Windows Sicherheitscenter lässt sich nicht starten / GVU-Trojaner (unter anderem (?) )
Hallo,
ich bitte um Hilfe, da ich mir Schadsoftware eingefangen habe. Kein AV war installiert gewesen. Danke im Voraus. Werde ans Forum spenden, und werde am Thread dranbleiben und nicht mittendrin abhauen, wie manche hier. :-)
Ich habe in Eigenregie bereits herumgebastelt (evtl. ein Fehler. Sorry).
Es existieren Macrium Images von 3 Tage vor und 3 Tage nach dem GVU-Trojaner-Befall. Ggf. war der PC aber auch schon davor kompromittiert durch anderes.
System: Win 7 Prof 32bit OEM.
1. Mit Kaspersky Rescue CD PC entsperrt, d.h. u.A. die unter hxxp://forum.tuts4you.com/topic/31087-reversing-malware-questions/ genannten Modifikationen rückgängig gemacht:
- runctf.lnk gelöscht
- Registrierungsschlüssel korrigiert bzgl. der modifizierten IE Sicherheitszonen.
bzw die internet sicherheits optionen (erweitert + zonen) alle auf maximal sicher gestellt (nutze nun eh neueste opera version, bitte alte browser ignorieren).
- o.g. reversing thread deckt aber offensichtlich nicht alle probleme ab (sicherheitscenter)
- hinweis zur symptomatik: der gvu-screen mit webcam (deren hardwaretreiber bei mir deaktiviert war, wobei es wohl aber eh nur der Einschüchterung dient)
2. Mit Kaspersky Internet Security 2013 gescannt (mittlere heuristikstufe, alle dateien und partitionen)
HEUR:Trojan.Win32.Generic
HEUR:Exploit.Java.CVE-2012-1723.gen
Exploit.Java.CVE-2012-1723.hz
Trojan-Downloader.JS.DarDuk.lb
Exploit.Win32.CVE-2011-3402.b
HEUR:Trojan.Win32.Generic <- fehlalarm, war legitimes programm
Trojan.Win32.Agent.hwml
Trojan-Ransom.Win32.Foreign.atza
Trojan-PSW.Win32.Tepfer.hhvu (ich weiß, daten/passwort-diebstahl; weiß nicht, ob das separat ist oder ein teil des gvu-trojaners)
Die entsprechenden Dateien existieren alle in der Quarantäne und ich kann sie euch ggf. zusenden. Ich kann auch die ggf. exakteren bezeichnungen bei virustotal rausfinden.
E-Mail- und Finanz-Passwörter habe ich geändert und ich verwende zur eingabe von Passwörtern derzeit die Maus-On-Screen-Eingabetastatur von Kaspersky.
**HAUPTPROBLEM**: das Sicherheitscenter lässt sich nicht aktivieren. Ich habe herumgesucht aber keine klare lösung gefunden für diesen Fall. Ich möchte das System trotz des Restrisikos nach einer Bereinigung weiterverwenden und bitte um Hilfe bei der Reaktivierung der (vermutlich via Registry?) zerschossenen Dienste (?).
Der Dienst steht auf "automatisch", ist aber nicht gestartet.
-> Wenn man Start klickt: "Der Dienst "sicherheitscenter" auf lokaler computer konnte nicht gestartet werden. fehler 1068: der Abhängigkeitsdienst oder die abhängigkeitsgruppe konnte nicht gestartet werden. bei "abhängigkeiten" erscheinen aber keine einträge..!
auch z.B. bei "verwaltungsinstrumentation" (vermutlich ist das die hauptursache?):
(...konnte nicht gestartet werden...) fehler 126: das angegebene modul wurde nicht gefunden.
ich habe über den cmd eine integritätsprüfung der windowsinstallation durchgeführt (erinnere mich nicht mehr an den befehl). dieser schloss erfolgreich ab. ich weiß nicht, ob das hier weiterhilft:
- hxxp://support.microsoft.com/kb/2519899/de
- hxxp://www.techsupportforum.com/forums/f217/solved-cant-start-security-center-error-1068-a-681588.html
- Oder ob das gvu-trojaner-entfern-tool von bitlocker das problem behebt. kaspersky BEMERKT ja noch nicht mal, dass das sicherheitscenter deaktiviert ist, geschweige denn wird es repariert.
generell scheinen die konfiguration der services auf dem system überprüft werden zu müssen.
komischerweise erscheint die windows firewall als gestartet. und das, obwohl ja das sicherheitscenter nicht funktioniert. vielleicht führt das fehlende sicherheitscenter dazu, dass nicht erkannt wird, dass auch die kasperspy firewall läuft.
tdsskiller.exe, aswMBR.exe, und malwarebytes habe ich auch schon drüberlaufen lassen und es wurde jetzt nichts mehr gefunden.
ausführliche logs muss ich erst noch sichten vorm posten. bitte auffordern, was gewünscht.
ich habe auch mal das wmi diagnosis utility installiert, kann aber nix anfangen (weil vbs):
hxxp://www.tomshardware.co.uk/forum/252102-44-security-center-service-working
----------------------------
1. defogger
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:41 on 28/03/2013 (<username>)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
2. oldtimer: http://www.trojaner-board.de/85104-o...-oldtimer.html
da ein fehler in eurer anleitung ist ( http://www.trojaner-board.de/69886-a...-beachten.html), und extras.txt nicht erstellt wird, habe ich noch einen durchlauf nicht mit quick scan, sondern mit scan gemacht:
- scan (nicht quick)
- benutze safelist (6x)
- minimal-ausgabe
- alle benutzer
- 30 tage
- nein: herstellerwhitelist, nein: überspringe microsoft, ja: use nocompany whitelist
- LOP ja, purity ja.
((ärgerlich: abbrechen lässt sich ein (fehlkonfigurierter) otl-scan nur durch killen des otl prozesses. und: ausgegebene otl.txt-files überschreiben vorhergehende, statt sich neu zu benennen. so gehen dem usre ggf. editierte texte verloren.))
