Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Laptop CPU Auslastung bie Start schon 100% (https://www.trojaner-board.de/134237-laptop-cpu-auslastung-bie-start-schon-100-a.html)

aharonov 30.04.2013 15:23
Zitat:
und 2. habe ich norton eig. schon längst vom system entfernt und wird auch nicht in programm liste aufgeführt.
Ich sehe in deiner Programmliste noch den Eintrag Norton 360 aufgelistet. Diesen müsstest du deinstallieren.
Oder findest du ihn nicht?

TheDragon80 30.04.2013 16:36
Ne, finde ich nicht. wird weder in der programmliste aufgeführt noch beim CCleaner.

und zu den letzten schritten: eset läuft mal wieder und ist schon 1,5 stunden am laufen aber beim letzten mal musste ich es über nacht laufen lassen^^

aharonov 30.04.2013 16:51
Ja, ESET kann ein Weilchen dauern, das ist normal.
Den Rest schauen wir dann an, wenn alle Logs da sind.

TheDragon80 01.05.2013 17:39
So 1. OTL:

Code:
All processes killed
========== OTL ==========
C:\Users\user\AppData\Roaming\Ymutr folder moved successfully.
C:\Users\user\AppData\Roaming\Vieqy folder moved successfully.
C:\Users\user\AppData\Roaming\xmldm folder moved successfully.
C:\Users\user\AppData\Roaming\Uchauk folder moved successfully.
C:\Users\user\AppData\Roaming\UAs folder moved successfully.
C:\Users\user\AppData\Roaming\OpenCandy\D3E9CD6224984D68B00877F731A350BE folder moved successfully.
C:\Users\user\AppData\Roaming\OpenCandy folder moved successfully.
C:\Users\user\AppData\Roaming\Noyd folder moved successfully.
C:\Users\user\AppData\Roaming\Luawha folder moved successfully.
C:\Users\user\AppData\Roaming\kock folder moved successfully.
C:\Users\user\AppData\Roaming\Ackyze folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\ask.xml moved successfully.
C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\daemon-search.xml moved successfully.
C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\icqplugin.gif moved successfully.
C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\sweetim.xml moved successfully.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{33044118-6597-4D2F-ABEA-7974BB185379} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33044118-6597-4D2F-ABEA-7974BB185379}\ not found.
File C:\Users\user\AppData\Roaming\17001.005 not found.
Prefs.js: "Ask" removed from browser.search.order.1
C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}\META-INF folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} folder moved successfully.
Prefs.js: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}:2.0.0.54356 removed from extensions.enabledItems
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
Registry key HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000\Software\Microsoft\Internet Explorer\SearchScopes\{03_TL-GOOGLE-DE-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03_TL-GOOGLE-DE-E1416B8B2E3A}\ not found.
Prefs.js: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=" removed from sweetim.toolbar.previous.browser.search.defaulturl
Prefs.js: "hxxp://www.yodl.de/?&affid=1&uid=77FA46BE-F5CC-48DE-A5E4-91322A6E8812" removed from browser.startup.homepage
Prefs.js: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=" removed from sweetim.toolbar.previous.keyword.URL
Prefs.js: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4.1 removed from extensions.enabledItems
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
->Java cache emptied: 120995071 bytes
->FireFox cache emptied: 66442349 bytes
->Flash cache emptied: 367334 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: TEMP
->Temp folder emptied: 0 bytes
 
User: user
->Temp folder emptied: 1103 bytes
->Temporary Internet Files folder emptied: 27795723 bytes
->Java cache emptied: 101126 bytes
->FireFox cache emptied: 75510990 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 9828168 bytes
 
%systemdrive% .tmp files removed: 230282739 bytes
%systemroot% .tmp files removed: 867465 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 508,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04302013_150551

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
dann 2.

Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.30.04

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
user :: JULIA [Administrator]

Schutz: Aktiviert

30.04.2013 15:19:57
mbam-log-2013-04-30 (15-19-57).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 242248
Laufzeit: 10 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
und 3. Eset

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=03bb8ff539302d4c878a7fa653fddf14
# engine=13733
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-01 04:11:08
# local_time=2013-05-01 06:11:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1799 16775165 100 99 18201 232847958 10962 0
# compatibility_mode=3588 16777213 100 96 55662002 116499003 0 0
# compatibility_mode=5893 16776574 100 85 119863411 119863411 0 0
# scanned=220394
# found=2
# cleaned=0
# scan_time=9324
sh=5A9C0319F37CD9770F67986928109EE8CE1DDCDE ft=0 fh=0000000000000000 vn="HTML/Ransom.B trojan" ac=I fn="C:\ProgramData\qijsslxkrbtjtau\main.html"
sh=5A9C0319F37CD9770F67986928109EE8CE1DDCDE ft=0 fh=0000000000000000 vn="HTML/Ransom.B trojan" ac=I fn="C:\Users\All Users\qijsslxkrbtjtau\main.html"

so 4.

Code:
Results of screen317's Security Check version 0.99.62 
 Windows 7  x86 
 Out of date service pack!!
 Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Norton Internet Security Online 
Avira Desktop                   
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 CCleaner (remove only) 
 Java(TM) 6 Update 33 
 Java(TM) 6 Update 3 
 Java(TM) 6 Update 4 
 Java(TM) 6 Update 5 
 Java(TM) 6 Update 7 
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player        11.7.700.169 
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (for.)
````````Process Check: objlist.exe by Laurent```````` 
 Norton ccSvcHst.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

und 5. nochma otl^^

Code:
OTL logfile created on: 01.05.2013 18:20:42 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\user\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 41,96% Memory free
5,62 Gb Paging File | 4,32 Gb Available in Paging File | 76,90% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110,01 Gb Total Space | 16,04 Gb Free Space | 14,58% Space Free | Partition Type: NTFS
Drive D: | 27,32 Gb Total Space | 4,56 Gb Free Space | 16,69% Space Free | Partition Type: NTFS
 
Computer Name: JULIA | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.29 17:45:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.01.26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\user\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.11.14 21:23:44 | 000,312,168 | ---- | M] (Skillbrains) -- C:\Users\user\AppData\Local\Skillbrains\lightshot\3.4.0.50\LightShot.exe
PRC - [2012.08.08 20:59:19 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.08.22 09:21:19 | 000,117,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2006.12.29 12:11:00 | 004,317,184 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.02.27 14:20:46 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2010.02.27 14:20:45 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3693.42442__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010.02.27 14:20:45 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2010.02.27 14:20:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010.02.27 14:20:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010.02.27 14:20:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010.02.27 14:20:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010.02.27 14:20:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010.02.27 14:20:31 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010.02.27 14:20:31 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010.02.27 14:20:31 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2010.02.27 14:20:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010.02.27 14:20:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll
MOD - [2010.02.27 14:20:30 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010.02.27 14:20:30 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010.02.27 14:20:29 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010.02.27 14:20:29 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010.02.27 14:20:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010.02.27 14:20:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010.02.27 14:20:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010.02.27 14:20:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010.02.27 14:20:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010.02.27 14:20:28 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010.02.27 14:20:24 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3693.42545__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010.02.27 14:20:24 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2010.02.27 14:20:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010.02.27 14:20:23 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.42531__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010.02.27 14:20:23 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.42530__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010.02.27 14:20:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010.02.27 14:20:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010.02.27 14:20:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010.02.27 14:20:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010.02.27 14:20:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010.02.27 14:20:23 