints2\{7178755b-f81b-11de-bb22-0019db4101f5}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{f88e15f6-12b1-11e0-be26-0019db4101f5}\Shell\AutoRun\command - "" = J:\sources\sperr32.exe x64
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.15 01:53:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\HOME\Desktop\OTL.exe
[2012.02.15 01:11:25 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\HOME\Desktop\dds.com
[2012.02.15 00:31:15 | 000,000,000 | ---D | C] -- C:\3590F75ABA9E485486C100C1A9D4FF06ZZ..Z.ZZZZZZZZ.Z
[2012.02.14 23:19:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.02.14 23:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.02.14 14:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012.02.14 01:10:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\System32
[2012.02.13 23:42:01 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2012.02.13 23:38:40 | 000,000,000 | ---D | C] -- C:\Users\HOME\AppData\Roaming\tor
[2012.02.13 23:25:21 | 000,000,000 | ---D | C] -- C:\Users\HOME\AppData\Roaming\DVDVideoSoft
[2012.02.13 12:08:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2012.02.13 03:01:30 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2012.02.13 03:01:29 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2012.02.13 03:01:27 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2012.02.13 03:01:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2012.02.13 03:01:27 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2012.02.13 03:01:26 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2012.02.13 03:01:26 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2012.02.13 03:01:26 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2012.02.13 03:01:26 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2012.02.13 03:01:26 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2012.02.13 03:01:26 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2012.02.13 03:01:26 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2012.02.13 03:01:25 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2012.02.13 03:01:25 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2012.02.13 03:01:25 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2012.02.13 03:01:25 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2012.02.13 03:01:25 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2012.02.13 03:01:24 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2012.02.13 03:01:24 | 001,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2012.02.13 03:01:24 | 001,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2012.02.13 03:01:24 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2012.02.13 03:01:24 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2012.02.13 03:01:24 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2012.02.12 16:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.02.12 15:06:14 | 000,000,000 | ---D | C] -- C:\Users\HOME\AppData\Roaming\SUPERAntiSpyware.com
[2012.02.12 15:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.02.11 17:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy
[2012.02.09 02:43:20 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012.02.07 01:26:01 | 000,000,000 | ---D | C] -- C:\Users\HOME\Desktop\Diplomarbeit
[2012.02.07 00:27:15 | 000,000,000 | ---D | C] -- C:\Users\HOME\Desktop\Dokumente
[2012.02.07 00:24:55 | 000,000,000 | ---D | C] -- C:\Users\HOME\Desktop\Desktopordner
[2012.02.03 10:44:02 | 000,000,000 | R--D | C] -- C:\Users\HOME\Desktop\Dropbox
[2012.02.03 10:42:04 | 000,000,000 | ---D | C] -- C:\Users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.02.03 10:41:29 | 000,000,000 | ---D | C] -- C:\Users\HOME\AppData\Roaming\Dropbox
[2012.02.01 23:35:51 | 000,021,848 | ---- | C] (IObit) -- C:\Windows\System32\RegistryDefragBootTime.exe
[2012.02.01 23:20:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5
[2012.01.31 23:38:43 | 000,000,000 | ---D | C] -- C:\Users\HOME\AppData\Roaming\Temp
[2012.01.31 23:35:46 | 000,000,000 | ---D | C] -- C:\Temp
[2012.01.31 23:27:26 | 000,000,000 | ---D | C] -- C:\Users\HOME\AppData\Local\Samsung
[2012.01.31 23:25:57 | 001,416,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01005.dll
[2012.01.31 23:25:57 | 001,416,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfCoInstaller01005.dll
[2012.01.31 23:25:57 | 000,136,808 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadmdm.sys
[2012.01.31 23:25:57 | 000,121,064 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadbus.sys
[2012.01.31 23:25:57 | 000,030,312 | ---- | C] (Google Inc) -- C:\Windows\System32\drivers\ssadadb.sys
[2012.01.31 23:25:57 | 000,012,776 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadmdfl.sys
[2012.01.31 23:25:57 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadcmnt.sys
[2012.01.31 23:25:57 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadcm.sys
[2012.01.31 23:25:57 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadwhnt.sys
[2012.01.31 23:25:57 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadwh.sys
[2012.01.31 23:25:43 | 000,132,424 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdmdm.sys
[2012.01.31 23:25:43 | 000,104,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdbus.sys
[2012.01.31 23:25:43 | 000,014,920 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdmdfl.sys
[2012.01.31 23:25:43 | 000,012,616 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdcmnt.sys
[2012.01.31 23:25:43 | 000,012,616 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdcm.sys
[2012.01.31 23:25:43 | 000,012,488 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdwhnt.sys
[2012.01.31 23:25:43 | 000,012,488 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdwh.sys
[2012.01.31 23:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012.01.31 23:23:59 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2012.01.31 23:23:14 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2012.01.31 23:23:14 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DIFxAPI.dll
[2012.01.31 23:23:14 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys
[2012.01.22 14:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.01.22 14:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.01.22 13:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.01.22 13:58:57 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.15 01:55:53 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E55A29B6-8FBF-4949-84D5-1522A89526D7}.job
[2012.02.15 01:53:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\HOME\Desktop\OTL.exe
[2012.02.15 01:50:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.15 01:30:30 | 000,632,014 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.15 01:30:30 | 000,598,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.15 01:30:30 | 000,127,258 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.15 01:30:30 | 000,104,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.15 01:25:56 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.15 01:25:39 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.15 01:25:39 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.15 01:25:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.15 01:16:15 | 000,000,020 | ---- | M] () -- C:\Users\HOME\defogger_reenable
[2012.02.15 01:11:58 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\HOME\Desktop\dds.com
[2012.02.15 01:09:54 | 000,050,477 | ---- | M] () -- C:\Users\HOME\Desktop\Defogger.exe
[2012.02.15 00:31:02 | 000,001,356 | ---- | M] () -- C:\Users\HOME\AppData\Local\d3d9caps.dat
[2012.02.14 23:21:29 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.02.14 23:19:14 | 000,000,836 | ---- | M] () -- C:\Users\HOME\Desktop\Spybot - Search & Destroy.lnk
[2012.02.14 14:46:02 | 000,000,731 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.02.14 11:15:55 | 000,000,775 | ---- | M] () -- C:\Users\HOME\Desktop\Free YouTube to MP3 Converter.lnk
[2012.02.14 11:13:32 | 000,000,717 | ---- | M] () -- C:\Users\HOME\Desktop\Free YouTube Download.lnk
[2012.02.14 00:45:37 | 000,000,631 | ---- | M] () -- C:\Users\HOME\Desktop\mp3DirectCut.lnk
[2012.02.14 00:44:46 | 000,288,008 | ---- | M] () -- C:\Users\HOME\Desktop\mp3DC215.exe
[2012.02.13 23:25:25 | 000,001,675 | ---- | M] () -- C:\Users\HOME\Desktop\Free Video to MP3 Converter.lnk
[2012.02.13 22:57:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012.02.13 12:08:21 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2012.02.12 22:00:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2012.02.12 16:08:37 | 000,000,787 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.02.11 17:54:05 | 000,000,627 | ---- | M] () -- C:\Users\Public\Desktop\simfy.lnk
[2012.02.09 02:46:34 | 000,000,902 | ---- | M] () -- C:\Users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.02.09 02:46:33 | 000,000,922 | ---- | M] () -- C:\Users\HOME\Desktop\Dropbox.lnk
[2012.02.08 00:12:39 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.02.08 00:12:32 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.02.08 00:01:10 | 000,608,088 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.02.08 00:01:01 | 000,335,320 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.02.07 23:59:17 | 000,035,800 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012.02.07 23:59:13 | 000,053,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.02.07 23:59:05 | 000,057,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.02.07 23:58:55 | 000,020,696 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.02.05 14:56:23 | 000,000,693 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.03 18:25:51 | 000,158,208 | ---- | M] () -- C:\Users\HOME\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.01 23:20:57 | 000,000,801 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
[2012.02.01 14:55:00 | 000,400,498 | ---- | M] () -- C:\Users\HOME\Documents\Sperling Auswertung.rar
[2012.01.27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.01.25 14:32:15 | 000,048,712 | ---- | M] () -- C:\Users\HOME\Desktop\1992 - 2012.jpg
[2012.01.25 14:31:20 | 000,050,450 | ---- | M] () -- C:\Users\HOME\Desktop\1982 - 2012.jpg
[2012.01.25 14:30:40 | 000,049,141 | ---- | M] () -- C:\Users\HOME\Desktop\1972 - 2012.jpg
[2012.01.25 14:30:10 | 000,047,785 | ---- | M] () -- C:\Users\HOME\Desktop\2002 - 2012.jpg
[2012.01.22 13:12:17 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2012.02.15 01:16:03 | 000,000,020 | ---- | C] () -- C:\Users\HOME\defogger_reenable
[2012.02.15 01:09:57 | 000,050,477 | ---- | C] () -- C:\Users\HOME\Desktop\Defogger.exe
[2012.02.14 23:19:14 | 000,000,836 | ---- | C] () -- C:\Users\HOME\Desktop\Spybot - Search & Destroy.lnk
[2012.02.14 14:46:02 | 000,000,731 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.02.14 11:15:55 | 000,000,775 | ---- | C] () -- C:\Users\HOME\Desktop\Free YouTube to MP3 Converter.lnk
[2012.02.14 11:13:32 | 000,000,717 | ---- | C] () -- C:\Users\HOME\Desktop\Free YouTube Download.lnk
[2012.02.14 00:45:37 | 000,000,631 | ---- | C] () -- C:\Users\HOME\Desktop\mp3DirectCut.lnk
[2012.02.14 00:44:45 | 000,288,008 | ---- | C] () -- C:\Users\HOME\Desktop\mp3DC215.exe
[2012.02.13 23:25:25 | 000,001,675 | ---- | C] () -- C:\Users\HOME\Desktop\Free Video to MP3 Converter.lnk
[2012.02.13 22:57:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012.02.13 03:01:30 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.02.13 03:01:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012.02.13 03:01:26 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2012.02.12 16:08:37 | 000,000,787 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.02.05 14:56:23 | 000,000,693 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.03 10:44:02 | 000,000,922 | ---- | C] () -- C:\Users\HOME\Desktop\Dropbox.lnk
[2012.02.03 10:42:28 | 000,000,902 | ---- | C] () -- C:\Users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.02.01 23:20:57 | 000,000,801 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
[2012.02.01 14:55:00 | 000,400,498 | ---- | C] () -- C:\Users\HOME\Documents\Sperling Auswertung.rar
[2012.01.25 14:32:15 | 000,048,712 | ---- | C] () -- C:\Users\HOME\Desktop\1992 - 2012.jpg
[2012.01.25 14:31:20 | 000,050,450 | ---- | C] () -- C:\Users\HOME\Desktop\1982 - 2012.jpg
[2012.01.25 14:30:40 | 000,049,141 | ---- | C] () -- C:\Users\HOME\Desktop\1972 - 2012.jpg
[2012.01.25 14:30:10 | 000,047,785 | ---- | C] () -- C:\Users\HOME\Desktop\2002 - 2012.jpg
[2011.12.23 20:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.12.23 20:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.12.23 20:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.12.23 20:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.12.23 20:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.09.27 23:37:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2011.06.17 10:48:20 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.06.17 10:48:20 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.06.08 00:08:26 | 000,029,520 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011.06.08 00:08:26 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011.04.19 21:05:05 | 000,001,356 | ---- | C] () -- C:\Users\HOME\AppData\Local\d3d9caps.dat
[2011.04.02 16:54:34 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.02.10 05:03:48 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2011.02.06 23:37:21 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.12.02 16:13:50 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2010.10.03 20:35:24 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.10.03 20:35:24 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.09.20 00:23:53 | 000,000,058 | ---- | C] () -- C:\Windows\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2010.09.18 08:38:40 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2010.09.18 08:38:40 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2010.09.18 08:38:40 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2010.03.27 18:14:41 | 000,000,058 | ---- | C] () -- C:\Users\HOME\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2010.01.11 17:29:14 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2010.01.11 17:29:14 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2010.01.03 04:54:24 | 000,047,104 | ---- | C] () -- C:\Windows\System32\KMVIDC32.DLL
[2010.01.01 14:51:45 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010.01.01 14:51:45 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2009.12.20 19:05:36 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2009.12.19 15:15:21 | 000,158,208 | ---- | C] () -- C:\Users\HOME\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.19 11:50:10 | 000,000,342 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008.01.21 08:15:58 | 000,632,014 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,127,258 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.08.16 14:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2007.02.22 16:17:50 | 000,000,071 | ---- | C] () -- C:\Windows\pn.ini
[2007.02.22 16:17:50 | 000,000,051 | ---- | C] () -- C:\Windows\pr.ini
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,281,352 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,598,702 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,716 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:42 | 000,041,728 | ---- | C] () -- C:\Windows\System32\drivers\stusb2ir.sys
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.12.21 15:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005.12.21 15:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 448 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZ..Z.ZZZZZZZZ.Z:1