3. gmer
heute gmer mit der von trojanerboard empfohlen konfiguration durchgeführt:
ohne haken: iat/eat
drives: haken nur bei c:\
ads: haken
show all: kein haken
3rd party: kein haken
ergebnis (ACHTUNG: alle logs wurden von mir geringfügig editiert (username, löschung einiger definitiv sicherer einträge (pfade von von mir installierten (einwandfreien) programmen, die nicht jeder wissen muss): Code:
GMER Logfile:
Code:
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-28 20:14:23
Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_MMDPE56GFDXP-MVB rev.VBM25S1Q 238,47GB
Running: gmer_2.1.19155.exe; Driver: c:\_me\system\temp\uxldipow.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0x8A36D208]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcConnectPort [0x8A320FB8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcCreatePort [0x8A321300]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcSendWaitReceivePort [0x8A321746]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwClose [0x8A30991E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0x8A320C92]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateEvent [0x8A309E96]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateMutant [0x8A309D7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreatePort [0x8A321164]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSection [0x8A370072]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSemaphore [0x8A309FB6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0x8A36F50A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThreadEx [0x8A36F74A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateUserProcess [0x8A36F1AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateWaitablePort [0x8A321232]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0x8A36F054]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0x8A309962]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0x8A36D34A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadDriver [0x8A36CFB2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0x8A36FE6C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwNotifyChangeKey [0x8A31F422]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenEvent [0x8A309F2C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenMutant [0x8A309E0C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0x8A36EBFC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0x8A37031E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSemaphore [0x8A30A04C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0x8A36F266]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryDirectoryObject [0x8A30A0D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryObject [0x8A31F630]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0x8A36FD20]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyPort [0x8A32152A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePort [0x8A3213B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePortEx [0x8A32146E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0x8A32159A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0x8A36FA4C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0x8A320E20]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0x8A36FBA8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0x8A30A178]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetSystemInformation [0x8A36D0BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0x8A36ED9C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0x8A36F8F4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSystemDebugControl [0x8A30A18A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateProcess [0x8A36EEFC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0x8A36F406]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0x8A370486]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0x8A3701B0]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 8308A8D9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830AF312 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 250 830B6B10 4 Bytes [08, D2, 36, 8A]
.text ntkrnlpa.exe!RtlSidHashLookup + 278 830B6B38 8 Bytes [B8, 0F, 32, 8A, 00, 13, 32, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 2BC 830B6B7C 4 Bytes [46, 17, 32, 8A]
.text ntkrnlpa.exe!RtlSidHashLookup + 2E8 830B6BA8 4 Bytes [1E, 99, 30, 8A]
.text ntkrnlpa.exe!RtlSidHashLookup + 30C 830B6BCC 4 Bytes [92, 0C, 32, 8A]
.text ...
.text c:\Program Files\CyberLink\PowerDVD9\000.fcl section is writeable [0x8FDC5000, 0x2892, 0xE8000020]
.vmp2 c:\Program Files\CyberLink\PowerDVD9\000.fcl entry point in ".vmp2" section [0x8FDE8050]
---- User code sections - GMER 2.1 ----
.text C:\Windows\Explorer.EXE[1812] Explorer.EXE 00EC25BC 4 Bytes [06, 7F, 03, 6C] {PUSH ES; JG 0x6; INS BYTE [ES:EDI], DX}
.text C:\Windows\Explorer.EXE[1812] Explorer.EXE 00EC2828 4 Bytes [2E, 7F, 03, 6C] {JG 0x6 ;NOT TAKEN; INS BYTE [ES:EDI], DX}
.text C:\Windows\Explorer.EXE[1812] Explorer.EXE 00EC2848 4 Bytes [56, 7F, 03, 6C] {PUSH ESI; JG 0x6; INS BYTE [ES:EDI], DX}
.text C:\Windows\Explorer.EXE[1812] Explorer.EXE 00EC2850 4 Bytes [1A, 7F, 03, 6C] {SBB BH, [EDI+0x3]; INS BYTE [ES:EDI], DX}
.text C:\Windows\Explorer.EXE[1812] Explorer.EXE 00EC2870 8 Bytes [42, 7F, 03, 6C, 6A, 7F, 03, ...]
.text ...
? c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[2044] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
.text c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[2044] ntdll.dll!NtProtectVirtualMemory 76E65000 5 Bytes JMP 6D791A54 c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ushata.dll
? c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[2044] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[2044] user32.dll!NotifyWinEvent + 48B 76F9F724 4 Bytes [53, 2A, 79, 6D] {PUSH EBX; SUB BH, [ECX+0x6d]}
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[3952] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[3952] ntdll.dll!NtProtectVirtualMemory 76E65000 5 Bytes JMP 6D791A54 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ushata.dll
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[3952] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[3952] user32.dll!NotifyWinEvent + 48B 76F9F724 4 Bytes [53, 2A, 79, 6D] {PUSH EBX; SUB BH, [ECX+0x6d]}
---- Devices - GMER 2.1 ----
Device Ntfs.sys
AttachedDevice tdrpm273.sys
AttachedDevice \Driver\tdx \Device\Tcp wtfilter.sys
AttachedDevice \Driver\tdx \Device\Tcp kltdi.sys
Device volmgr.sys
AttachedDevice fltmgr.sys
Device USBSTOR.SYS
AttachedDevice \Driver\tdx \Device\Udp wtfilter.sys
AttachedDevice \Driver\tdx \Device\Udp kltdi.sys
AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys
Device exfat.SYS
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys@ Driver
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys@ Driver
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00214ffaf46c
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60380e0521cf
Reg HKLM\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\Wdf01000.sys@ Driver
Reg HKLM\SYSTEM\ControlSet002\Control\SafeBoot\Network\Wdf01000.sys@ Driver