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2010.02.27 14:20:23 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2010.02.27 14:20:22 | 000,544,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3693.42525__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2010.02.27 14:20:22 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3693.42455__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010.02.27 14:20:22 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3693.42441__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010.02.27 14:20:22 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010.02.27 14:20:21 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3693.42440__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010.02.27 14:20:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010.02.27 14:20:20 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3693.42446__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010.02.27 14:20:20 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010.02.27 14:20:19 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3693.42440__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2010.02.27 14:20:19 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010.02.27 14:20:19 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3693.42531__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010.02.27 14:20:18 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3693.42438__90ba9c70f846762e\AEM.Server.dll
MOD - [2009.07.14 10:47:13 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.07.14 10:47:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 06:43:36 | 011,804,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll
MOD - [2009.07.14 06:43:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll
MOD - [2009.07.14 06:43:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
MOD - [2009.07.14 06:42:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MOD - [2009.07.14 06:42:55 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\003d2d74243cab7e412d36416bbf0a3d\Accessibility.ni.dll
MOD - [2009.07.14 06:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
MOD - [2009.07.14 06:42:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009.07.14 06:42:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.04.05 12:58:54 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.06 17:12:30 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.08.22 09:21:19 | 000,117,640 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.08.27 10:48:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100317.051\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100317.051\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\user\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.03 15:54:37 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\cchpx86.sys -- (ccHP)
DRV - [2009.10.29 00:37:22 | 000,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSvix86.sys -- (IDSVix86)
DRV - [2009.10.23 17:03:51 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009.09.11 13:34:50 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009.09.05 15:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.08.26 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009.08.22 09:21:19 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\SymEFA.sys -- (SymEFA)
DRV - [2009.08.22 09:21:19 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\NIS\1008000.029\srtsp.sys -- (SRTSP)
DRV - [2009.08.22 09:21:19 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009.08.22 09:21:19 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\symtdi.sys -- (SYMTDI)
DRV - [2009.08.22 09:21:19 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\symfw.sys -- (SYMFW)
DRV - [2009.08.22 09:21:19 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\symndisv.sys -- (SYMNDISV)
DRV - [2009.08.22 09:21:19 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\srtspx.sys -- (SRTSPX)
DRV - [2009.08.22 09:21:06 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.05.27 12:41:46 | 000,117,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic)
DRV - [2008.05.27 12:41:46 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.05.27 12:41:46 | 000,090,536 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus)
DRV - [2008.05.27 12:41:44 | 000,115,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt)
DRV - [2008.05.16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008.05.16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008.05.16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2007.12.10 15:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdm.sys -- (s3017mdm)
DRV - [2007.12.10 15:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdfl.sys -- (s3017mdfl)
DRV - [2007.03.09 07:29:00 | 000,070,144 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.02.02 16:09:42 | 002,385,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007.02.02 16:09:42 | 002,385,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2005.02.23 17:59:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2004.12.03 12:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02)
DRV - [2004.04.10 09:42:36 | 000,002,944 | ---- | M] (cansoft@livewiredev.com) [Kernel | System | Running] -- C:\Windows\System32\mbmiodrvr.sys -- (mbmiodrvr)
DRV - [2001.06.07 17:56:38 | 000,018,120 | ---- | M] (  ) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ArtecGT.sys -- (SampleScanner)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de
IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.de/search?q="