< End of report >

16.02.2012, 19:40

Sperle

...neu hier

Themenstarter

Beiträge: 7

#2 Habe jetzt noch einen Scan mit dem Kaspersy TDSSKiller drüberlaufen lassen und bin fündig geworden. Leider kann ich die Reportdatei nicht kopieren - warum auch immer. Es gibt zwei Funde:

Unsigned file
Service: FsUsbExDisk
Suspicious object, medium risk
Service type: Kernel driver (0x1)
Service start: Demand (0x3)
File: C:\Windows\system32\FsUsbExDisk.SYS
MD5: cbe5f69a5e5b918225f420a748f3742

und

Unsigned file
Service: StarOpen
Suspicious object, medium risk
Service type: File system driver (0x2)
Service start: System (0x1)
File: C:\Windows\system32\drivers\StarOpen.sys
MD5: 306521935042fc0a6988d528643619b3

16.02.2012, 19:46

Sperle

...neu hier

Themenstarter

Beiträge: 7

Code

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-02-15 15:53:49
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320820AS rev.3.AAD
Running: gmer.exe; Driver: C:\Users\HOME\AppData\Local\Temp\fgryrpoc.sys


---- System - GMER 1.0.15 ----

SSDT     8A5744AE                                                                                                                                     ZwCreateSection
SSDT     8A5744B8                                                                                                                                     ZwRequestWaitReplyPort
SSDT     8A5744B3                                                                                                                                     ZwSetContextThread
SSDT     8A5744BD                                                                                                                                     ZwSetSecurityObject
SSDT     8A5744C2                                                                                                                                     ZwSystemDebugControl
SSDT     \??\B:\Programme\SuperAntiSpyware\SASKUTIL.SYS                                                                                               ZwTerminateProcess [0x8D3C2640]