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00214ffaf46c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60380e0521cf (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODI05.00.00.01PRO 10BC98BEC9E582B33C7973801089E8D383C9333C2CE9B9E918BA51B177C068A83A730628385168124F8F3E241B03C5B1B089D51F70998BDD6436ADDA45757F9191CE0C3EC8652AD44F8948C47C8DAC2DC6C74FFA3BD0EB2992CDF40F0F5E08F60A0CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E667FEBC9E127BECC74CBA7FD869164D679496DA437156A61082A0A9EA3965F52A1737D34D747342334437C31D39CA97C10D1C602B86826F31864E96C2CBF2CB5919407C43F880D89CDA677B2123B5A7C40474949FB52772ADDB68A86A32B3F244CC735C7A0902C8D37CA6014A77E0729BF37299D5F9F1CF455C78E37652193C9ACA2E7882934B349295477BC3CD298930C67ED738B6DE2B2F8B1D8F2E74E57E7CCC621AA06B0840883B3354EF203A035E0615F8E62FC12B928D85B80D47B38F81AE174F4BC534975823E2B9644F96F974E4466D338AC17C8DAAF7AEC15CEBCCB37566E7B13D1F671AA8E61DEA9E148E38B3366723D6D94E30CE4E063127CF970FC37E7933D16EE0D74A62B580B45BE0616D9E5EF183D7D4010DF4967283F2D38866215D63631B3A91AA8BFDD71D6C1A1C2CC98E8EE45E477899EC7DCF2C3DEB044A25B08CBAF12CB991303355C717E108AF19751BB3E461824D4D9ACA45EA4
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acronis\Acronis\xa0True\xa0Image\xa0Home\Acronis One-Click Backup.lnk 1
Reg HKCU\Software\Microsoft\Windows Live Mail@SqmSrvSuccessCount POP3 2601
---- Files - GMER 2.1 ----
File C:\wmidiag 0 bytes
File C:\wmidiag\WMIDiag.doc 777293 bytes
File C:\wmidiag\WMIDiag.vbs 4576330 bytes
File C:\wmidiag\WMIDiag.xls 551424 bytes
<<<<<<<<<--------witzig, dass das gerade heruntergelade wmi diagnose tool von MS hier auftaucht
---- EOF - GMER 2.1 ----
--- --- ---
OTL log:
OTL Logfile: Code:
OTL logfile created on: 28.03.2013 16:36:53 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = ...
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,43 Gb Available Physical Memory | 21,76% Memory free
3,98 Gb Paging File | 1,70 Gb Available in Paging File | 42,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 190,43 Gb Total Space | 144,11 Gb Free Space | 75,68% Space Free | Partition Type: NTFS
Drive D: | 30,01 Gb Total Space | 15,92 Gb Free Space | 53,05% Space Free | Partition Type: exFAT
Drive E: | 119,05 Gb Total Space | 81,49 Gb Free Space | 68,45% Space Free | Partition Type: exFAT
Drive S: | 100,00 Mb Total Space | 67,05 Mb Free Space | 67,05% Space Free | Partition Type: NTFS
Drive Z: | 41,16 Gb Total Space | 18,96 Gb Free Space | 46,06% Space Free | Partition Type: NTFS
Computer Name: alöksdjflajfd | User Name: alkdjflasfdd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
################### unspezifierte prozesse gehören i.d.r. zu den legitimen parental control
################### programmen "child weg guardian" und "computertime"
PRC - C:\Program Files\Macrium\Reflect\ReflectService.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wtwatch.exe ()
PRC - C:\Windows\System32\wstw.exe ()
PRC - C:\Windows\System32\fltw.exe ()
PRC - C:\Program Files\ChildWebGuardian PRO\CwAgent.exe ()
PRC - C:\Program Files\ChildWebGuardian PRO\ContentWasher.exe (Zimin IP)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\wmi32.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\SoftwareTime\ComputerTime\bin\ctmn32.exe (SoftwareTime, LLC)
PRC - C:\Program Files\SoftwareTime\ComputerTime\bin\stka32.exe (SoftwareTime, LLC)
PRC - C:\Program Files\SoftwareTime\ComputerTime\bin\STProxy.exe (SoftwareTime, LLC)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SoftwareTime\ComputerTime\bin\fbserver.exe (Firebird Project)
PRC - C:\Program Files\GPSoftware\Directory Opus\dopus.exe (GP Software)
PRC - C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXe (CANON INC.)
PRC - C:\Program Files\Apoint2K\HidFind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
PRC - C:\Program Files\OneClickInternet\WTGService.exe ()
PRC - C:\Program Files\QUALCOMM\QDLService2k\QDLService2kSony.exe (QUALCOMM, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\mmc.exe (Microsoft Corporation)
PRC - C:\Windows\System32\mblctr.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Java\jre7\bin\jp2native.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a97f4e39d47dc3d5098150a8b14a9662\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\9e64c6dea847aec2685eec4da29ea9b0\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a00aab40bdf5aed84b4d4294965cf20d\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\ee4683cbfd60ee35d95e2e6d32fc3981\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\2d8c2161957e5003fd15a7c0acb97928\System.IdentityModel.Selectors.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\bc5e4099db0d68c2d4da4749e4b8d127\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\428143857fa1c250d50ec55132dd8a2f\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\fbe1fc6847e7ddff51482f2b779c168f\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\5f9559fafc4b40e11e429d67152746be\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\612bad9f3a4f378c9c09cbb7460e3a93\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll ()
MOD - C:\Program Files\ChildWebGuardian PRO\CwAgent.exe ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()
MOD - C:\Program Files\Opera\gstreamer\gstreamer.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gsttypefindfunctions.dll ()
MOD - C:\Windows\System32\tw_libeay32.dll ()
MOD - C:\Windows\System32\tw_libssl32.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SPMCommon\4.0.0.4200__e3c7096ba83f9295\SPMCommon.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SPMDam\4.0.0.4200__1b3c579b6925895f\SPMDam.dll ()
MOD - C:\Windows\System32\pcrelib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
========== Services (SafeList) ==========
SRV - (Winmgmt) -- c:\_me\system\temp\2pszi2ki80.dll File not found <- das war ein virus
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe File not found (hat cpu probleme verursacht)
SRV - (ReflectService.exe) -- C:\Program Files\Macrium\Reflect\ReflectService.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (watchtw) -- C:\Windows\System32\wtwatch.exe ()
SRV - (WebServTw) -- C:\Windows\System32\wstw.exe ()
SRV - (wtflserv) -- C:\Windows\System32\fltw.exe ()
SRV - (AVP) -- c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (TeamViewer7) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (VUAgent) -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (NSL) -- C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe (Symantec Corporation)
SRV - (STProxy) -- C:\Program Files\SoftwareTime\ComputerTime\bin\STProxy.exe (SoftwareTime, LLC)
SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (ComputerTimeServer) -- C:\Program Files\SoftwareTime\ComputerTime\bin\fbserver.exe (Firebird Project)
SRV - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (WTGService) -- C:\Program Files\OneClickInternet\WTGService.exe ()
SRV - (QDLService2kSony) -- C:\Program Files\QUALCOMM\QDLService2k\QDLService2kSony.exe (QUALCOMM, Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (uxldipow) -- c:\_me\system\temp\uxldipow.sys File not found <- ?