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.02.26 23:24:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.07.27 12:29:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010.03.22 15:28:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.30 10:19:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.26 00:17:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.30 10:19:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.26 00:17:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
 
[2010.02.26 23:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2013.05.01 14:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions
[2010.05.02 05:47:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.29 17:00:59 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.11.21 23:57:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.07.27 12:29:37 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012.10.14 19:20:43 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.07.27 12:29:37 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\moveplayer@movenetworks.com
[2013.05.01 14:26:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\staged
[2012.12.03 22:52:29 | 000,344,610 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013.05.01 14:25:47 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.05.01 14:25:59 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.03.27 10:19:56 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013.05.01 14:25:56 | 000,350,097 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\staged\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2007.11.23 13:11:15 | 000,000,953 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\businesscom.xml
[2013.04.30 15:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.12.06 17:12:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.12.06 17:12:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.12.06 17:12:31 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2008.06.30 23:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.13 18:31:08 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
 
O1 HOSTS File: ([2013.04.30 10:42:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (no name) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.
O3 - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1062125089-281619726-1483776901-1000..\Run: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1062125089-281619726-1483776901-1000..\Run: [LightShot] C:\Users\user\AppData\Local\Skillbrains\lightshot\LightShot.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Suche - res://D:\Software\eBayTb.dll/RCSearch.html File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E280577-2D7B-4ACF-B908-5027CF5B9124}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9783C717-B01F-4A76-9322-21990B52AC05}: DhcpNameServer = 192.168.179.20
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.01 15:33:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.04.30 18:36:24 | 002,347,384 | ---- | C] (ESET) -- C:\Users\user\Desktop\esetsmartinstaller_enu.exe
[2013.04.30 15:17:45 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2013.04.30 15:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.30 15:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.30 15:15:43 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.04.30 15:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.04.30 15:15:03 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\user\Desktop\mbam-setup-1.75.0.1300.exe
[2013.04.30 15:05:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.04.30 10:52:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.30 10:45:03 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.04.30 10:42:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\temp
[2013.04.30 10:29:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.30 10:29:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.30 10:29:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.30 10:28:55 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.04.30 10:28:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.30 10:28:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.30 10:27:22 | 005,061,928 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013.04.29 17:44:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.01 18:15:54 | 000,890,815 | ---- | M] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2013.05.01 17:12:45 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-sys.job
[2013.05.01 14:32:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-1062125089-281619726-1483776901-1000.job
[2013.05.01 11:41:51 | 000,704,038 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.01 11:41:51 | 000,665,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.01 11:41:51 | 000,149,914 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.01 11:41:51 | 000,126,172 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.01 11:34:49 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2013.05.01 11:33:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.01 11:33:37 | 1508,462,592 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.30 20:24:03 | 000,007,601 | ---- | M] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2013.04.30 18:37:02 | 002,347,384 | ---- | M] (ESET) -- C:\Users\user\Desktop\esetsmartinstaller_enu.exe
[2013.04.30 15:15:45 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.30 15:15:25 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\user\Desktop\mbam-setup-1.75.0.1300.exe