---- Kernel code sections - GMER 1.0.15 ----

.text    ntkrnlpa.exe!KeSetTimerEx + 448                                                                                                              826CCA6C 4 Bytes  [AE, 44, 57, 8A]
.text    ntkrnlpa.exe!KeSetTimerEx + 76C                                                                                                              826CCD90 4 Bytes  [B8, 44, 57, 8A]
.text    ntkrnlpa.exe!KeSetTimerEx + 7A0                                                                                                              826CCDC4 4 Bytes  [B3, 44, 57, 8A]
.text    ntkrnlpa.exe!KeSetTimerEx + 804                                                                                                              826CCE28 4 Bytes  [BD, 44, 57, 8A]
.text    ntkrnlpa.exe!KeSetTimerEx + 84C                                                                                                              826CCE70 4 Bytes  [C2, 44, 57, 8A]
.text    ...                                                                                                                                          
?        system32\DRIVERS\avkmgr.sys                                                                                                                  Das System kann den angegebenen Pfad nicht finden. !
.text    C:\Windows\system32\DRIVERS\atksgt.sys                                                                                                       section is writeable [0x9BFAC300, 0x3ACC8, 0xE8000020]
.text    C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                                       section is writeable [0x9BFEF300, 0x1B7E, 0xE8000020]