DRV - (NLNdisPT) -- system32\DRIVERS\nlndis.sys File not found <- überbleibsel von parental control, offenbar
DRV - (NLNdisMP) -- system32\DRIVERS\nlndis.sys File not found
DRV - (MpKsl81823dad) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D0AD13EE-C89E-4863-B5A4-80CB82F4D01C}\MpKsl81823dad.sys File not found
DRV - (cpuz130) -- c:\_me\system\temp\cpuz130\cpuz_x32.sys File not found <- ?
DRV - (PSVolAcc) -- C:\Windows\System32\drivers\PSVolAcc.sys (Paramount Software UK Ltd)
DRV - (pssnap) -- C:\Windows\System32\drivers\pssnap.sys (Macrium Software)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (kltdi) -- C:\Windows\System32\drivers\kltdi.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (klkbdflt) -- C:\Windows\System32\drivers\klkbdflt.sys (Kaspersky Lab)
DRV - (wtfilter) -- C:\Windows\System32\drivers\wtfilter.sys (NetFilterSDK.com)
DRV - (PSMounterEx) -- C:\Windows\System32\drivers\psmounterex.sys ()
DRV - (kneps) -- C:\Windows\System32\drivers\kneps.sys (Kaspersky Lab)
DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon)
DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider)
DRV - (hotcore3) -- C:\Windows\System32\drivers\hotcore3.sys (Paragon Software Group)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (PSMounter) -- C:\Windows\System32\drivers\psmounter.sys (Macrium Software)
DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys () <- wohl minitool?
DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys ()
DRV - (ccSet_NST) -- C:\Windows\System32\drivers\NST\0200000.010\ccSetx86.sys (Symantec Corporation)
DRV - (nhcDriverDevice) -- C:\Windows\System32\drivers\nhcDriver.sys (Notebook Hardware Control)
DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman273) -- C:\Windows\System32\drivers\tdrpm273.sys (Acronis)
DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (rspUndeluxe) -- C:\Windows\System32\drivers\rspUnd32.sys (Resplendence Software Projects Sp.)
DRV - (FARMNTIO) -- C:\Windows\System32\drivers\FarMntIo.sys ()
DRV - (ivusb) -- C:\Windows\System32\drivers\ivusb.sys (Initio Corporation)
DRV - (phylock) -- C:\Windows\System32\drivers\phylock.sys (TeraByte, Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- c:\Program Files\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.)
DRV - (qcusbnetsny2k) -- C:\Windows\System32\drivers\qcusbnetsny2k.sys (QUALCOMM Incorporated)
DRV - (qcusbsersny2k) -- C:\Windows\System32\drivers\qcusbserSny2k.sys (QUALCOMM Incorporated)
DRV - (qcfilterSny2k) -- C:\Windows\System32\drivers\qcfilterSny2k.sys (QUALCOMM Incorporated)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (SPI) -- C:\Windows\System32\drivers\SonyPI.sys (Sony Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (giveio) -- C:\Windows\System32\giveio.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://home.live.com
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.searchcompletion.com/?si=10211&home=1
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.searchcompletion.com/?si=10211&home=1
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.searchcompletion.com/?si=10211&home=1
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.searchcompletion.com/?si=10211&home=1
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://search.searchcompletion.com/?si=10211&home=1
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://search.searchcompletion.com/?si=10211&home=1
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\..\SearchScopes\{02D08EFA-C55A-4D57-95CB-6408A701ECE8}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AVB3DF&pc=AVBR
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={F9DF2862-BD70-4B34-BBCB-AA2D9D1CB299}&mid=9e3f806d935f47d0b910d154fc5ae2de-73174264ed9c2878b3f27495b9aba94c1325d8cb&lang=en&ds=AVG&pr=fr&d=2012-05-13 23:41:05&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=SWL&chn=&geo=DE&ver=2
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\..\SearchScopes\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}: "URL" = hxxp://www.ask.com/web?o=15710&l=dis&q={searchTerms}
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\..\SearchScopes\{CBC39FF2-842D-45F7-B212-6ED603EBE510}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=QBLH&filt=all
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Complitly"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Complitly"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: stealthyextension@gmail.com:2.5
FF - prefs.js..keyword.URL: "hxxp://search.searchcompletion.com/?bs=1&si=10211&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\LSNPAPI: C:\Program Files\nplightshot\3.2.0.0\npLightshot.dll (Skillbrains)
FF - HKCU\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\OpenOffice.org 3\program [2010.02.19 22:36:35 | 000,000,000 | ---D | M]
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\users\alkdjflasfdd\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\users\alkdjflasfdd\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.26\coFFFw\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4F3D26C8-9907-48ff-BC74-B8C572D317BF}: C:\Program Files\AusweisApp\mozilla\AusweisApp_FFxx_Win [2011.09.14 16:49:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST\ [2013.03.28 01:41:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.11.21 16:48:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.03.19 22:27:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.03.19 22:27:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.03.19 22:27:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.03.19 22:27:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.03.19 22:27:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.18 14:51:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.21 16:48:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b2\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 2\components [2012.09.08 23:44:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b2\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 2\plugins [2012.11.21 16:48:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: Z:\Program Files\Mozilla Firefox 5\components [2012.09.08 23:44:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: Z:\Program Files\Mozilla Firefox 5\plugins [2012.11.21 16:48:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.25 14:35:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2012.02.01 23:43:43 | 000,000,000 | ---D | M]
[2010.12.22 11:27:52 | 000,000,000 | ---D | M] (No name found) -- C:\users\alkdjflasfdd\AppData\Roaming\mozilla\Extensions
[2010.11.28 10:38:52 | 000,000,000 | ---D | M] (No name found) -- C:\users\alkdjflasfdd\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.01.07 14:51:46 | 000,000,000 | ---D | M] (No name found) -- C:\users\alkdjflasfdd\AppData\Roaming\mozilla\Firefox\extensions
[2010.01.07 14:51:46 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\users\alkdjflasfdd\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2013.02.24 16:19:08 | 000,000,000 | ---D | M] (No name found) -- C:\users\alkdjflasfdd\AppData\Roaming\mozilla\Firefox\Profiles\txesgi80.default\extensions