[2013.04.30 10:42:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.04.30 10:28:22 | 005,061,928 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013.04.30 10:18:44 | 000,628,743 | ---- | M] () -- C:\Users\user\Desktop\adwcleaner.exe
[2013.04.29 18:25:08 | 000,377,856 | ---- | M] () -- C:\Users\user\Desktop\gmer_2.1.19163.exe
[2013.04.29 18:17:02 | 000,000,498 | ---- | M] () -- C:\Users\user\AppData\Local\UserProducts.xml
[2013.04.29 17:45:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013.04.29 17:44:19 | 000,000,020 | ---- | M] () -- C:\Users\user\defogger_reenable
[2013.04.28 12:58:44 | 000,002,228 | ---- | M] () -- C:\Users\user\Documents\cc_20130428_125837.reg
[2013.04.27 00:48:46 | 000,005,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.27 00:48:45 | 000,005,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.08 18:43:56 | 000,005,318 | ---- | M] () -- C:\Users\user\AppData\Roaming\wklnhst.dat
[2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2013.05.01 18:15:40 | 000,890,815 | ---- | C] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2013.04.30 15:15:45 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.30 10:29:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.30 10:29:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.30 10:29:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.30 10:29:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.30 10:29:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.30 10:18:41 | 000,628,743 | ---- | C] () -- C:\Users\user\Desktop\adwcleaner.exe
[2013.04.29 18:25:06 | 000,377,856 | ---- | C] () -- C:\Users\user\Desktop\gmer_2.1.19163.exe
[2013.04.29 17:43:32 | 000,000,020 | ---- | C] () -- C:\Users\user\defogger_reenable
[2013.04.28 12:58:41 | 000,002,228 | ---- | C] () -- C:\Users\user\Documents\cc_20130428_125837.reg
[2013.01.20 15:42:28 | 000,000,498 | ---- | C] () -- C:\Users\user\AppData\Local\UserProducts.xml
[2012.12.08 22:18:34 | 000,000,016 | ---- | C] () -- C:\Users\user\AppData\Roaming\blckdom.res
[2012.10.26 00:37:04 | 000,009,728 | ---- | C] () -- C:\Users\user\model.wps
[2012.10.23 00:10:22 | 000,128,429 | ---- | C] () -- C:\Users\user\pinsel-atmosphere(19).jpg
[2012.10.23 00:06:45 | 004,388,731 | ---- | C] () -- C:\Users\user\clockwork_thoughts__unpainted__by_ariscene.jpg
[2012.10.22 23:44:58 | 000,106,347 | ---- | C] () -- C:\Users\user\a80395c-large.png
[2012.09.27 23:26:50 | 000,896,773 | ---- | C] () -- C:\Users\user\mmmm.jpg
[2012.09.27 23:16:12 | 000,896,991 | ---- | C] () -- C:\Users\user\Unbenannt-3 Kopie.jpg
[2012.09.27 23:15:49 | 006,926,780 | ---- | C] () -- C:\Users\user\Unbenannt-3.psd
[2012.09.18 15:45:33 | 000,093,949 | ---- | C] () -- C:\Users\user\Unbenannt-1.gif
[2012.09.18 01:37:21 | 001,164,828 | ---- | C] () -- C:\Users\user\Unbenannt-1.psd
[2012.09.13 20:13:22 | 000,544,232 | ---- | C] () -- C:\Users\user\war2g.gif
[2012.09.13 20:01:39 | 009,963,316 | ---- | C] () -- C:\Users\user\Unbenannt-2.psd
[2012.09.13 19:50:59 | 000,521,549 | ---- | C] () -- C:\Users\user\War2.gif
[2012.07.30 03:23:42 | 000,051,200 | ---- | C] () -- C:\Users\user\take2.wps
[2012.07.29 01:48:22 | 000,600,064 | ---- | C] () -- C:\Users\user\take.wps
[2012.07.15 22:30:51 | 000,053,736 | ---- | C] () -- C:\Users\user\407780_352510738106384_524306434_n.jpg
[2012.03.10 15:34:48 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012.03.04 18:09:53 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2012.02.26 19:19:55 | 000,000,565 | ---- | C] () -- C:\Users\user\.foobillardrc
[2011.11.13 18:37:01 | 000,007,601 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2011.06.30 13:30:47 | 000,000,867 | ---- | C] () -- C:\Windows\ScnPanel.ini
[2011.06.30 13:19:37 | 000,200,704 | ---- | C] () -- C:\Windows\Ausba3.dll
[2011.06.30 13:19:37 | 000,024,576 | ---- | C] () -- C:\Windows\System32\Arsetup.dll
[2011.06.30 13:19:37 | 000,018,120 | ---- | C] (  ) -- C:\Windows\System32\drivers\ArtecGT.sys
[2011.06.30 13:19:37 | 000,011,464 | ---- | C] () -- C:\Windows\Dusb3ar.ini
[2011.06.30 13:19:37 | 000,002,638 | ---- | C] () -- C:\Windows\Ausba3.INI
[2011.06.30 13:19:37 | 000,000,282 | ---- | C] () -- C:\Windows\System32\Arsetup.ini
[2011.06.30 13:18:08 | 000,001,704 | ---- | C] () -- C:\Windows\ePlus.ini
[2010.02.27 00:37:29 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007.11.27 15:35:38 | 000,005,318 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat
[2007.11.23 16:49:34 | 000,038,426 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft Access 97-2003.ADR
[2007.11.17 23:12:07 | 000,027,043 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.02.18 09:34:01 | 012,867,072 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.02.26 23:51:46 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Azureus
[2010.02.26 23:51:46 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\BitTorrent
[2010.02.26 23:51:46 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\DAEMON Tools Lite
[2010.04.13 00:12:16 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\DNA
[2010.02.26 23:51:47 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\GetRightToGo
[2010.02.26 23:52:06 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\ICQ
[2010.02.26 23:52:49 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Nokia
[2010.02.26 23:52:49 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\PC Suite
[2010.02.26 23:52:49 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Smith Micro
[2010.02.26 23:52:52 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Thunderbird
[2010.02.26 23:55:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Avery