---- Processes - GMER 1.0.15 ----

Process   (*** hidden *** )                                                                                                                           -2106530728                                             
Process   (*** hidden *** )                                                                                                                           -2077734056                                             
Process   (*** hidden *** )                                                                                                                           -2077733376                                             
Process   (*** hidden *** )                                                                                                                           -2072375112                                             
Process   (*** hidden *** )                                                                                                                           -2072291256                                             
Process   (*** hidden *** )                                                                                                                           -2071781888                                             
Process   (*** hidden *** )                                                                                                                           -2071733216                                             
Process   (*** hidden *** )                                                                                                                           -2071665216                                             
Process   (*** hidden *** )                                                                                                                           -2071640376                                             
Process   (*** hidden *** )                                                                                                                           -2071437824                                             
Process   (*** hidden *** )                                                                                                                           -2071437128                                             
Process   (*** hidden *** )                                                                                                                           -2071401496                                             
Process   (*** hidden *** )                                                                                                                           -2071397760                                             
Process   (*** hidden *** )                                                                                                                           -2071357992                                             
Process   (*** hidden *** )                                                                                                                           -2071349720                                             
Process   (*** hidden *** )                                                                                                                           -2071342920                                             
Process   (*** hidden *** )                                                                                                                           -2070976920                                             
Process   (*** hidden *** )                                                                                                                           -2070918352                                             
Process   (*** hidden *** )                                                                                                                           -2070877056                                             
Process   (*** hidden *** )                                                                                                                           -2070861352                                             
Process   (*** hidden *** )                                                                                                                           -2070795080                                             
Process   (*** hidden *** )                                                                                                                           -2070741568                                             
Process   (*** hidden *** )                                                                                                                           -2070676664                                             
Process   (*** hidden *** )                                                                                                                           -2070675968                                             
Process   (*** hidden *** )                                                                                                                           -2070584176                                             
Process   (*** hidden *** )                                                                                                                           -2070581064                                             
Process   (*** hidden *** )                                                                                                                           -2070577664                                             
Process   (*** hidden *** )                                                                                                                           -2070575384                                             
Process   (*** hidden *** )                                                                                                                           -2070569472                                             
Process   (*** hidden *** )                                                                                                                           -2070565904                                             
Process   (*** hidden *** )                                                                                                                           -2070513632                                             
Process   (*** hidden *** )                                                                                                                           -2070504776                                             
Process   (*** hidden *** )                                                                                                                           -2070493312                                             
Process   (*** hidden *** )                                                                                                                           -2070284032                                             
Process   (*** hidden *** )                                                                                                                           -2070256480                                             
Process   (*** hidden *** )                                                                                                                           -2070235536                                             
Process   (*** hidden *** )                                                                                                                           -2070233768                                             
Process   (*** hidden *** )                                                                                                                           -2069725696                                             
Process   (*** hidden *** )                                                                                                                           -2069380936                                             
Process   (*** hidden *** )                                                                                                                           -2069332952                                             
Process   (*** hidden *** )                                                                                                                           -2069318440                                             
Process   (*** hidden *** )                                                                                                                           -2069287424                                             
Process   (*** hidden *** )                                                                                                                           -2069260840                                             
Process   (*** hidden *** )                                                                                                                           -2069229384                                             
Process   (*** hidden *** )                                                                                                                           -2069225288                                             
Process   (*** hidden *** )                                                                                                                           -2069222624                                             
Process   (*** hidden *** )                                                                                                                           -2069144760                                             
Process   (*** hidden *** )                                                                                                                           -2069132776                                             
Process   (*** hidden *** )                                                                                                                           -2069114696                                             
Process   (*** hidden *** )                                                                                                                           -2069102408                                             
Process   (*** hidden *** )                                                                                                                           -2069073736                                             
Process   (*** hidden *** )                                                                                                                           -2069071848                                             
Process   (*** hidden *** )                                                                                                                           -2069043296                                             
Process   (*** hidden *** )                                                                                                                           -2069004800                                             
Process   (*** hidden *** )                                                                                                                           -2068979528                                             
Process   (*** hidden *** )                                                                                                                           -2068905344                                             
Process   (*** hidden *** )                                                                                                                           -2068883112                                             
Process   (*** hidden *** )                                                                                                                           -2068882416                                             
Process   (*** hidden *** )                                                                                                                           -2068801448                                             
Process   (*** hidden *** )                                                                                                                           -2068681216                                             
Process   (*** hidden *** )                                                                                                                           -2068583608                                             
Process   (*** hidden *** )                                                                                                                           -2068012872                                             
Process   (*** hidden *** )                                                                                                                           -2068001280                                             
Process   (*** hidden *** )                                                                                                                           -2067988992                                             
Process   (*** hidden *** )                                                                                                                           -2067958280                                             
Process   (*** hidden *** )                                                                                                                           -2067948472                                             
Process   (*** hidden *** )                                                                                                                           -2067920744                                             
Process   (*** hidden *** )                                                                                                                           -2067918664                                             
Process   (*** hidden *** )                                                                                                                           -2065679704                                             
Process   (*** hidden *** )                                                                                                                           -2065623592                                             
Process   (*** hidden *** )                                                                                                                           -2065621824                                             
Process   (*** hidden *** )                                                                                                                           -2065617408                                             
Process   (*** hidden *** )                                                                                                                           -2065547080                                             
Process   (*** hidden *** )                                                                                                                           -2065541808                                             
Process   (*** hidden *** )                                                                                                                           -2048424592                                             
Process   (*** hidden *** )                                                                                                                           -2048401920                                             
Process   (*** hidden *** )                                                                                                                           -2048332288                                             
Process   (*** hidden *** )                                                                                                                           -2048261424                                             
Process   (*** hidden *** )                                                                                                                           -2047207368                                             
Process   (*** hidden *** )                                                                                                                           -2046547112                                             
Process   (*** hidden *** )                                                                                                                           -2046541640                                             
Process   (*** hidden *** )                                                                                                                           -2046530104                                             
Process   (*** hidden *** )                                                                                                                           -2046459720                                             
Process   (*** hidden *** )                                                                                                                           -2041463296                                             
Process   (*** hidden *** )                                                                                                                           -2041387512                                             
Process   (*** hidden *** )                                                                                                                           -2041384792                                             
Process   (*** hidden *** )                                                                                                                           -2041382056                                             
Process   (*** hidden *** )                                                                                                                           -2041312248                                             
Process   (*** hidden *** )                                                                                                                           -2041297128                                             
Process   (*** hidden *** )                                                                                                                           -2041296432                                             
Process   (*** hidden *** )                                                                                                                           -2040979272                                             
Process   (*** hidden *** )                                                                                                                           -2040788096                                             
Process   (*** hidden *** )                                                                                                                           -2039514256                                             
Process   (*** hidden *** )                                                                                                                           -2039488328                                             
Process   (*** hidden *** )                                                                                                                           -2039417568                                             
Process   (*** hidden *** )                                                                                                                           -2039386808                                             
Process   (*** hidden *** )                                                                                                                           -2039344968                                             
Process   (*** hidden *** )                                                                                                                           -2039253144                                             
Process   (*** hidden *** )                                                                                                                           -2039131248                                             
Process   (*** hidden *** )                                                                                                                           -2039116288                                             
Process   (*** hidden *** )                                                                                                                           -2039110312                                             
Process   (*** hidden *** )                                                                                                                           -2039100192                                             
Process   (*** hidden *** )                                                                                                                           -2039097072                                             
Process   (*** hidden *** )                                                                                                                           -2039089920                                             
Process   (*** hidden *** )                                                                                                                           -2038848032                                             
Process   (*** hidden *** )                                                                                                                           -2038828384                                             
Process   (*** hidden *** )                                                                                                                           -2038806736                                             
Process   (*** hidden *** )                                                                                                                           -2038804992                                             
Process   (*** hidden *** )                                                                                                                           -2038797848                                             
Process   (*** hidden *** )                                                                                                                           -2038751744                                             
Process   (*** hidden *** )                                                                                                                           -2038619976                                             
Process   (*** hidden *** )                                                                                                                           -2038617272                                             
Process   (*** hidden *** )                                                                                                                           -2038603472                                             
Process   (*** hidden *** )                                                                                                                           -2038595400                                             
Process   (*** hidden *** )                                                                                                                           -2038592464                                             
Process   (*** hidden *** )                                                                                                                           -2038589400                                             
Process   (*** hidden *** )                                                                                                                           -2038521672                                             
Process   (*** hidden *** )                                                                                                                           -2038514344                                             
Process   (*** hidden *** )                                                                                                                           -2038374912                                             
Process   (*** hidden *** )                                                                                                                           -2038335560                                             
Process   (*** hidden *** )                                                                                                                           -2038330320                                             
Process   (*** hidden *** )                                                                                                                           -2038296392                                             
Process   (*** hidden *** )                                                                                                                           -2038295120                                             
Process   (*** hidden *** )                                                                                                                           -2038219912                                             
Process   (*** hidden *** )                                                                                                                           -2038206280                                             
Process   (*** hidden *** )                                                                                                                           -2038204824                                             
Process   (*** hidden *** )                                                                                                                           -2038203536                                             
Process   (*** hidden *** )                                                                                                                           -2038192112                                             
Process   (*** hidden *** )                                                                                                                           -2038065504                                             
Process   (*** hidden *** )                                                                                                                           -2038025536                                             
Process   (*** hidden *** )                                                                                                                           -2037996600                                             
Process   (*** hidden *** )                                                                                                                           -2037876304                                             
Process   (*** hidden *** )                                                                                                                           -2037854024                                             
Process   (*** hidden *** )                                                                                                                           -2037778752                                             
Process   (*** hidden *** )                                                                                                                           -2037776200                                             
Process   (*** hidden *** )                                                                                                                           -2037620552                                             
Process   (*** hidden *** )                                                                                                                           -2037593184                                             
Process   (*** hidden *** )                                                                                                                           -2037585456                                             
Process   (*** hidden *** )                                                                                                                           -2037566304                                             
Process   (*** hidden *** )                                                                                                                           -2037507048                                             
Process   (*** hidden *** )                                                                                                                           -2037501768                                             
Process   (*** hidden *** )                                                                                                                           -2037446264                                             
Process   (*** hidden *** )                                                                                                                           -2037353496                                             
Process   (*** hidden *** )                                                                                                                           -2037343232                                             
Process   (*** hidden *** )                                                                                                                           -2037203456                                             
Process   (*** hidden *** )                                                                                                                           -2037201696                                             
Process   (*** hidden *** )                                                                                                                           -2037189232                                             
Process   (*** hidden *** )                                                                                                                           -2037157704                                             
Process   (*** hidden *** )                                                                                                                           -2037153168                                             
Process   (*** hidden *** )                                                                                                                           -2037144312                                             
Process   (*** hidden *** )                                                                                                                           -2036996624                                             
Process   (*** hidden *** )                                                                                                                           -2036919696                                             
Process   (*** hidden *** )                                                                                                                           -2036919000                                             
Process   (*** hidden *** )                                                                                                                           -2036889976                                             
Process   (*** hidden *** )                                                                                                                           -2036821832                                             
Process   (*** hidden *** )                                                                                                                           -2036767432                                             
Process   (*** hidden *** )                                                                                                                           -2036684336                                             
Process   (*** hidden *** )                                                                                                                           -2036678472                                             
Process   (*** hidden *** )                                                                                                                           -2036523520                                             
Process   (*** hidden *** )                                                                                                                           -2036518728                                             
Process   (*** hidden *** )                                                                                                                           -2036507520                                             
Process   (*** hidden *** )                                                                                                                           -2036504720                                             
Process   (*** hidden *** )                                                                                                                           -2036465480                                             
Process   (*** hidden *** )                                                                                                                           -2036451784                                             
Process   (*** hidden *** )                                                                                                                           -2036447256                                             
Process   (*** hidden *** )                                                                                                                           -2036440904                                             
Process   (*** hidden *** )                                                                                                                           -2036382232                                             
Process   (*** hidden *** )                                                                                                                           -2036380400                                             
Process   (*** hidden *** )                                                                                                                           -2036277064                                             
Process   (*** hidden *** )                                                                                                                           -2036263152                                             
Process   (*** hidden *** )                                                                                                                           -2036006080                                             
Process   (*** hidden *** )                                                                                                                           -2036001016                                             
Process   (*** hidden *** )                                                                                                                           -2035965768                                             
Process   (*** hidden *** )                                                                                                                           -2035841512                                             
Process   (*** hidden *** )                                                                                                                           -2035624080                                             
Process   (*** hidden *** )                                                                                                                           -2035553568                                             
Process   (*** hidden *** )                                                                                                                           -2035307008                                             
Process   (*** hidden *** )                                                                                                                           -2035214080                                             
Process   (*** hidden *** )                                                                                                                           -2035175240                                             
Process   (*** hidden *** )                                                                                                                           -2035093320                                             
Process   (*** hidden *** )                                                                                                                           -2035022872                                             
Process   (*** hidden *** )                                                                                                                           -2035001088                                             
Process   (*** hidden *** )                                                                                                                           -2034936768                                             
Process   (*** hidden *** )                                                                                                                           -2034917192                                             
Process   (*** hidden *** )                                                                                                                           -2034721440                                             
Process   (*** hidden *** )                                                                                                                           -2034594752                                             
Process   (*** hidden *** )                                                                                                                           -2034462536                                             
Process   (*** hidden *** )                                                                                                                           -2034461224                                             
Process   (*** hidden *** )                                                                                                                           -2034459832                                             
Process   (*** hidden *** )                                                                                                                           -2034452336                                             
Process   (*** hidden *** )                                                                                                                           -2034241352                                             
Process   (*** hidden *** )                                                                                                                           -2034237952                                             
Process   (*** hidden *** )                                                                                                                           -2034195080                                             
Process   (*** hidden *** )                                                                                                                           -2034188104                                             
Process   (*** hidden *** )                                                                                                                           -2034168472                                             
Process   (*** hidden *** )                                                                                                                           -2034143048                                             
Process   (*** hidden *** )                                                                                                                           -2034139648                                             
Process   (*** hidden *** )                                                                                                                           -2034119168                                             
Process   (*** hidden *** )                                                                                                                           -2034003784                                             
Process   (*** hidden *** )                                                                                                                           -2033935400                                             
Process   (*** hidden *** )                                                                                                                           -2033900792                                             
Process   (*** hidden *** )                                                                                                                           -2033880904                                             
Process   (*** hidden *** )                                                                                                                           -2033569608                                             
Process   (*** hidden *** )                                                                                                                           -2033556752                                             
Process   (*** hidden *** )                                                                                                                           -2033480360                                             
Process   (*** hidden *** )                                                                                                                           -2031390536                                             