[2011.05.06 16:02:04 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\users\alkdjflasfdd\AppData\Roaming\mozilla\Firefox\Profiles\txesgi80.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2013.02.24 16:19:07 | 000,185,839 | ---- | M] () (No name found) -- C:\users\alkdjflasfdd\AppData\Roaming\mozilla\firefox\profiles\txesgi80.default\extensions\stealthyextension@gmail.com.xpi
[2011.08.04 00:24:31 | 000,002,449 | ---- | M] () -- C:\users\alkdjflasfdd\AppData\Roaming\mozilla\firefox\profiles\txesgi80.default\searchplugins\safesearch.xml
[2013.03.10 22:58:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.09.03 18:48:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.11.02 12:29:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.11.21 16:48:32 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.12.18 14:51:45 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.05.13 22:40:57 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.12.18 14:51:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.05.06 16:02:03 | 000,003,195 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Complitly.xml
[2012.12.18 14:51:39 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage: about:blank
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: about:blank
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Screen Capture Plugin (Enabled) = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.4_0\plugins/screen_capture.dll
CHR - plugin: IE Tab Multi (Enabled) = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea\1.0.0.1_0\plugin/npietab.dll
CHR - plugin: IE Tab Multi (SPA) (Enabled) = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea\1.0.0.1_0\plugin/npietabspa.dll
CHR - plugin: Chrome IE Tab (Enabled) = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.5.9.1_0\plugin/blackfishietab.dll
CHR - plugin: RoboForm Plugin for Google Chrome/Opera/etc. (Enabled) = C:\Program Files\Siber Systems\AI RoboForm\Chrome\plugin/rf-np-plugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\Application\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\Application\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\Application\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\Application\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\Application\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\Application\plugins\npqtplugin6.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Lightshot (Enabled) = C:\Program Files\nplightshot\1.7.0.25\npLightshot.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\users\alkdjflasfdd\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google-Suche = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Modul zur Link-Untersuchung = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Complitly plugin for chrome = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk\1.1_0\
CHR - Extension: IE Tab Multi (Enhance) = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea\1.0.1.2_0\
CHR - Extension: AdBlock = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: Sicherer Zahlungsverkehr = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: IE Tab = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\4.2.22.2_0\
CHR - Extension: Modul f\u00FCr das Blockieren gef\u00E4hrlicher Webseiten = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Stealthy = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje\3.0.1_0\
CHR - Extension: Virtuelle Tastatur = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: Downloads = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb\1_1\
CHR - Extension: Shortcut Manager = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgjjeipcdnnjhgodgjpfkffcejoljijf\0.7.9_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Keyconfig = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\okneonigbfnolfkmfgjmaeniipdjkgkl\1.13.1_0\
CHR - Extension: Google Mail = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\
###nicht wundern, auch im folgenden habe ich ein paar einträge rausgelöscht, die *definitiv* sicher sind (legitime harmlose programme wie notepad replacements etc)
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - No CLSID value found.
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (eCard Client Initiator) - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Program Files\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\users\alkdjflasfdd\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [*ctmn32] C:\Program Files\SoftwareTime\ComputerTime\bin\ctmn32.exe (SoftwareTime, LLC)
O4 - HKLM..\Run: [APC] C:\Program Files\Advanced Parental Control\BackProcessAPC.exe File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BDRegion] c:\Program Files\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [ChicoSys] C:\Windows\system32\cc32\webtmr.exe File not found <- das ist ein überbleibsel von einer partental control software
O4 - HKLM..\Run: [ChildWebGuardian PRO Agent] C:\Program Files\ChildWebGuardian PRO\CwAgent.exe ()
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW File not found
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [Helper] C:\Windows\System32\config\systemprofile\AppData\Local\PackSetup.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [jia] C:\Windows\System32\config\systemprofile\AppData\Local\yps.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [Helper] C:\Windows\System32\config\systemprofile\AppData\Local\PackSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [jia] C:\Windows\System32\config\systemprofile\AppData\Local\yps.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003..\RunOnce: [*ctmn32] C:\Program Files\SoftwareTime\ComputerTime\bin\ctmn32.exe (SoftwareTime, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 65010687
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 24
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 67108863
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WRP = 0
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8 - Extra context menu item: Clear Fields - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
O8 - Extra context menu item: Download by FlashGet3 - C:\users\alkdjflasfdd\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Reset Fields - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html ()
O8 - Extra context menu item: RoboForm Options - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
O8 - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\..Trusted Domains: ebay.de ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\..Trusted Domains: facebook.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\..Trusted Domains: facebook.de ([]* in Vertrauenswürdige Sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O16 - DPF: {503F5F92-794F-4273-824E-A3EDF65BFAA4} hxxp://downloads.reiner-sct.de/owok/plugins/rsct_owok_ie-2004.cab (OWOK)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02510786-FD86-46E9-AAB5-D608272861E1}: NameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9280B973-8F6E-421B-A41A-C9927DAD6993}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
O32 - Unable to read "AutoRun" value or value not present!