[2010.05.16 23:38:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Azureus
[2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Buhl Data Service
[2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Buhl Data Service GmbH
[2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Cornelsen
[2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Lite
[2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DataDesign
[2010.02.26 23:55:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\digital publishing
[2013.01.28 16:24:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoft
[2012.08.06 01:36:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.02.26 23:55:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\gtk-2.0
[2010.06.14 20:44:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ICQ
[2010.02.26 23:56:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech
[2010.02.26 23:56:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MAGIX
[2010.06.06 16:28:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\McLoad
[2012.02.26 17:19:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\md studio
[2010.02.26 23:56:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nokia
[2010.02.26 23:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PC Suite
[2012.02.25 17:36:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Peace Craft
[2012.02.26 00:08:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PoBros
[2010.02.26 23:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\RVS
[2011.07.18 18:45:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Smith Micro
[2010.02.26 23:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sony
[2010.02.26 23:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Steganos AntiSpam 2007
[2010.03.09 18:48:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer
[2010.02.26 23:56:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template
[2010.02.26 23:56:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Thunderbird
[2010.05.08 23:30:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ubisoft
[2012.08.06 01:37:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Uniblue
[2010.05.11 20:11:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\XRay Engine
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:03271074

< End of report >
Also ich weiß ja nicht was jetzt alles gemacht wurde aber CPU ist "nur" noch zwischen 50 - 80% *tumbs up*

aharonov 01.05.2013 19:57
Hi,

du hast sehr viele veraltete Software installiert (unter anderem mehrere Javas..). Das ist gefährlich - die müssen alle weg. Und es fehlt ein Service Pack..


Schritt 1

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste, kopiere folgenden Text in das Ausführen Fenster
Code:
msiexec.exe /x {63A6E9A9-A190-46D4-9430-2DB28654AFD8}
und drücke OK. Bestätige die Deinstallation.



Schritt 2
  • Gehe bitte zu Start --> Alle Programme --> Windows Update.
  • Klicke dann links auf Nach Updates suchen und warte, bis die Suche beendet ist.
  • Drücke dann auf Updates installieren.
  • Starte nach Beendigung der Installation den Rechner neu auf.
  • Wiederhole diese Schritte, bis keine neuen Updates mehr verfügbar sind.



Schritt 3

Downloade und installiere den Internet Explorer 10.
Der Internet Explorer sollte auch dann aktuell gehalten werden, wenn er nicht zum Surfen verwendet wird.



Schritt 4

Dein Flashplayer im Internet Explorer ist veraltet. Installiere folgendermassen die aktuelle Version:
  • Besuche mit dem Internet Explorer diese Seite von Adobe.
  • Entferne gegebenenfalls den Haken bei McAfee Security Scan bzw. Google Chrome.
  • Drücke auf Jetzt herunterladen und installiere die neuste Version.



Schritt 5

Dein Firefox ist nicht mehr aktuell.
Starte deinen Firefox als Administrator, klicke Hilfe --> Über Firefox und führe das angebotene Update durch.
Wiederhole diesen Schritt, bis Firefox als aktuell angezeigt wird.



Schritt 6

Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:
  • Deinstalliere bitte deine aktuelle Version von Adobe Reader über
    Start --> Systemsteuerung --> Software (bei Windows XP)
    Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Windows 7)
  • Besuche diese Seite von Adobe.
  • Entferne gegebenenfalls den Haken bei McAfee Security Scan bzw. Google Chrome.
  • Drücke auf Jetzt herunterladen und installiere die neuste Version.

Überprüfe dann mit diesem Plugin-Check, ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls.



Schritt 7

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:files
C:\ProgramData\qijsslxkrbtjtau
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread



Schritt 8
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von SecurityCheck

TheDragon80 01.05.2013 22:16
Also schritt 1 will net funzen...

Also erst geht alles gut aber wenn er dann die deinstallation anfangen will kommt ein Fenster dem steht: " This MSI must be launched through setup"

aharonov 01.05.2013 22:23
Ok, dann überspring diesen Schritt und mach weiter.

aharonov 06.05.2013 13:17
Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.

TheDragon80 07.05.2013 07:27
hey entschuldige das ich nicht geschrieben habe
war die letzten tage kaum vorm PC aber ein paar schritte hab ich schon erledigt.

aharonov 07.05.2013 11:11
Ok, danke für die Mitteilung.

aharonov 30.05.2013 20:10
Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

aharonov 02.06.2013 15:14
Fehlende Rückmeldung
Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten.
Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:27 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131