---- Registry - GMER 1.0.15 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application@Sources                                                                          MSDMine?DfSdk
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                             
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                          C:\Programme\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                          0xD4 0xC3 0x97 0x02 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                          0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                       0x98 0x0C 0xA8 0xB9 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                    
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                 0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                              0x1B 0xBE 0xBC 0x03 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                               
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                         0xB9 0xF1 0xC6 0xA2 ...
Reg      HKLM\SYSTEM\ControlSet004\Services\Eventlog\Application@Sources                                                                              MSDMine?DfSdk
Reg      HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                         
Reg      HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                              C:\Programme\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                              0xD4 0xC3 0x97 0x02 ...
Reg      HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                              0
Reg      HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                           0x98 0x0C 0xA8 0xB9 ...
Reg      HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                
Reg      HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                     0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                  0x1B 0xBE 0xBC 0x03 ...
Reg      HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                           
Reg      HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                             0xB9 0xF1 0xC6 0xA2 ...
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@                              Folder Redirection
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@ProcessGroupPolicyEx          ProcessGroupPolicyEx
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@DllName                       fdeploy.dll
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoMachinePolicy               1
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoSlowLink                    1
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@PerUserLocalSettings          1
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoGPOListChanges              0
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoBackgroundPolicy            0
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@GenerateGroupPolicy           GenerateGroupPolicy
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@EventSources                  (Folder Redirection,Application)?
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@DisplayName                   @fdeploy.dll,-261
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@                              Microsoft Disk Quota
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@DisplayName                   @%SystemRoot%\System32\dskquota.dll,-100
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoMachinePolicy               0
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoUserPolicy                  1
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoSlowLink                    1
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoBackgroundPolicy            1
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoGPOListChanges              1
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@PerUserLocalSettings          0
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@RequiresSuccessfulRegistry    1
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@EnableAsynchronousProcessing  0
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@DllName                       %SystemRoot%\System32\dskquota.dll
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ProcessGroupPolicy            ProcessGroupPolicy
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@                              QoS Packet Scheduler
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@DisplayName                   @gptext.dll,-201
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@ProcessGroupPolicy            ProcessPSCHEDPolicy
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@DllName                       gptext.dll
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@NoUserPolicy                  1
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@NoGPOListChanges              1
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}@                              Windows Search Group Policy Extension
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}@DllName                       %SystemRoot%\System32\srchadmin.dll
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}@EnableAsynchronousProcessing  1
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}@NoBackgroundPolicy            0
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}@NoGPOListChanges              1
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}@NoMachinePolicy               0
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}@NoSlowLink                    0
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}@NoUserPolicy                  0
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}@PerUserLocalSettings          0
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}@ProcessGroupPolicy            ProcessGroupPolicy
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}@RequiresSuccessfulRegistry    1
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@                              IP Security
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@ProcessGroupPolicyEx          ProcessIPSECPolicyEx
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@GenerateGroupPolicy           GenerateIPSECPolicy
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@DllName                       %SystemRoot%\System32\polstore.dll
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@NoUserPolicy                  1
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@NoGPOListChanges              0
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@DisplayName                   @C:\Windows\system32\polstore.dll,-5012
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C}@                              Enterprise QoS
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C}@DisplayName                   @gptext.dll,-203
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C}@ProcessGroupPolicy            ProcessEQoSPolicy
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C}@DllName                       gptext.dll
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C}@RequiresSuccessfulRegistry    1
Reg      HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                                            
Reg      HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                                             Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                                           C:\Windows\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b                           0xC8 0x28 0x51 0xAF ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                                            
Reg      HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                                             Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                                           C:\Windows\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b                           0x6A 0x9C 0xD6 0x61 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                                            
Reg      HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                                             Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                                           C:\Windows\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016                           0x7A 0x45 0x05 0xFD ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                                            
Reg      HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                                             Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                                           C:\Windows\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48                           0x3E 0x1E 0x9E 0xE0 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                                            
Reg      HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                                             Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                                           C:\Windows\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472                           0xF5 0x1D 0x4D 0x73 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                                            
Reg      HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                                             Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                                           C:\Windows\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d                           0xDF 0x20 0x58 0x62 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                                            
Reg      HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                                             Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                                           C:\Windows\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b                           0x31 0x77 0xE1 0xBA ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                                            
Reg      HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                                             Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                                           C:\Windows\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d                           0x83 0x6C 0x56 0x8B ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                                            
Reg      HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                                             Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                                           C:\Windows\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3                           0x51 0xFA 0x6E 0x91 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                                            
Reg      HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                                             Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                                           C:\Windows\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b                           0x3D 0xCE 0xEA 0x26 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                                            
Reg      HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                                             Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                                           C:\Windows\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6                           0x2A 0xB7 0xCC 0xB5 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                                            
Reg      HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                                             Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                                           C:\Windows\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2                           0xFA 0xEA 0x66 0x7F ...

---- Files - GMER 1.0.15 ----

File     C:\Users\HOME\AppData\Local\Temp\~DFF41F.tmp                                                                                                 16384 bytes
File     C:\Users\HOME\AppData\Local\Temp\~DFF426.tmp                                                                                                 512 bytes

16.02.2012, 20:32

Swisstreasure

Moderator

Beiträge: 5694

#4 Herzlich Willkommen auf dem Protecus Forum

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
• Bitte arbeite alle Schritte der Reihe nach ab.
• Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
• Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
• Bitte kein Crossposting (posten in mehreren Foren).
• Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
• Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
• Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop
• Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
• Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
• ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
• Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.

16.02.2012, 21:46

Sperle

...neu hier

Themenstarter

Beiträge: 7

Code

ComboFix 12-02-16.02 - HOME 16.02.2012  21:39:22.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.2046.1142 [GMT 1:00]
ausgeführt von:: c:\users\HOME\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\system32\spsys.log
c:\windows\system32\system32
c:\windows\system32\system32\3DAudio.ax
c:\windows\system32\system32\avrt.dll
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\mfplat.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-16 bis 2012-02-16  ))))))))))))))))))))))))))))))
.
.
2012-02-15 15:01 . 2012-02-15 15:01    --------    d-----w-    c:\program files\ESET
2012-02-15 12:47 . 2012-02-15 12:47    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-14 23:55 . 2012-02-14 23:56    --------    d-----w-    c:\users\Admin
2012-02-14 22:18 . 2012-02-15 09:20    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2012-02-14 09:12 . 2012-01-06 04:19    6557240    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD3693FC-4D51-4F03-97AB-47AE56508F05}\mpengine.dll
2012-02-13 22:42 . 2012-02-13 22:42    --------    d-----w-    c:\program files\Hotspot Shield
2012-02-13 22:38 . 2012-02-13 22:38    --------    d-----w-    c:\users\HOME\AppData\Roaming\tor
2012-02-13 22:25 . 2012-02-14 10:16    --------    d-----w-    c:\users\HOME\AppData\Roaming\DVDVideoSoft
2012-02-13 11:08 . 2012-02-13 11:08    231936    ----a-w-    c:\windows\system32\msshsq.dll
2012-02-12 14:06 . 2012-02-12 14:06    --------    d-----w-    c:\users\HOME\AppData\Roaming\SUPERAntiSpyware.com
2012-02-12 14:06 . 2012-02-12 14:06    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2012-02-09 01:43 . 2012-02-09 01:43    --------    d-----w-    c:\program files\Dropbox
2012-02-03 09:41 . 2012-02-16 14:16    --------    d-----w-    c:\users\HOME\AppData\Roaming\Dropbox
2012-02-01 22:35 . 2011-12-30 16:02    21848    ----a-w-    c:\windows\system32\RegistryDefragBootTime.exe
2012-01-31 22:35 . 2012-01-31 22:35    --------    d-----w-    C:\Temp
2012-01-31 22:27 . 2012-02-14 08:56    --------    d-----w-    c:\users\HOME\AppData\Local\Samsung
2012-01-31 22:23 . 2011-12-23 19:58    4659712    ----a-w-    c:\windows\system32\Redemption.dll
2012-01-31 22:23 . 2011-12-23 19:58    821824    ----a-w-    c:\windows\system32\dgderapi.dll
2012-01-31 22:23 . 2011-12-23 19:58    319456    ----a-w-    c:\windows\system32\DIFxAPI.dll
2012-01-31 22:23 . 2011-12-23 19:58    20032    ----a-w-    c:\windows\system32\drivers\dgderdrv.sys
2012-01-22 13:04 . 2012-01-22 13:04    --------    d-----w-    c:\program files\iPod
2012-01-22 12:59 . 2012-01-22 12:59    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-01-22 12:59 . 2012-01-22 12:59    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-01-22 12:59 . 2012-01-22 12:59    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-01-22 12:59 . 2012-01-22 12:59    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-01-22 12:59 . 2012-01-22 12:59    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-01-22 12:59 . 2012-01-22 12:59    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-01-22 12:59 . 2012-01-22 12:59    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-01-22 12:58 . 2012-01-22 12:59    --------    d-----w-    c:\program files\QuickTime
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:21 . 2011-06-07 22:32    237072    ------w-    c:\windows\system32\MpSigStub.exe
2012-01-22 12:12 . 2011-05-19 07:39    414368    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-04 14:28 . 2012-01-04 14:28    16128    ----a-w-    c:\windows\system32\drivers\gtkdrv.sys
2011-12-28 23:57 . 2011-12-28 23:57    37376    ----a-w-    c:\windows\system32\drivers\hssdrv.sys
2011-12-23 19:58 . 2011-12-23 19:58    90112    ----a-w-    c:\windows\MAMCityDownload.ocx
2011-12-23 19:58 . 2011-12-23 19:58    325552    ----a-w-    c:\windows\MASetupCaller.dll
2011-12-23 19:58 . 2011-12-23 19:58    30568    ----a-w-    c:\windows\MusiccityDownload.exe
2011-12-23 19:58 . 2011-12-23 19:58    974848    ----a-w-    c:\windows\system32\cis-2.4.dll
2011-12-23 19:58 . 2011-12-23 19:58    81920    ----a-w-    c:\windows\system32\issacapi_bs-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58    65536    ----a-w-    c:\windows\system32\issacapi_pe-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58    57344    ----a-w-    c:\windows\system32\MTXSYNCICON.dll
2011-12-23 19:58 . 2011-12-23 19:58    57344    ----a-w-    c:\windows\system32\MK_Lyric.dll
2011-12-23 19:58 . 2011-12-23 19:58    57344    ----a-w-    c:\windows\system32\issacapi_se-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58    569344    ----a-w-    c:\windows\system32\muzdecode.ax
2011-12-23 19:58 . 2011-12-23 19:58    491520    ----a-w-    c:\windows\system32\muzapp.dll
2011-12-23 19:58 . 2011-12-23 19:58    49152    ----a-w-    c:\windows\system32\MaJGUILib.dll
2011-12-23 19:58 . 2011-12-23 19:58    45056    ----a-w-    c:\windows\system32\MaXMLProto.dll
2011-12-23 19:58 . 2011-12-23 19:58    45056    ----a-w-    c:\windows\system32\MACXMLProto.dll
2011-12-23 19:58 . 2011-12-23 19:58    40960    ----a-w-    c:\windows\system32\MTTELECHIP.dll
2011-12-23 19:58 . 2011-12-23 19:58    40960    ----a-w-    c:\windows\system32\MAMACExtract.dll
2011-12-23 19:58 . 2011-12-23 19:58    352256    ----a-w-    c:\windows\system32\MSLUR71.dll
2011-12-23 19:58 . 2011-12-23 19:58    258048    ----a-w-    c:\windows\system32\muzoggsp.ax
2011-12-23 19:58 . 2011-12-23 19:58    245760    ----a-w-    c:\windows\system32\MSCLib.dll
2011-12-23 19:58 . 2011-12-23 19:58    24576    ----a-w-    c:\windows\system32\MASetupCleaner.exe
2011-12-23 19:58 . 2011-12-23 19:58    200704    ----a-w-    c:\windows\system32\muzwmts.dll
2011-12-23 19:58 . 2011-12-23 19:58    172032    ----a-w-    c:\windows\system32\muzapp.exe
2011-12-23 19:58 . 2011-12-23 19:58    155648    ----a-w-    c:\windows\system32\MSFLib.dll
2011-12-23 19:58 . 2011-12-23 19:58    143360    ----a-w-    c:\windows\system32\3DAudio.ax
2011-12-23 19:58 . 2011-12-23 19:58    135168    ----a-w-    c:\windows\system32\muzaf1.dll
2011-12-23 19:58 . 2011-12-23 19:58    131072    ----a-w-    c:\windows\system32\muzmpgsp.ax
2011-12-23 19:58 . 2011-12-23 19:58    122880    ----a-w-    c:\windows\system32\muzeffect.ax
2011-12-23 19:58 . 2011-12-23 19:58    118784    ----a-w-    c:\windows\system32\MaDRM.dll
2011-12-23 19:58 . 2011-12-23 19:58    110592    ----a-w-    c:\windows\system32\muzmp4sp.ax
2011-12-10 14:24 . 2011-06-08 08:26    20464    ----a-w-    c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49    94208    ----a-w-    c:\users\HOME\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49    94208    ----a-w-    c:\users\HOME\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49    94208    ----a-w-    c:\users\HOME\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="b:\programme\SuperAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 4617600]
"ffdwnd"="c:\users\HOME\AppData\Local\Mozilla\Firefox\firefox.exe" [2008-10-29 60928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
.
c:\users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\HOME\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-8 26502952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "b:\programme\SuperAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54    551296    ----a-w-    b:\programme\SuperAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
S2 !SASCORE;SAS Core Service;b:\programme\SuperAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;b:\programme\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-29 497496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-16 c:\windows\Tasks\User_Feed_Synchronization-{E55A29B6-8FBF-4949-84D5-1522A89526D7}.job
- c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = hxxp://www.onista.de
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 194.170.28.111:80
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\HOME\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\HOME\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: dab-bank.de\www
Trusted Zone: dshs-koeln.de\www
Trusted Zone: tecis.com\www
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\HOME\AppData\Roaming\Mozilla\Firefox\Profiles\jwys5alp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comunio.de/team_news.phtml|http://www.onvista.de/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4da78dd8&i=23&tp=ab&nt=1&q=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autoFill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Half-Life - c:\windows\IsUn0407.exe
AddRemove-01_Simmental - b:\programme\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - b:\programme\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - b:\programme\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - b:\programme\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - b:\programme\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - b:\programme\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - b:\programme\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - b:\programme\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - b:\programme\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - b:\programme\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - b:\programme\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - b:\programme\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - b:\programme\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - b:\programme\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - b:\programme\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - b:\programme\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - b:\programme\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - b:\programme\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - b:\programme\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-16 21:44
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-02-16  21:46:13
ComboFix-quarantined-files.txt  2012-02-16 20:46
.
Vor Suchlauf: 9 Verzeichnis(se), 34.112.245.760 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 34.094.141.440 Bytes frei
.
- - End Of File - - C08BBD784C0A209043C6FAC1B6E228DF

16.02.2012, 22:33

Swisstreasure

Moderator

Beiträge: 5694

#6 Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com -
ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code


File:: 
c:\users\HOME\AppData\Local\Mozilla\Firefox\firefox.exe

Registry:: 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ffdwnd"=-

Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
• Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!
• Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
Dies kann dazu führen, dass ComboFix sich aufhängt.
• Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
• Mache nichts am PC solange ComboFix läuft.

• In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
• Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt.
Bitte füge es hier als Antwort ein.

Wie läuft das System?

16.02.2012, 23:35

Sperle

...neu hier

Themenstarter

Beiträge: 7

#7 Was es alles gibt. Zieht man eine Textdatei in eine Exe und schon geht's los. Man lernt nie aus. :-)

Arbeite hier parallel mit meinem Notebook, weil sich das Problem immer ergibt, wenn ich mit meinem Festrechner und Internetanschluss starte. Werde nachdem ich jetzt gleich die Log gepostet habe mit Internet neustarten und schauen.

Wo hat das Ding denn jetzt gesteckt, bzw. was haben "wir" hier gerade gemacht? Wie siehst du, wo das Problem war? Würde mich mal interessieren. Vielen Dank schonmal.

Hier die Log:

Code

ComboFix 12-02-16.02 - HOME 16.02.2012  23:26:53.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.2046.1076 [GMT 1:00]
ausgeführt von:: F:\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\HOME\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\HOME\AppData\Local\Mozilla\Firefox\firefox.exe"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\HOME\AppData\Local\Mozilla\Firefox\firefox.exe
c:\windows\system32\GroupPolicy\Machine\Registry.pol
c:\windows\system32\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-16 bis 2012-02-16  ))))))))))))))))))))))))))))))
.
.
2012-02-16 22:31 . 2012-02-16 22:32    --------    d-----w-    c:\users\HOME\AppData\Local\temp
2012-02-16 22:31 . 2012-02-16 22:31    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2012-02-16 22:31 . 2012-02-16 22:31    --------    d-----w-    c:\users\Gast\AppData\Local\temp
2012-02-16 22:31 . 2012-02-16 22:31    --------    d-----w-    c:\users\Default\AppData\Local\temp
2012-02-15 15:01 . 2012-02-15 15:01    --------    d-----w-    c:\program files\ESET
2012-02-15 12:47 . 2012-02-15 12:47    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-14 23:55 . 2012-02-14 23:56    --------    d-----w-    c:\users\Admin
2012-02-14 22:18 . 2012-02-15 09:20    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2012-02-14 09:12 . 2012-01-06 04:19    6557240    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD3693FC-4D51-4F03-97AB-47AE56508F05}\mpengine.dll
2012-02-13 22:42 . 2012-02-13 22:42    --------    d-----w-    c:\program files\Hotspot Shield
2012-02-13 22:38 . 2012-02-13 22:38    --------    d-----w-    c:\users\HOME\AppData\Roaming\tor
2012-02-13 22:25 . 2012-02-14 10:16    --------    d-----w-    c:\users\HOME\AppData\Roaming\DVDVideoSoft
2012-02-13 11:08 . 2012-02-13 11:08    231936    ----a-w-    c:\windows\system32\msshsq.dll
2012-02-12 14:06 . 2012-02-12 14:06    --------    d-----w-    c:\users\HOME\AppData\Roaming\SUPERAntiSpyware.com
2012-02-12 14:06 . 2012-02-12 14:06    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2012-02-09 01:43 . 2012-02-09 01:43    --------    d-----w-    c:\program files\Dropbox
2012-02-03 09:41 . 2012-02-16 14:16    --------    d-----w-    c:\users\HOME\AppData\Roaming\Dropbox
2012-02-01 22:35 . 2011-12-30 16:02    21848    ----a-w-    c:\windows\system32\RegistryDefragBootTime.exe
2012-01-31 22:35 . 2012-01-31 22:35    --------    d-----w-    C:\Temp
2012-01-31 22:27 . 2012-02-14 08:56    --------    d-----w-    c:\users\HOME\AppData\Local\Samsung
2012-01-31 22:23 . 2011-12-23 19:58    4659712    ----a-w-    c:\windows\system32\Redemption.dll
2012-01-31 22:23 . 2011-12-23 19:58    821824    ----a-w-    c:\windows\system32\dgderapi.dll
2012-01-31 22:23 . 2011-12-23 19:58    319456    ----a-w-    c:\windows\system32\DIFxAPI.dll
2012-01-31 22:23 . 2011-12-23 19:58    20032    ----a-w-    c:\windows\system32\drivers\dgderdrv.sys
2012-01-22 13:04 . 2012-01-22 13:04    --------    d-----w-    c:\program files\iPod
2012-01-22 12:59 . 2012-01-22 12:59    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-01-22 12:59 . 2012-01-22 12:59    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-01-22 12:59 . 2012-01-22 12:59    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-01-22 12:59 . 2012-01-22 12:59    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-01-22 12:59 . 2012-01-22 12:59    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-01-22 12:59 . 2012-01-22 12:59    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-01-22 12:59 . 2012-01-22 12:59    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-01-22 12:58 . 2012-01-22 12:59    --------    d-----w-    c:\program files\QuickTime
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:21 . 2011-06-07 22:32    237072    ------w-    c:\windows\system32\MpSigStub.exe
2012-01-22 12:12 . 2011-05-19 07:39    414368    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-04 14:28 . 2012-01-04 14:28    16128    ----a-w-    c:\windows\system32\drivers\gtkdrv.sys
2011-12-28 23:57 . 2011-12-28 23:57    37376    ----a-w-    c:\windows\system32\drivers\hssdrv.sys
2011-12-23 19:58 . 2011-12-23 19:58    90112    ----a-w-    c:\windows\MAMCityDownload.ocx
2011-12-23 19:58 . 2011-12-23 19:58    325552    ----a-w-    c:\windows\MASetupCaller.dll
2011-12-23 19:58 . 2011-12-23 19:58    30568    ----a-w-    c:\windows\MusiccityDownload.exe
2011-12-23 19:58 . 2011-12-23 19:58    974848    ----a-w-    c:\windows\system32\cis-2.4.dll
2011-12-23 19:58 . 2011-12-23 19:58    81920    ----a-w-    c:\windows\system32\issacapi_bs-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58    65536    ----a-w-    c:\windows\system32\issacapi_pe-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58    57344    ----a-w-    c:\windows\system32\MTXSYNCICON.dll
2011-12-23 19:58 . 2011-12-23 19:58    57344    ----a-w-    c:\windows\system32\MK_Lyric.dll
2011-12-23 19:58 . 2011-12-23 19:58    57344    ----a-w-    c:\windows\system32\issacapi_se-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58    569344    ----a-w-    c:\windows\system32\muzdecode.ax
2011-12-23 19:58 . 2011-12-23 19:58    491520    ----a-w-    c:\windows\system32\muzapp.dll
2011-12-23 19:58 . 2011-12-23 19:58    49152    ----a-w-    c:\windows\system32\MaJGUILib.dll
2011-12-23 19:58 . 2011-12-23 19:58    45056    ----a-w-    c:\windows\system32\MaXMLProto.dll
2011-12-23 19:58 . 2011-12-23 19:58    45056    ----a-w-    c:\windows\system32\MACXMLProto.dll
2011-12-23 19:58 . 2011-12-23 19:58    40960    ----a-w-    c:\windows\system32\MTTELECHIP.dll
2011-12-23 19:58 . 2011-12-23 19:58    40960    ----a-w-    c:\windows\system32\MAMACExtract.dll
2011-12-23 19:58 . 2011-12-23 19:58    352256    ----a-w-    c:\windows\system32\MSLUR71.dll
2011-12-23 19:58 . 2011-12-23 19:58    258048    ----a-w-    c:\windows\system32\muzoggsp.ax
2011-12-23 19:58 . 2011-12-23 19:58    245760    ----a-w-    c:\windows\system32\MSCLib.dll
2011-12-23 19:58 . 2011-12-23 19:58    24576    ----a-w-    c:\windows\system32\MASetupCleaner.exe
2011-12-23 19:58 . 2011-12-23 19:58    200704    ----a-w-    c:\windows\system32\muzwmts.dll
2011-12-23 19:58 . 2011-12-23 19:58    155648    ----a-w-    c:\windows\system32\MSFLib.dll
2011-12-23 19:58 . 2011-12-23 19:58    143360    ----a-w-    c:\windows\system32\3DAudio.ax
2011-12-23 19:58 . 2011-12-23 19:58    135168    ----a-w-    c:\windows\system32\muzaf1.dll
2011-12-23 19:58 . 2011-12-23 19:58    131072    ----a-w-    c:\windows\system32\muzmpgsp.ax
2011-12-23 19:58 . 2011-12-23 19:58    122880    ----a-w-    c:\windows\system32\muzeffect.ax
2011-12-23 19:58 . 2011-12-23 19:58    118784    ----a-w-    c:\windows\system32\MaDRM.dll
2011-12-23 19:58 . 2011-12-23 19:58    110592    ----a-w-    c:\windows\system32\muzmp4sp.ax
2011-12-10 14:24 . 2011-06-08 08:26    20464    ----a-w-    c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49    94208    ----a-w-    c:\users\HOME\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49    94208    ----a-w-    c:\users\HOME\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49    94208    ----a-w-    c:\users\HOME\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="b:\programme\SuperAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
.
c:\users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\HOME\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-8 26502952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "b:\programme\SuperAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54    551296    ----a-w-    b:\programme\SuperAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
S2 !SASCORE;SAS Core Service;b:\programme\SuperAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;b:\programme\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-29 497496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-16 c:\windows\Tasks\User_Feed_Synchronization-{E55A29B6-8FBF-4949-84D5-1522A89526D7}.job
- c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = hxxp://www.onista.de
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 194.170.28.111:80
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\HOME\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\HOME\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: dab-bank.de\www
Trusted Zone: dshs-koeln.de\www
Trusted Zone: tecis.com\www
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\HOME\AppData\Roaming\Mozilla\Firefox\Profiles\jwys5alp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comunio.de/team_news.phtml|http://www.onvista.de/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4da78dd8&i=23&tp=ab&nt=1&q=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autoFill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-16 23:32
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-02-16  23:36:25
ComboFix-quarantined-files.txt  2012-02-16 22:36
ComboFix2.txt  2012-02-16 20:46
.
Vor Suchlauf: 13 Verzeichnis(se), 34.131.030.016 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 34.094.358.528 Bytes frei
.
- - End Of File - - 4110A17F010CE4024BB253FA3DDE5091

16.02.2012, 23:43

Sperle

...neu hier

Themenstarter

Beiträge: 7

#8 Also nach dem ersten Start gibt es keine Probleme. Bisher hat sich meine "Sperre" nicht wieder blicken lassen. Soweit war ich schonmal. Wobei ich deine Arbeit deutlich mehr Vertrauen habe als in meine Versuche. Und wenn wir schon dabei sind aufzuräumen - Was heißt das?! Das ist noch immer über. Muss ich jetzt noch was machen oder wars das?

Unsigned file
Service: FsUsbExDisk
Suspicious object, medium risk
Service type: Kernel driver (0x1)
Service start: Demand (0x3)
File: C:\Windows\system32\FsUsbExDisk.SYS
MD5: cbe5f69a5e5b918225f420a748f3742

und

Unsigned file
Service: StarOpen
Suspicious object, medium risk
Service type: File system driver (0x2)
Service start: System (0x1)
File: C:\Windows\system32\drivers\StarOpen.sys
MD5: 306521935042fc0a6988d528643619b3

Dieser Beitrag wurde am 16.02.2012 um 23:52 Uhr von Sperle editiert.

17.02.2012, 16:03

Swisstreasure

Moderator

Beiträge: 5694

#9 Die Dateien sind sauber:

File: C:\Windows\system32\FsUsbExDisk.SYS
http://www.systemlookup.com/Drivers/3698-FsUsbExDisk_Sys.html

File: C:\Windows\system32\drivers\StarOpen.sys
http://www.systemlookup.com/Drivers/599-StarOpen_sys.html

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
• Dein Anti-Virus-Programm während des Scans deaktivieren.

Button

(<< klick) drücken.

• Firefox-User:
Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
• IE-User:
müssen das Installieren eines ActiveX Elements erlauben.
• Setze den einen Hacken bei Yes, i accept the Terms of Use.
• Drücke den

Button.
• Warte bis die Komponenten herunter geladen wurden.
• Setze einen Haken bei "Scan archives".
• Gehe sicher das bei Remove Found Threads kein Hacken gesetzt ist.
•

drücken.
• Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde
• Klicke Finish.
• Browser schließen.Drücke bitte die

+ R Taste und kopiere folgenden Text in das Ausführen Fenster.

Code

"%ProgramFiles%\Eset\Eset Online Scanner\log.txt"

Poste nun den Inhalt der log.txt.

17.02.2012, 21:09

Sperle

...neu hier

Themenstarter

Beiträge: 7

#10 B:\Program Files\GridinSoft Trojan Killer\trojankiller.exe a variant of Win32/1AntiVirus application
C:\Qoobox\Quarantine\C\Users\HOME\AppData\Local\Mozilla\Firefox\firefox.exe.vir Win32/LockScreen.AIG trojan
C:\Users\HOME\AppData\Roaming\Microsoft\Windows\Templates\GameBoosterSetup.exe a variant of Win32/Toolbar.Widgi application
C:\Users\HOME\Downloads\Programme\asc-setup.exe a variant of Win32/Toolbar.Widgi application
C:\Users\HOME\Downloads\Programme\defragsetup.exe a variant of Win32/Toolbar.Widgi application
C:\Users\HOME\Downloads\Programme\InternationalPrimoPDF.exe Win32/OpenCandy application

Das dürften die Reste sein, oder?

18.02.2012, 02:39

Swisstreasure

Moderator

Beiträge: 5694

#11 Diese ist in Quarantäne von Combofix

Noch andere Probleme?

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1