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{58da06e0-090d-11df-a2b5-001dbabdcad9}\Shell - "" = AutoRun
O33 - MountPoints2\{58da06e0-090d-11df-a2b5-001dbabdcad9}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.03.20 23:40:56 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.19 22:02:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
[2013.03.19 22:01:02 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013.03.19 22:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.03.19 22:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013.03.19 21:59:14 | 000,589,144 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2013.03.19 21:59:14 | 000,075,096 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klflt.sys
[2013.03.19 03:22:57 | 000,000,000 | ---D | C] -- C:\users\alkdjflasfdd\AppData\Roaming\QuickScan
[2013.03.15 15:24:40 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.15 15:24:37 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.15 15:24:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.15 15:24:36 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.15 15:24:35 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.15 15:24:32 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.15 15:24:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.15 15:24:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.10 23:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.03.10 22:59:52 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.10 22:59:28 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.10 22:59:28 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.03.10 22:59:28 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
(senstive, aber ungefaehrliche informationen im untenstenden gelöscht)
[2013.03.28 17:13:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.28 16:54:01 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\update-sys.job
[2013.03.28 16:53:02 | 000,013,936 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.28 16:53:02 | 000,013,936 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.28 16:29:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-467424403-2663338904-3135116938-1003UA.job
[2013.03.28 16:23:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.28 16:11:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-467424403-2663338904-3135116938-1003UA.job
[2013.03.28 15:45:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-467424403-2663338904-3135116938-1003.job
[2013.03.28 15:00:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.28 13:41:08 | 000,000,000 | ---- | M] () -- C:\users\alkdjflasfdd\defogger_reenable
[2013.03.28 01:41:19 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.28 01:40:56 | 2136,928,256 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.27 22:11:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-467424403-2663338904-3135116938-1003Core.job
[2013.03.27 19:55:08 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for me.job
[2013.03.27 19:29:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-467424403-2663338904-3135116938-1003Core.job
[2013.03.19 11:32:04 | 000,123,366 | ---- | M] () -- C:\ProgramData\1363688951.492.bin
[2013.03.19 11:32:04 | 000,038,517 | ---- | M] () -- C:\ProgramData\1363688951.5172.bin
[2013.03.19 11:31:10 | 000,008,946 | ---- | M] () -- C:\ProgramData\1363688951.5324.bin
[2013.03.19 11:30:14 | 000,009,322 | ---- | M] () -- C:\ProgramData\1363688951.3744.bin
[2013.03.19 11:29:56 | 000,004,717 | ---- | M] () -- C:\ProgramData\1363688951.3984.bin
[2013.03.19 11:29:38 | 000,001,090 | ---- | M] () -- C:\ProgramData\1363688951.5540.bin
[2013.03.19 11:29:38 | 000,001,090 | ---- | M] () -- C:\ProgramData\1363688951.5236.bin
[2013.03.19 11:29:34 | 000,013,837 | ---- | M] () -- C:\ProgramData\1363688951.3960.bin
[2013.03.19 11:29:34 | 000,000,783 | ---- | M] () -- C:\ProgramData\1363688951.2744.bin
[2013.03.19 11:29:28 | 000,002,276 | ---- | M] () -- C:\ProgramData\1363688951.2124.bin
[2013.03.19 03:23:41 | 000,109,352 | ---- | M] () -- C:\ProgramData\1363659262.7388.bin
[2013.03.19 03:23:41 | 000,059,640 | ---- | M] () -- C:\ProgramData\1363659262.2828.bin
[2013.03.19 03:23:11 | 000,010,418 | ---- | M] () -- C:\ProgramData\1363659262.7724.bin
[2013.03.19 03:23:11 | 000,004,718 | ---- | M] () -- C:\ProgramData\1363659262.10224.bin
[2013.03.19 03:22:53 | 000,001,091 | ---- | M] () -- C:\ProgramData\1363659262.10228.bin
[2013.03.19 03:22:41 | 000,001,091 | ---- | M] () -- C:\ProgramData\1363659262.10232.bin
[2013.03.19 03:20:09 | 000,008,927 | ---- | M] () -- C:\ProgramData\1363659262.7564.bin
[2013.03.19 03:19:35 | 000,014,774 | ---- | M] () -- C:\ProgramData\1363659262.10220.bin
[2013.03.19 03:19:35 | 000,000,783 | ---- | M] () -- C:\ProgramData\1363659262.8224.bin
[2013.03.19 03:19:17 | 000,002,277 | ---- | M] () -- C:\ProgramData\1363659262.10148.bin
[2013.03.18 18:43:51 | 095,023,320 | ---- | M] () -- C:\ProgramData\(zufallsstring).pad <----- das gehört zum gvu trojaner, 90 mb datei, ist jetzt nicht mehr schädlich / umbenannt/quarantäne)
[2013.03.18 14:26:39 | 000,629,594 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.18 14:26:39 | 000,595,198 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.18 14:26:39 | 000,120,434 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.18 14:26:39 | 000,099,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.10 22:59:06 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.03.10 22:59:05 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013.03.10 22:59:05 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.03.10 22:59:05 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.10 22:59:05 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.10 22:59:05 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
(senstive, aber ungefaehrliche informationen im untenstenden gelöscht)
[2013.03.28 13:41:08 | 000,000,000 | ---- | C] () -- C:\users\alkdjflasfdd\defogger_reenable
[2013.03.19 11:29:33 | 000,008,946 | ---- | C] () -- C:\ProgramData\1363688951.5324.bin
[2013.03.19 11:29:33 | 000,000,783 | ---- | C] () -- C:\ProgramData\1363688951.2744.bin
[2013.03.19 11:29:32 | 000,013,837 | ---- | C] () -- C:\ProgramData\1363688951.3960.bin
[2013.03.19 11:29:32 | 000,004,717 | ---- | C] () -- C:\ProgramData\1363688951.3984.bin
[2013.03.19 11:29:32 | 000,001,090 | ---- | C] () -- C:\ProgramData\1363688951.5540.bin
[2013.03.19 11:29:32 | 000,001,090 | ---- | C] () -- C:\ProgramData\1363688951.5236.bin
[2013.03.19 11:29:27 | 000,002,276 | ---- | C] () -- C:\ProgramData\1363688951.2124.bin
[2013.03.19 11:29:15 | 000,038,517 | ---- | C] () -- C:\ProgramData\1363688951.5172.bin
[2013.03.19 11:29:14 | 000,009,322 | ---- | C] () -- C:\ProgramData\1363688951.3744.bin
[2013.03.19 11:29:11 | 000,123,366 | ---- | C] () -- C:\ProgramData\1363688951.492.bin
[2013.03.19 03:19:32 | 000,008,927 | ---- | C] () -- C:\ProgramData\1363659262.7564.bin
[2013.03.19 03:19:32 | 000,000,783 | ---- | C] () -- C:\ProgramData\1363659262.8224.bin
[2013.03.19 03:19:31 | 000,014,774 | ---- | C] () -- C:\ProgramData\1363659262.10220.bin
[2013.03.19 03:19:31 | 000,004,718 | ---- | C] () -- C:\ProgramData\1363659262.10224.bin
[2013.03.19 03:19:31 | 000,001,091 | ---- | C] () -- C:\ProgramData\1363659262.10232.bin
[2013.03.19 03:19:31 | 000,001,091 | ---- | C] () -- C:\ProgramData\1363659262.10228.bin
[2013.03.19 03:19:16 | 000,002,277 | ---- | C] () -- C:\ProgramData\1363659262.10148.bin
[2013.03.19 03:14:27 | 000,059,640 | ---- | C] () -- C:\ProgramData\1363659262.2828.bin
[2013.03.19 03:14:25 | 000,010,418 | ---- | C] () -- C:\ProgramData\1363659262.7724.bin
[2013.03.19 03:14:22 | 000,109,352 | ---- | C] () -- C:\ProgramData\1363659262.7388.bin
[2013.03.18 18:31:28 | 095,023,320 | ---- | C] () -- C:\ProgramData\(zufallsstring).pad <-----------s.o.
[2013.01.11 20:28:20 | 000,150,276 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012.10.10 12:38:48 | 001,743,870 | ---- | C] () -- C:\Windows\System32\tw_libeay32.dll
[2012.10.10 12:38:48 | 000,379,675 | ---- | C] () -- C:\Windows\System32\tw_libssl32.dll
[2012.10.10 12:38:46 | 001,963,416 | ---- | C] () -- C:\Windows\System32\cwcom.dll
[2012.10.10 12:38:46 | 001,076,632 | ---- | C] () -- C:\Windows\System32\wtwatch.exe
[2012.10.10 12:38:44 | 001,743,256 | ---- | C] () -- C:\Windows\System32\wstw.exe
[2012.09.25 15:31:50 | 000,054,464 | ---- | C] () -- C:\Windows\System32\drivers\psmounterex.sys
[2012.09.10 15:02:46 | 000,355,328 | ---- | C] () -- C:\Windows\System32\wlsppc.dll
[2012.07.23 00:26:57 | 000,221,184 | ---- | C] () -- C:\Windows\System32\pcrelib.dll
[2012.07.23 00:26:56 | 000,100,272 | ---- | C] () -- C:\Windows\System32\nfapi.dll
[2012.07.23 00:26:52 | 001,446,808 | ---- | C] () -- C:\Windows\System32\fltw.exe
[2012.07.22 22:43:01 | 000,124,416 | ---- | C] () -- C:\Windows\System32\dXCtrls.dll
[2012.07.22 22:43:00 | 000,544,256 | ---- | C] () -- C:\Windows\System32\janGraphics.dll
[2012.07.19 15:18:41 | 000,000,056 | RHS- | C] () -- C:\ProgramData\{F473AA6F-9069-4CB7-MB39-1493E6C46CAB}
[2012.07.06 21:57:48 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.03.20 00:49:10 | 000,000,711 | ---- | C] () -- C:\Windows\asfbinwin.INI
[2012.02.27 16:08:07 | 000,296,944 | ---- | C] () -- C:\users\alkdjflasfdd\AppData\Local\census.cache
[2012.02.27 16:07:46 | 000,171,238 | ---- | C] () -- C:\users\alkdjflasfdd\AppData\Local\ars.cache
[2012.02.27 15:48:40 | 000,000,036 | ---- | C] () -- C:\users\alkdjflasfdd\AppData\Local\housecall.guid.cache
[2012.01.27 15:08:26 | 000,000,022 | ---- | C] () -- C:\Windows\cmm.dat
[2012.01.02 01:13:41 | 000,074,240 | ---- | C] () -- C:\Windows\System32\zlibwapi.dll
[2011.12.12 17:00:42 | 000,002,952 | ---- | C] () -- C:\Windows\System32\STProxy.ini
[2011.12.12 17:00:42 | 000,001,664 | ---- | C] () -- C:\Windows\System32\STProxyOff.ini
[2011.12.11 01:35:13 | 000,000,221 | ---- | C] () -- C:\ProgramData\MusicStation.xml
[2011.11.21 22:40:24 | 000,037,888 | RHS- | C] () -- C:\Program Files\Common Files\{4510A67B-004C-D2M7-1196-BCF980168200}
[2011.07.11 18:32:34 | 000,000,163 | ---- | C] () -- C:\Windows\System32\StartClock.ini
[2011.06.27 12:39:39 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.06.07 00:41:00 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.05.27 15:32:21 | 000,001,280 | ---- | C] () -- C:\Windows\System32\excltmp~.dat
[2011.05.20 14:05:59 | 000,000,038 | ---- | C] () -- C:\Windows\osAviSplitter.INI
[2011.05.14 17:07:26 | 000,000,040 | ---- | C] () -- C:\ProgramData\STAnalyzer.ini
[2011.05.14 17:07:18 | 000,266,240 | ---- | C] () -- C:\ProgramData\STServer.mdb
[2011.05.14 17:07:18 | 000,002,832 | ---- | C] () -- C:\users\alkdjflasfdd\AppData\Roaming\D000A8E2.DAT
[2011.05.14 17:04:39 | 000,000,140 | ---- | C] () -- C:\ProgramData\95016.G06
[2011.05.14 16:07:11 | 000,000,169 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011.05.06 16:49:16 | 000,000,176 | ---- | C] () -- C:\Windows\System32\SWCTL.DLL
[2011.05.06 16:49:16 | 000,000,141 | -H-- | C] () -- C:\Windows\System32\ctlsw.ini
[2011.04.27 23:51:04 | 000,922,184 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011.04.27 23:51:04 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011.04.27 23:51:03 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011.04.25 21:49:26 | 000,084,480 | ---- | C] () -- C:\Windows\tbicd2hd.exe <-terabyte
[2011.02.20 16:12:54 | 000,000,232 | ---- | C] () -- C:\users\alkdjflasfdd\powerpad.conf
[2010.04.18 01:36:21 | 000,001,948 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.01.06 03:46:40 | 000,000,676 | RHS- | C] () -- C:\users\alkdjflasfdd\ntuser.pol
[2009.12.21 14:20:47 | 000,007,640 | ---- | C] () -- C:\users\alkdjflasfdd\AppData\Local\resmon.resmoncfg
[2003.10.06 09:21:31 | 000,000,000 | -H-- | C] () -- C:\ProgramData\sdpsenv.dat
========== ZeroAccess Check ==========
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
(ein paar definitiv legitime programme wurden von mir der übersicht halber rausgelöscht)
[2009.12.21 15:23:52 | 000,000,000 | -HSD | M] -- C:\users\alkdjflasfdd\AppData\Roaming\.#
[2011.03.27 09:44:09 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\0AAFBEAB-806A-4CB2-91ED-5B06F11BDC01
[2011.03.29 15:46:34 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\23824715-F1D8-413E-A842-23DB1B743056
[2011.03.27 09:43:38 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\2CCFC51D-ABFA-4CEE-81D1-F0CF4F89D6FD
[2011.03.29 16:05:56 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\2D6E7029-FB78-496D-8D6C-4C5E9BE468F0
[2011.03.25 13:41:49 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\3A30ED3B-F6BB-46A1-BECF-21D7D6B0AF2D
[2011.03.29 15:46:35 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\40DCE393-547D-4A3C-8A2B-701C21058180
[2011.03.27 10:08:41 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\517A32DC-2FC9-4699-B88F-3FD3E52E2D45
[2011.03.25 13:41:53 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\57CD4456-A8BD-472C-96D5-0378F0EA7691
[2011.03.29 14:48:02 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\64CBEA9A-AF3D-4E1A-9FFB-745CABBCBFE7
[2011.03.26 22:18:43 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\68690F77-3C16-4C37-ABBB-2B2DE37C3851
[2011.03.29 16:06:10 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\6C3A9949-C2EF-476E-A7BE-80B310A28001
[2011.03.29 15:46:19 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\7991C204-B839-4F91-A1A0-DED062A123B0
[2011.03.29 16:06:36 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\7AA7CF54-B9D5-4779-97E5-E9E21635CB2D
[2011.03.29 14:50:03 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\7B2F5210-797C-4085-9FB4-C6BE67FAF64D
[2011.03.25 14:02:57 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\7D31E6A3-E6BA-4F5D-83E4-BCC7DE840E36
[2011.03.27 10:08:58 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\8EF34282-138A-4146-924B-BAF1C4157DE6
[2011.03.25 14:02:57 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\97092951-9D48-49DC-AA49-5E29FC7AF5C3
[2011.03.29 14:49:35 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\AA0E6BB3-9286-470C-A974-032542C2EDAD
[2010.05.17 15:42:08 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\Acronis
[2012.12.14 00:01:24 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\BITS
[2011.06.23 19:58:36 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\Canneverbe Limited
[2010.12.25 13:00:37 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\Chrome
[2011.03.26 22:18:43 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\D0F4A3CB-6F66-4381-B579-D00EF59B4CF5
[2011.03.27 10:08:58 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\DED3B6FB-54C1-4B32-8A35-4B0F32E6564A
[2012.12.12 23:12:24 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\Downloaded Installations
[2011.02.18 11:41:07 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\Echo Software
[2012.07.19 19:42:17 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\Ethervane
[2012.07.02 23:31:45 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\EurekaLog
[2011.03.27 09:44:09 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\FB5D50EE-9B7D-4B6C-8B48-457FFB113AF8
[2011.11.28 14:26:54 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\FMA
[2011.06.16 22:27:18 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\Leadertech
[2011.06.26 14:29:55 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\Notebook Hardware Control
[2012.11.21 01:47:30 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\Opera
[2013.03.19 03:22:57 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\QuickScan
[2011.03.01 13:32:05 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\SoftGrid Client
[2012.03.18 03:13:25 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\Softplicity
[2012.10.19 12:56:58 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\TeamViewer
[2012.10.19 14:39:42 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\temp
[2012.04.12 12:25:32 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\Tencent
[2011.05.14 17:04:39 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\tfw
[2011.03.25 12:44:49 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\TheWorld
[2011.07.11 13:46:33 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\Thunderbird
[2011.08.14 23:21:28 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\Tific
[2011.02.28 20:56:24 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\TP
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2011.03.24 16:13:28 | 000,000,986 | ---- | M] ()(C:\Users\Public\Desktop\???? 3.lnk) -- C:\Users\Public\Desktop\世界之窗 3.lnk <- theworld browser, legitime software
[2011.03.24 16:13:28 | 000,000,986 | ---- | C] ()(C:\Users\Public\Desktop\???? 3.lnk) -- C:\Users\Public\Desktop\世界之窗 3.lnk
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\???????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\世界之窗浏览器
========== Alternate Data Streams ==========
@Alternate Data Stream - 4800 bytes -> C:\ProgramData\sdpsenv.dat:naughtypirates <- directory opus, soweit ich weiß. legitimer eintrag.
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:5294C449
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:424C5130
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:25D885FA
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0A8E2C33
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:63238B95
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D3A96964
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:F8D65F32
< End of report >
--- --- ---
[/CODE]
OTL extras log:
->Als Anhang wegen zeichenbeschränkung des beitrags.
An alle, die weiterhelfen: DANKE!!! Wenn ihr eine Anleitung irgendwo findet zum Reaktivieren der Verwaltungsintrumentation/Security Center -> bitte posten... |
Bitte lesen:
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
SecurityCheck und: