Windows Sicherheitscenter lässt sich nicht starten / GVU-Trojaner (unter anderem (?) )

e11even · 29.03.2013, 17:04

Hallo,

ich bitte um Hilfe, da ich mir Schadsoftware eingefangen habe. Kein AV war installiert gewesen. Danke im Voraus. Werde ans Forum spenden, und werde am Thread dranbleiben und nicht mittendrin abhauen, wie manche hier. :-)

Ich habe in Eigenregie bereits herumgebastelt (evtl. ein Fehler. Sorry).

Es existieren Macrium Images von 3 Tage vor und 3 Tage nach dem GVU-Trojaner-Befall. Ggf. war der PC aber auch schon davor kompromittiert durch anderes.

System: Win 7 Prof 32bit OEM.

1. Mit Kaspersky Rescue CD PC entsperrt, d.h. u.A. die unter hxxp://forum.tuts4you.com/topic/31087-reversing-malware-questions/ genannten Modifikationen rückgängig gemacht:
- runctf.lnk gelöscht
- Registrierungsschlüssel korrigiert bzgl. der modifizierten IE Sicherheitszonen.
bzw die internet sicherheits optionen (erweitert + zonen) alle auf maximal sicher gestellt (nutze nun eh neueste opera version, bitte alte browser ignorieren).
- o.g. reversing thread deckt aber offensichtlich nicht alle probleme ab (sicherheitscenter)
- hinweis zur symptomatik: der gvu-screen mit webcam (deren hardwaretreiber bei mir deaktiviert war, wobei es wohl aber eh nur der Einschüchterung dient)

2. Mit Kaspersky Internet Security 2013 gescannt (mittlere heuristikstufe, alle dateien und partitionen)

HEUR:Trojan.Win32.Generic
HEUR:Exploit.Java.CVE-2012-1723.gen
Exploit.Java.CVE-2012-1723.hz
Trojan-Downloader.JS.DarDuk.lb
Exploit.Win32.CVE-2011-3402.b
HEUR:Trojan.Win32.Generic <- fehlalarm, war legitimes programm
Trojan.Win32.Agent.hwml
Trojan-Ransom.Win32.Foreign.atza
Trojan-PSW.Win32.Tepfer.hhvu (ich weiß, daten/passwort-diebstahl; weiß nicht, ob das separat ist oder ein teil des gvu-trojaners)

Die entsprechenden Dateien existieren alle in der Quarantäne und ich kann sie euch ggf. zusenden. Ich kann auch die ggf. exakteren bezeichnungen bei virustotal rausfinden.

E-Mail- und Finanz-Passwörter habe ich geändert und ich verwende zur eingabe von Passwörtern derzeit die Maus-On-Screen-Eingabetastatur von Kaspersky.

**HAUPTPROBLEM**: das Sicherheitscenter lässt sich nicht aktivieren. Ich habe herumgesucht aber keine klare lösung gefunden für diesen Fall. Ich möchte das System trotz des Restrisikos nach einer Bereinigung weiterverwenden und bitte um Hilfe bei der Reaktivierung der (vermutlich via Registry?) zerschossenen Dienste (?).

Der Dienst steht auf "automatisch", ist aber nicht gestartet.
-> Wenn man Start klickt: "Der Dienst "sicherheitscenter" auf lokaler computer konnte nicht gestartet werden. fehler 1068: der Abhängigkeitsdienst oder die abhängigkeitsgruppe konnte nicht gestartet werden. bei "abhängigkeiten" erscheinen aber keine einträge..!

auch z.B. bei "verwaltungsinstrumentation" (vermutlich ist das die hauptursache?):

(...konnte nicht gestartet werden...) fehler 126: das angegebene modul wurde nicht gefunden.

ich habe über den cmd eine integritätsprüfung der windowsinstallation durchgeführt (erinnere mich nicht mehr an den befehl). dieser schloss erfolgreich ab. ich weiß nicht, ob das hier weiterhilft:
- hxxp://support.microsoft.com/kb/2519899/de
- hxxp://www.techsupportforum.com/forums/f217/solved-cant-start-security-center-error-1068-a-681588.html
- Oder ob das gvu-trojaner-entfern-tool von bitlocker das problem behebt. kaspersky BEMERKT ja noch nicht mal, dass das sicherheitscenter deaktiviert ist, geschweige denn wird es repariert.

generell scheinen die konfiguration der services auf dem system überprüft werden zu müssen.

komischerweise erscheint die windows firewall als gestartet. und das, obwohl ja das sicherheitscenter nicht funktioniert. vielleicht führt das fehlende sicherheitscenter dazu, dass nicht erkannt wird, dass auch die kasperspy firewall läuft.

tdsskiller.exe, aswMBR.exe, und Malwarebytes habe ich auch schon drüberlaufen lassen und es wurde jetzt nichts mehr gefunden.
ausführliche logs muss ich erst noch sichten vorm posten. bitte auffordern, was gewünscht.

ich habe auch mal das wmi diagnosis utility installiert, kann aber nix anfangen (weil vbs):
hxxp://www.tomshardware.co.uk/forum/252102-44-security-center-service-working

----------------------------

1. defogger

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:41 on 28/03/2013 (<username>)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-

2. oldtimer: http://www.trojaner-board.de/85104-o...-oldtimer.html

da ein fehler in eurer anleitung ist (http://www.trojaner-board.de/69886-a...-beachten.html), und extras.txt nicht erstellt wird, habe ich noch einen durchlauf nicht mit quick scan, sondern mit scan gemacht:

- scan (nicht quick)
- benutze safelist (6x)
- minimal-ausgabe
- alle benutzer
- 30 tage
- nein: herstellerwhitelist, nein: überspringe microsoft, ja: use nocompany whitelist
- LOP ja, purity ja.

((ärgerlich: abbrechen lässt sich ein (fehlkonfigurierter) otl-scan nur durch killen des otl prozesses. und: ausgegebene otl.txt-files überschreiben vorhergehende, statt sich neu zu benennen. so gehen dem usre ggf. editierte texte verloren.))

3. gmer

heute GMER mit der von trojanerboard empfohlen konfiguration durchgeführt:

ohne haken: iat/eat
drives: haken nur bei c:\
ads: haken
show all: kein haken
3rd party: kein haken

ergebnis (ACHTUNG: alle logs wurden von mir geringfügig editiert (username, löschung einiger definitiv sicherer einträge (pfade von von mir installierten (einwandfreien) programmen, die nicht jeder wissen muss):

Code:

ATTFilter

GMER Logfile:

	Code: 

 ATTFilter

  
	GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-28 20:14:23
Windows 6.1.7600  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_MMDPE56GFDXP-MVB rev.VBM25S1Q 238,47GB
Running: gmer_2.1.19155.exe; Driver: c:\_me\system\temp\uxldipow.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwAdjustPrivilegesToken [0x8A36D208]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwAlpcConnectPort [0x8A320FB8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwAlpcCreatePort [0x8A321300]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwAlpcSendWaitReceivePort [0x8A321746]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwClose [0x8A30991E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwConnectPort [0x8A320C92]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwCreateEvent [0x8A309E96]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwCreateMutant [0x8A309D7C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwCreatePort [0x8A321164]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwCreateSection [0x8A370072]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwCreateSemaphore [0x8A309FB6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwCreateThread [0x8A36F50A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwCreateThreadEx [0x8A36F74A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwCreateUserProcess [0x8A36F1AE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwCreateWaitablePort [0x8A321232]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwDebugActiveProcess [0x8A36F054]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwDeviceIoControlFile [0x8A309962]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwDuplicateObject [0x8A36D34A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwLoadDriver [0x8A36CFB2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwMapViewOfSection [0x8A36FE6C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwNotifyChangeKey [0x8A31F422]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwOpenEvent [0x8A309F2C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwOpenMutant [0x8A309E0C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwOpenProcess [0x8A36EBFC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwOpenSection [0x8A37031E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwOpenSemaphore [0x8A30A04C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwOpenThread [0x8A36F266]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwQueryDirectoryObject [0x8A30A0D6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwQueryObject [0x8A31F630]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwQueueApcThread [0x8A36FD20]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwReplyPort [0x8A32152A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwReplyWaitReceivePort [0x8A3213B8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwReplyWaitReceivePortEx [0x8A32146E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwRequestWaitReplyPort [0x8A32159A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwResumeThread [0x8A36FA4C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwSecureConnectPort [0x8A320E20]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwSetContextThread [0x8A36FBA8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwSetInformationToken [0x8A30A178]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwSetSystemInformation [0x8A36D0BC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwSuspendProcess [0x8A36ED9C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwSuspendThread [0x8A36F8F4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwSystemDebugControl [0x8A30A18A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwTerminateProcess [0x8A36EEFC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwTerminateThread [0x8A36F406]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwUnmapViewOfSection [0x8A370486]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                                                                                                   ZwWriteVirtualMemory [0x8A3701B0]

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackTransaction + 13E9                                                                                                                                                                               8308A8D9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                                                                                                  830AF312 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!RtlSidHashLookup + 250                                                                                                                                                                                     830B6B10 4 Bytes  [08, D2, 36, 8A]
.text           ntkrnlpa.exe!RtlSidHashLookup + 278                                                                                                                                                                                     830B6B38 8 Bytes  [B8, 0F, 32, 8A, 00, 13, 32, ...]
.text           ntkrnlpa.exe!RtlSidHashLookup + 2BC                                                                                                                                                                                     830B6B7C 4 Bytes  [46, 17, 32, 8A]
.text           ntkrnlpa.exe!RtlSidHashLookup + 2E8                                                                                                                                                                                     830B6BA8 4 Bytes  [1E, 99, 30, 8A]
.text           ntkrnlpa.exe!RtlSidHashLookup + 30C                                                                                                                                                                                     830B6BCC 4 Bytes  [92, 0C, 32, 8A]
.text           ...                                                                                                                                                                                                                     
.text           c:\Program Files\CyberLink\PowerDVD9\000.fcl                                                                                                                                                                            section is writeable [0x8FDC5000, 0x2892, 0xE8000020]
.vmp2           c:\Program Files\CyberLink\PowerDVD9\000.fcl                                                                                                                                                                            entry point in ".vmp2" section [0x8FDE8050]

---- User code sections - GMER 2.1 ----

.text           C:\Windows\Explorer.EXE[1812] Explorer.EXE                                                                                                                                                                              00EC25BC 4 Bytes  [06, 7F, 03, 6C] {PUSH ES; JG 0x6; INS BYTE [ES:EDI], DX}
.text           C:\Windows\Explorer.EXE[1812] Explorer.EXE                                                                                                                                                                              00EC2828 4 Bytes  [2E, 7F, 03, 6C] {JG 0x6 ;NOT TAKEN; INS BYTE [ES:EDI], DX}
.text           C:\Windows\Explorer.EXE[1812] Explorer.EXE                                                                                                                                                                              00EC2848 4 Bytes  [56, 7F, 03, 6C] {PUSH ESI; JG 0x6; INS BYTE [ES:EDI], DX}
.text           C:\Windows\Explorer.EXE[1812] Explorer.EXE                                                                                                                                                                              00EC2850 4 Bytes  [1A, 7F, 03, 6C] {SBB BH, [EDI+0x3]; INS BYTE [ES:EDI], DX}
.text           C:\Windows\Explorer.EXE[1812] Explorer.EXE                                                                                                                                                                              00EC2870 8 Bytes  [42, 7F, 03, 6C, 6A, 7F, 03, ...]
.text           ...                                                                                                                                                                                                                     
?               c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[2044] C:\Windows\SYSTEM32\ntdll.dll                                                                                                             time/date stamp mismatch; 
.text           c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[2044] ntdll.dll!NtProtectVirtualMemory                                                                                                          76E65000 5 Bytes  JMP 6D791A54 c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ushata.dll
?               c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[2044] C:\Windows\system32\kernel32.dll                                                                                                          time/date stamp mismatch; unknown module: KERNELBASE.dll
.text           c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[2044] user32.dll!NotifyWinEvent + 48B                                                                                                           76F9F724 4 Bytes  [53, 2A, 79, 6D] {PUSH EBX; SUB BH, [ECX+0x6d]}
?               C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[3952] C:\Windows\SYSTEM32\ntdll.dll                                                                                                             time/date stamp mismatch; 
.text           C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[3952] ntdll.dll!NtProtectVirtualMemory                                                                                                          76E65000 5 Bytes  JMP 6D791A54 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ushata.dll
?               C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[3952] C:\Windows\system32\kernel32.dll                                                                                                          time/date stamp mismatch; unknown module: KERNELBASE.dll
.text           C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[3952] user32.dll!NotifyWinEvent + 48B                                                                                                           76F9F724 4 Bytes  [53, 2A, 79, 6D] {PUSH EBX; SUB BH, [ECX+0x6d]}

---- Devices - GMER 2.1 ----

Device                                                                                                                                                                                                                                  Ntfs.sys

AttachedDevice                                                                                                                                                                                                                          tdrpm273.sys
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                                                                                                 wtfilter.sys
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                                                                                                 kltdi.sys

Device                                                                                                                                                                                                                                  volmgr.sys

AttachedDevice                                                                                                                                                                                                                          fltmgr.sys

Device                                                                                                                                                                                                                                  USBSTOR.SYS

AttachedDevice  \Driver\tdx \Device\Udp                                                                                                                                                                                                 wtfilter.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                                                                                                                 kltdi.sys
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                                                                                                                               kltdi.sys

Device                                                                                                                                                                                                                                  exfat.SYS

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys@                                                                                                                                                    Driver
Reg             HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys@                                                                                                                                                    Driver
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00214ffaf46c                                                                                                                                             
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60380e0521cf                                                                                                                                             
Reg             HKLM\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\Wdf01000.sys@                                                                                                                                                        Driver
Reg             HKLM\SYSTEM\ControlSet002\Control\SafeBoot\Network\Wdf01000.sys@                                                                                                                                                        Driver
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00214ffaf46c (not active ControlSet)                                                                                                                         
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60380e0521cf (not active ControlSet)                                                                                                                         
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents@                                                                                                                                                  
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL                                                                                                                                             
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@                                                                                                                                            
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed                                                                                                                                   1
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI                                                                                                                                              
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@                                                                                                                                             
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed                                                                                                                                    1
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange                                                                                                                                     1
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS                                                                                                                                              
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@                                                                                                                                             
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed                                                                                                                                    1
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                                                                                                                                                   
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODI05.00.00.01PRO                                                                                                                                                10BC98BEC9E582B33C7973801089E8D383C9333C2CE9B9E918BA51B177C068A83A730628385168124F8F3E241B03C5B1B089D51F70998BDD6436ADDA45757F9191CE0C3EC8652AD44F8948C47C8DAC2DC6C74FFA3BD0EB2992CDF40F0F5E08F60A0CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E667FEBC9E127BECC74CBA7FD869164D679496DA437156A61082A0A9EA3965F52A1737D34D747342334437C31D39CA97C10D1C602B86826F31864E96C2CBF2CB5919407C43F880D89CDA677B2123B5A7C40474949FB52772ADDB68A86A32B3F244CC735C7A0902C8D37CA6014A77E0729BF37299D5F9F1CF455C78E37652193C9ACA2E7882934B349295477BC3CD298930C67ED738B6DE2B2F8B1D8F2E74E57E7CCC621AA06B0840883B3354EF203A035E0615F8E62FC12B928D85B80D47B38F81AE174F4BC534975823E2B9644F96F974E4466D338AC17C8DAAF7AEC15CEBCCB37566E7B13D1F671AA8E61DEA9E148E38B3366723D6D94E30CE4E063127CF970FC37E7933D16EE0D74A62B580B45BE0616D9E5EF183D7D4010DF4967283F2D38866215D63631B3A91AA8BFDD71D6C1A1C2CC98E8EE45E477899EC7DCF2C3DEB044A25B08CBAF12CB991303355C717E108AF19751BB3E461824D4D9ACA45EA4
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acronis\Acronis\xa0True\xa0Image\xa0Home\Acronis One-Click Backup.lnk  1
Reg             HKCU\Software\Microsoft\Windows Live Mail@SqmSrvSuccessCount POP3                                                                                                                                                       2601

---- Files - GMER 2.1 ----

File            C:\wmidiag                                                                                                                                                                                                              0 bytes
File            C:\wmidiag\WMIDiag.doc                                                                                                                                                                                                  777293 bytes
File            C:\wmidiag\WMIDiag.vbs                                                                                                                                                                                                  4576330 bytes
File            C:\wmidiag\WMIDiag.xls                                                                                                                                                                                                  551424 bytes
<<<<<<<<<--------witzig, dass das gerade heruntergelade wmi diagnose tool von MS hier auftaucht
---- EOF - GMER 2.1 ----
         
 --- --- ---

OTL log:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 28.03.2013 16:36:53 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = ...
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,43 Gb Available Physical Memory | 21,76% Memory free
3,98 Gb Paging File | 1,70 Gb Available in Paging File | 42,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 190,43 Gb Total Space | 144,11 Gb Free Space | 75,68% Space Free | Partition Type: NTFS
Drive D: | 30,01 Gb Total Space | 15,92 Gb Free Space | 53,05% Space Free | Partition Type: exFAT
Drive E: | 119,05 Gb Total Space | 81,49 Gb Free Space | 68,45% Space Free | Partition Type: exFAT
Drive S: | 100,00 Mb Total Space | 67,05 Mb Free Space | 67,05% Space Free | Partition Type: NTFS
Drive Z: | 41,16 Gb Total Space | 18,96 Gb Free Space | 46,06% Space Free | Partition Type: NTFS
 
Computer Name: alöksdjflajfd | User Name: alkdjflasfdd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
###################  unspezifierte prozesse gehören i.d.r. zu den legitimen parental control 
###################  programmen "child weg guardian" und "computertime" 

PRC - C:\Program Files\Macrium\Reflect\ReflectService.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wtwatch.exe () 
PRC - C:\Windows\System32\wstw.exe ()
PRC - C:\Windows\System32\fltw.exe ()
PRC - C:\Program Files\ChildWebGuardian PRO\CwAgent.exe ()
PRC - C:\Program Files\ChildWebGuardian PRO\ContentWasher.exe (Zimin IP)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\wmi32.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\SoftwareTime\ComputerTime\bin\ctmn32.exe (SoftwareTime, LLC)
PRC - C:\Program Files\SoftwareTime\ComputerTime\bin\stka32.exe (SoftwareTime, LLC)
PRC - C:\Program Files\SoftwareTime\ComputerTime\bin\STProxy.exe (SoftwareTime, LLC)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SoftwareTime\ComputerTime\bin\fbserver.exe (Firebird Project)
PRC - C:\Program Files\GPSoftware\Directory Opus\dopus.exe (GP Software)
PRC - C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXe (CANON INC.)
PRC - C:\Program Files\Apoint2K\HidFind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
PRC - C:\Program Files\OneClickInternet\WTGService.exe ()
PRC - C:\Program Files\QUALCOMM\QDLService2k\QDLService2kSony.exe (QUALCOMM, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\mmc.exe (Microsoft Corporation)
PRC - C:\Windows\System32\mblctr.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)

 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Java\jre7\bin\jp2native.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a97f4e39d47dc3d5098150a8b14a9662\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\9e64c6dea847aec2685eec4da29ea9b0\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a00aab40bdf5aed84b4d4294965cf20d\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\ee4683cbfd60ee35d95e2e6d32fc3981\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\2d8c2161957e5003fd15a7c0acb97928\System.IdentityModel.Selectors.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\bc5e4099db0d68c2d4da4749e4b8d127\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\428143857fa1c250d50ec55132dd8a2f\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\fbe1fc6847e7ddff51482f2b779c168f\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\5f9559fafc4b40e11e429d67152746be\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\612bad9f3a4f378c9c09cbb7460e3a93\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll ()
MOD - C:\Program Files\ChildWebGuardian PRO\CwAgent.exe ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()
MOD - C:\Program Files\Opera\gstreamer\gstreamer.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gsttypefindfunctions.dll ()
MOD - C:\Windows\System32\tw_libeay32.dll ()
MOD - C:\Windows\System32\tw_libssl32.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SPMCommon\4.0.0.4200__e3c7096ba83f9295\SPMCommon.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SPMDam\4.0.0.4200__1b3c579b6925895f\SPMDam.dll ()
MOD - C:\Windows\System32\pcrelib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.DEU ()

 
========== Services (SafeList) ==========
 
SRV - (Winmgmt) -- c:\_me\system\temp\2pszi2ki80.dll File not found  <- das war ein virus
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe File not found   (hat cpu probleme verursacht)
SRV - (ReflectService.exe) -- C:\Program Files\Macrium\Reflect\ReflectService.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (watchtw) -- C:\Windows\System32\wtwatch.exe () 
SRV - (WebServTw) -- C:\Windows\System32\wstw.exe ()
SRV - (wtflserv) -- C:\Windows\System32\fltw.exe ()
SRV - (AVP) -- c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (TeamViewer7) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (VUAgent) -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (NSL) -- C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe (Symantec Corporation)
SRV - (STProxy) -- C:\Program Files\SoftwareTime\ComputerTime\bin\STProxy.exe (SoftwareTime, LLC)
SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (ComputerTimeServer) -- C:\Program Files\SoftwareTime\ComputerTime\bin\fbserver.exe (Firebird Project)
SRV - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (WTGService) -- C:\Program Files\OneClickInternet\WTGService.exe ()
SRV - (QDLService2kSony) -- C:\Program Files\QUALCOMM\QDLService2k\QDLService2kSony.exe (QUALCOMM, Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (uxldipow) -- c:\_me\system\temp\uxldipow.sys File not found  <- ?
DRV - (NLNdisPT) -- system32\DRIVERS\nlndis.sys File not found <- überbleibsel von parental control, offenbar
DRV - (NLNdisMP) -- system32\DRIVERS\nlndis.sys File not found
DRV - (MpKsl81823dad) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D0AD13EE-C89E-4863-B5A4-80CB82F4D01C}\MpKsl81823dad.sys File not found
DRV - (cpuz130) -- c:\_me\system\temp\cpuz130\cpuz_x32.sys File not found <- ?
DRV - (PSVolAcc) -- C:\Windows\System32\drivers\PSVolAcc.sys (Paramount Software UK Ltd)
DRV - (pssnap) -- C:\Windows\System32\drivers\pssnap.sys (Macrium Software)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (kltdi) -- C:\Windows\System32\drivers\kltdi.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (klkbdflt) -- C:\Windows\System32\drivers\klkbdflt.sys (Kaspersky Lab)
DRV - (wtfilter) -- C:\Windows\System32\drivers\wtfilter.sys (NetFilterSDK.com)
DRV - (PSMounterEx) -- C:\Windows\System32\drivers\psmounterex.sys ()
DRV - (kneps) -- C:\Windows\System32\drivers\kneps.sys (Kaspersky Lab)
DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon)
DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider)
DRV - (hotcore3) -- C:\Windows\System32\drivers\hotcore3.sys (Paragon Software Group)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (PSMounter) -- C:\Windows\System32\drivers\psmounter.sys (Macrium Software)
DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys () <- wohl minitool?
DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys ()
DRV - (ccSet_NST) -- C:\Windows\System32\drivers\NST\0200000.010\ccSetx86.sys (Symantec Corporation)
DRV - (nhcDriverDevice) -- C:\Windows\System32\drivers\nhcDriver.sys (Notebook Hardware Control)
DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman273) -- C:\Windows\System32\drivers\tdrpm273.sys (Acronis)
DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (rspUndeluxe) -- C:\Windows\System32\drivers\rspUnd32.sys (Resplendence Software Projects Sp.)
DRV - (FARMNTIO) -- C:\Windows\System32\drivers\FarMntIo.sys ()
DRV - (ivusb) -- C:\Windows\System32\drivers\ivusb.sys (Initio Corporation)
DRV - (phylock) -- C:\Windows\System32\drivers\phylock.sys (TeraByte, Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- c:\Program Files\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.)
DRV - (qcusbnetsny2k) -- C:\Windows\System32\drivers\qcusbnetsny2k.sys (QUALCOMM Incorporated)
DRV - (qcusbsersny2k) -- C:\Windows\System32\drivers\qcusbserSny2k.sys (QUALCOMM Incorporated)
DRV - (qcfilterSny2k) -- C:\Windows\System32\drivers\qcfilterSny2k.sys (QUALCOMM Incorporated)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (SPI) -- C:\Windows\System32\drivers\SonyPI.sys (Sony Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (giveio) -- C:\Windows\System32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://home.live.com
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.searchcompletion.com/?si=10211&home=1
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.searchcompletion.com/?si=10211&home=1
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.searchcompletion.com/?si=10211&home=1
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.searchcompletion.com/?si=10211&home=1
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://search.searchcompletion.com/?si=10211&home=1
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://search.searchcompletion.com/?si=10211&home=1
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\..\SearchScopes\{02D08EFA-C55A-4D57-95CB-6408A701ECE8}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AVB3DF&pc=AVBR
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={F9DF2862-BD70-4B34-BBCB-AA2D9D1CB299}&mid=9e3f806d935f47d0b910d154fc5ae2de-73174264ed9c2878b3f27495b9aba94c1325d8cb&lang=en&ds=AVG&pr=fr&d=2012-05-13 23:41:05&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=SWL&chn=&geo=DE&ver=2
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\..\SearchScopes\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}: "URL" = hxxp://www.ask.com/web?o=15710&l=dis&q={searchTerms}
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\..\SearchScopes\{CBC39FF2-842D-45F7-B212-6ED603EBE510}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=QBLH&filt=all
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Complitly"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Complitly"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: stealthyextension@gmail.com:2.5
FF - prefs.js..keyword.URL: "hxxp://search.searchcompletion.com/?bs=1&si=10211&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\LSNPAPI: C:\Program Files\nplightshot\3.2.0.0\npLightshot.dll (Skillbrains)
FF - HKCU\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\OpenOffice.org 3\program [2010.02.19 22:36:35 | 000,000,000 | ---D | M]
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\users\alkdjflasfdd\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\users\alkdjflasfdd\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.26\coFFFw\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4F3D26C8-9907-48ff-BC74-B8C572D317BF}: C:\Program Files\AusweisApp\mozilla\AusweisApp_FFxx_Win [2011.09.14 16:49:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST\ [2013.03.28 01:41:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.11.21 16:48:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.03.19 22:27:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.03.19 22:27:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.03.19 22:27:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.03.19 22:27:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.03.19 22:27:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.18 14:51:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.21 16:48:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b2\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 2\components [2012.09.08 23:44:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b2\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 2\plugins [2012.11.21 16:48:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: Z:\Program Files\Mozilla Firefox 5\components [2012.09.08 23:44:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: Z:\Program Files\Mozilla Firefox 5\plugins [2012.11.21 16:48:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.25 14:35:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2012.02.01 23:43:43 | 000,000,000 | ---D | M]
 
[2010.12.22 11:27:52 | 000,000,000 | ---D | M] (No name found) -- C:\users\alkdjflasfdd\AppData\Roaming\mozilla\Extensions
[2010.11.28 10:38:52 | 000,000,000 | ---D | M] (No name found) -- C:\users\alkdjflasfdd\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.01.07 14:51:46 | 000,000,000 | ---D | M] (No name found) -- C:\users\alkdjflasfdd\AppData\Roaming\mozilla\Firefox\extensions
[2010.01.07 14:51:46 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\users\alkdjflasfdd\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2013.02.24 16:19:08 | 000,000,000 | ---D | M] (No name found) -- C:\users\alkdjflasfdd\AppData\Roaming\mozilla\Firefox\Profiles\txesgi80.default\extensions
[2011.05.06 16:02:04 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\users\alkdjflasfdd\AppData\Roaming\mozilla\Firefox\Profiles\txesgi80.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2013.02.24 16:19:07 | 000,185,839 | ---- | M] () (No name found) -- C:\users\alkdjflasfdd\AppData\Roaming\mozilla\firefox\profiles\txesgi80.default\extensions\stealthyextension@gmail.com.xpi
[2011.08.04 00:24:31 | 000,002,449 | ---- | M] () -- C:\users\alkdjflasfdd\AppData\Roaming\mozilla\firefox\profiles\txesgi80.default\searchplugins\safesearch.xml
[2013.03.10 22:58:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.09.03 18:48:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.11.02 12:29:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.11.21 16:48:32 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.12.18 14:51:45 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.05.13 22:40:57 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.12.18 14:51:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.05.06 16:02:03 | 000,003,195 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Complitly.xml
[2012.12.18 14:51:39 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - homepage: about:blank
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: about:blank
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Screen Capture Plugin (Enabled) = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.4_0\plugins/screen_capture.dll
CHR - plugin: IE Tab Multi (Enabled) = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea\1.0.0.1_0\plugin/npietab.dll
CHR - plugin: IE Tab Multi (SPA) (Enabled) = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea\1.0.0.1_0\plugin/npietabspa.dll
CHR - plugin: Chrome IE Tab (Enabled) = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.5.9.1_0\plugin/blackfishietab.dll
CHR - plugin: RoboForm Plugin for Google Chrome/Opera/etc. (Enabled) = C:\Program Files\Siber Systems\AI RoboForm\Chrome\plugin/rf-np-plugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\Application\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\Application\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\Application\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\Application\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\Application\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\Application\plugins\npqtplugin6.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Lightshot (Enabled) = C:\Program Files\nplightshot\1.7.0.25\npLightshot.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\users\alkdjflasfdd\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google-Suche = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Modul zur Link-Untersuchung = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Complitly plugin for chrome = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk\1.1_0\
CHR - Extension: IE Tab Multi (Enhance) = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea\1.0.1.2_0\
CHR - Extension: AdBlock = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: Sicherer Zahlungsverkehr = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: IE Tab = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\4.2.22.2_0\
CHR - Extension: Modul f\u00FCr das Blockieren gef\u00E4hrlicher Webseiten = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Stealthy = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje\3.0.1_0\
CHR - Extension: Virtuelle Tastatur = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: Downloads = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb\1_1\
CHR - Extension: Shortcut Manager = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgjjeipcdnnjhgodgjpfkffcejoljijf\0.7.9_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Keyconfig = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\okneonigbfnolfkmfgjmaeniipdjkgkl\1.13.1_0\
CHR - Extension: Google Mail = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\users\alkdjflasfdd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\

###nicht wundern, auch im folgenden habe ich ein paar einträge rausgelöscht, die *definitiv* sicher sind (legitime harmlose programme wie notepad replacements etc)
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - No CLSID value found.
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (eCard Client Initiator) - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Program Files\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\users\alkdjflasfdd\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [*ctmn32] C:\Program Files\SoftwareTime\ComputerTime\bin\ctmn32.exe (SoftwareTime, LLC)
O4 - HKLM..\Run: [APC] C:\Program Files\Advanced Parental Control\BackProcessAPC.exe File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BDRegion] c:\Program Files\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [ChicoSys] C:\Windows\system32\cc32\webtmr.exe File not found               <- das ist ein überbleibsel von einer partental control software
O4 - HKLM..\Run: [ChildWebGuardian PRO Agent] C:\Program Files\ChildWebGuardian PRO\CwAgent.exe ()
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW File not found
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [Helper] C:\Windows\System32\config\systemprofile\AppData\Local\PackSetup.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [jia] C:\Windows\System32\config\systemprofile\AppData\Local\yps.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [Helper] C:\Windows\System32\config\systemprofile\AppData\Local\PackSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [jia] C:\Windows\System32\config\systemprofile\AppData\Local\yps.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003..\RunOnce: [*ctmn32] C:\Program Files\SoftwareTime\ComputerTime\bin\ctmn32.exe (SoftwareTime, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 65010687
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 24
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 67108863
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WRP = 0
O7 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8 - Extra context menu item: Clear Fields - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
O8 - Extra context menu item: Download by FlashGet3 - C:\users\alkdjflasfdd\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Reset Fields - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html ()
O8 - Extra context menu item: RoboForm Options - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
O8 - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\..Trusted Domains: ebay.de ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\..Trusted Domains: facebook.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-467424403-2663338904-3135116938-1003\..Trusted Domains: facebook.de ([]* in Vertrauenswürdige Sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O16 - DPF: {503F5F92-794F-4273-824E-A3EDF65BFAA4} hxxp://downloads.reiner-sct.de/owok/plugins/rsct_owok_ie-2004.cab (OWOK)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02510786-FD86-46E9-AAB5-D608272861E1}: NameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9280B973-8F6E-421B-A41A-C9927DAD6993}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
O32 - Unable to read "AutoRun" value or value not present!
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{58da06e0-090d-11df-a2b5-001dbabdcad9}\Shell - "" = AutoRun
O33 - MountPoints2\{58da06e0-090d-11df-a2b5-001dbabdcad9}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.20 23:40:56 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.19 22:02:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
[2013.03.19 22:01:02 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013.03.19 22:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.03.19 22:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013.03.19 21:59:14 | 000,589,144 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2013.03.19 21:59:14 | 000,075,096 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klflt.sys
[2013.03.19 03:22:57 | 000,000,000 | ---D | C] -- C:\users\alkdjflasfdd\AppData\Roaming\QuickScan
[2013.03.15 15:24:40 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.15 15:24:37 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.15 15:24:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.15 15:24:36 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.15 15:24:35 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.15 15:24:32 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.15 15:24:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.15 15:24:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.10 23:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.03.10 22:59:52 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.10 22:59:28 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.10 22:59:28 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.03.10 22:59:28 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========

(senstive, aber ungefaehrliche informationen im untenstenden gelöscht) 

[2013.03.28 17:13:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.28 16:54:01 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\update-sys.job
[2013.03.28 16:53:02 | 000,013,936 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.28 16:53:02 | 000,013,936 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.28 16:29:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-467424403-2663338904-3135116938-1003UA.job
[2013.03.28 16:23:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.28 16:11:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-467424403-2663338904-3135116938-1003UA.job
[2013.03.28 15:45:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-467424403-2663338904-3135116938-1003.job
[2013.03.28 15:00:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.28 13:41:08 | 000,000,000 | ---- | M] () -- C:\users\alkdjflasfdd\defogger_reenable
[2013.03.28 01:41:19 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.28 01:40:56 | 2136,928,256 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.27 22:11:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-467424403-2663338904-3135116938-1003Core.job
[2013.03.27 19:55:08 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for me.job
[2013.03.27 19:29:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-467424403-2663338904-3135116938-1003Core.job
[2013.03.19 11:32:04 | 000,123,366 | ---- | M] () -- C:\ProgramData\1363688951.492.bin
[2013.03.19 11:32:04 | 000,038,517 | ---- | M] () -- C:\ProgramData\1363688951.5172.bin
[2013.03.19 11:31:10 | 000,008,946 | ---- | M] () -- C:\ProgramData\1363688951.5324.bin
[2013.03.19 11:30:14 | 000,009,322 | ---- | M] () -- C:\ProgramData\1363688951.3744.bin
[2013.03.19 11:29:56 | 000,004,717 | ---- | M] () -- C:\ProgramData\1363688951.3984.bin
[2013.03.19 11:29:38 | 000,001,090 | ---- | M] () -- C:\ProgramData\1363688951.5540.bin
[2013.03.19 11:29:38 | 000,001,090 | ---- | M] () -- C:\ProgramData\1363688951.5236.bin
[2013.03.19 11:29:34 | 000,013,837 | ---- | M] () -- C:\ProgramData\1363688951.3960.bin
[2013.03.19 11:29:34 | 000,000,783 | ---- | M] () -- C:\ProgramData\1363688951.2744.bin
[2013.03.19 11:29:28 | 000,002,276 | ---- | M] () -- C:\ProgramData\1363688951.2124.bin
[2013.03.19 03:23:41 | 000,109,352 | ---- | M] () -- C:\ProgramData\1363659262.7388.bin
[2013.03.19 03:23:41 | 000,059,640 | ---- | M] () -- C:\ProgramData\1363659262.2828.bin
[2013.03.19 03:23:11 | 000,010,418 | ---- | M] () -- C:\ProgramData\1363659262.7724.bin
[2013.03.19 03:23:11 | 000,004,718 | ---- | M] () -- C:\ProgramData\1363659262.10224.bin
[2013.03.19 03:22:53 | 000,001,091 | ---- | M] () -- C:\ProgramData\1363659262.10228.bin
[2013.03.19 03:22:41 | 000,001,091 | ---- | M] () -- C:\ProgramData\1363659262.10232.bin
[2013.03.19 03:20:09 | 000,008,927 | ---- | M] () -- C:\ProgramData\1363659262.7564.bin
[2013.03.19 03:19:35 | 000,014,774 | ---- | M] () -- C:\ProgramData\1363659262.10220.bin
[2013.03.19 03:19:35 | 000,000,783 | ---- | M] () -- C:\ProgramData\1363659262.8224.bin
[2013.03.19 03:19:17 | 000,002,277 | ---- | M] () -- C:\ProgramData\1363659262.10148.bin
[2013.03.18 18:43:51 | 095,023,320 | ---- | M] () -- C:\ProgramData\(zufallsstring).pad <----- das gehört zum gvu trojaner, 90 mb datei, ist jetzt nicht mehr schädlich / umbenannt/quarantäne)
[2013.03.18 14:26:39 | 000,629,594 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.18 14:26:39 | 000,595,198 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.18 14:26:39 | 000,120,434 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.18 14:26:39 | 000,099,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.10 22:59:06 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.03.10 22:59:05 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013.03.10 22:59:05 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.03.10 22:59:05 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.10 22:59:05 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.10 22:59:05 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========

(senstive, aber ungefaehrliche informationen im untenstenden gelöscht)

[2013.03.28 13:41:08 | 000,000,000 | ---- | C] () -- C:\users\alkdjflasfdd\defogger_reenable
[2013.03.19 11:29:33 | 000,008,946 | ---- | C] () -- C:\ProgramData\1363688951.5324.bin
[2013.03.19 11:29:33 | 000,000,783 | ---- | C] () -- C:\ProgramData\1363688951.2744.bin
[2013.03.19 11:29:32 | 000,013,837 | ---- | C] () -- C:\ProgramData\1363688951.3960.bin
[2013.03.19 11:29:32 | 000,004,717 | ---- | C] () -- C:\ProgramData\1363688951.3984.bin
[2013.03.19 11:29:32 | 000,001,090 | ---- | C] () -- C:\ProgramData\1363688951.5540.bin
[2013.03.19 11:29:32 | 000,001,090 | ---- | C] () -- C:\ProgramData\1363688951.5236.bin
[2013.03.19 11:29:27 | 000,002,276 | ---- | C] () -- C:\ProgramData\1363688951.2124.bin
[2013.03.19 11:29:15 | 000,038,517 | ---- | C] () -- C:\ProgramData\1363688951.5172.bin
[2013.03.19 11:29:14 | 000,009,322 | ---- | C] () -- C:\ProgramData\1363688951.3744.bin
[2013.03.19 11:29:11 | 000,123,366 | ---- | C] () -- C:\ProgramData\1363688951.492.bin
[2013.03.19 03:19:32 | 000,008,927 | ---- | C] () -- C:\ProgramData\1363659262.7564.bin
[2013.03.19 03:19:32 | 000,000,783 | ---- | C] () -- C:\ProgramData\1363659262.8224.bin
[2013.03.19 03:19:31 | 000,014,774 | ---- | C] () -- C:\ProgramData\1363659262.10220.bin
[2013.03.19 03:19:31 | 000,004,718 | ---- | C] () -- C:\ProgramData\1363659262.10224.bin
[2013.03.19 03:19:31 | 000,001,091 | ---- | C] () -- C:\ProgramData\1363659262.10232.bin
[2013.03.19 03:19:31 | 000,001,091 | ---- | C] () -- C:\ProgramData\1363659262.10228.bin
[2013.03.19 03:19:16 | 000,002,277 | ---- | C] () -- C:\ProgramData\1363659262.10148.bin
[2013.03.19 03:14:27 | 000,059,640 | ---- | C] () -- C:\ProgramData\1363659262.2828.bin
[2013.03.19 03:14:25 | 000,010,418 | ---- | C] () -- C:\ProgramData\1363659262.7724.bin
[2013.03.19 03:14:22 | 000,109,352 | ---- | C] () -- C:\ProgramData\1363659262.7388.bin
[2013.03.18 18:31:28 | 095,023,320 | ---- | C] () -- C:\ProgramData\(zufallsstring).pad <-----------s.o.
[2013.01.11 20:28:20 | 000,150,276 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012.10.10 12:38:48 | 001,743,870 | ---- | C] () -- C:\Windows\System32\tw_libeay32.dll
[2012.10.10 12:38:48 | 000,379,675 | ---- | C] () -- C:\Windows\System32\tw_libssl32.dll
[2012.10.10 12:38:46 | 001,963,416 | ---- | C] () -- C:\Windows\System32\cwcom.dll
[2012.10.10 12:38:46 | 001,076,632 | ---- | C] () -- C:\Windows\System32\wtwatch.exe
[2012.10.10 12:38:44 | 001,743,256 | ---- | C] () -- C:\Windows\System32\wstw.exe
[2012.09.25 15:31:50 | 000,054,464 | ---- | C] () -- C:\Windows\System32\drivers\psmounterex.sys
[2012.09.10 15:02:46 | 000,355,328 | ---- | C] () -- C:\Windows\System32\wlsppc.dll
[2012.07.23 00:26:57 | 000,221,184 | ---- | C] () -- C:\Windows\System32\pcrelib.dll
[2012.07.23 00:26:56 | 000,100,272 | ---- | C] () -- C:\Windows\System32\nfapi.dll
[2012.07.23 00:26:52 | 001,446,808 | ---- | C] () -- C:\Windows\System32\fltw.exe
[2012.07.22 22:43:01 | 000,124,416 | ---- | C] () -- C:\Windows\System32\dXCtrls.dll
[2012.07.22 22:43:00 | 000,544,256 | ---- | C] () -- C:\Windows\System32\janGraphics.dll
[2012.07.19 15:18:41 | 000,000,056 | RHS- | C] () -- C:\ProgramData\{F473AA6F-9069-4CB7-MB39-1493E6C46CAB}
[2012.07.06 21:57:48 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.03.20 00:49:10 | 000,000,711 | ---- | C] () -- C:\Windows\asfbinwin.INI
[2012.02.27 16:08:07 | 000,296,944 | ---- | C] () -- C:\users\alkdjflasfdd\AppData\Local\census.cache
[2012.02.27 16:07:46 | 000,171,238 | ---- | C] () -- C:\users\alkdjflasfdd\AppData\Local\ars.cache
[2012.02.27 15:48:40 | 000,000,036 | ---- | C] () -- C:\users\alkdjflasfdd\AppData\Local\housecall.guid.cache
[2012.01.27 15:08:26 | 000,000,022 | ---- | C] () -- C:\Windows\cmm.dat
[2012.01.02 01:13:41 | 000,074,240 | ---- | C] () -- C:\Windows\System32\zlibwapi.dll
[2011.12.12 17:00:42 | 000,002,952 | ---- | C] () -- C:\Windows\System32\STProxy.ini
[2011.12.12 17:00:42 | 000,001,664 | ---- | C] () -- C:\Windows\System32\STProxyOff.ini
[2011.12.11 01:35:13 | 000,000,221 | ---- | C] () -- C:\ProgramData\MusicStation.xml
[2011.11.21 22:40:24 | 000,037,888 | RHS- | C] () -- C:\Program Files\Common Files\{4510A67B-004C-D2M7-1196-BCF980168200}
[2011.07.11 18:32:34 | 000,000,163 | ---- | C] () -- C:\Windows\System32\StartClock.ini
[2011.06.27 12:39:39 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.06.07 00:41:00 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.05.27 15:32:21 | 000,001,280 | ---- | C] () -- C:\Windows\System32\excltmp~.dat
[2011.05.20 14:05:59 | 000,000,038 | ---- | C] () -- C:\Windows\osAviSplitter.INI
[2011.05.14 17:07:26 | 000,000,040 | ---- | C] () -- C:\ProgramData\STAnalyzer.ini
[2011.05.14 17:07:18 | 000,266,240 | ---- | C] () -- C:\ProgramData\STServer.mdb
[2011.05.14 17:07:18 | 000,002,832 | ---- | C] () -- C:\users\alkdjflasfdd\AppData\Roaming\D000A8E2.DAT
[2011.05.14 17:04:39 | 000,000,140 | ---- | C] () -- C:\ProgramData\95016.G06
[2011.05.14 16:07:11 | 000,000,169 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011.05.06 16:49:16 | 000,000,176 | ---- | C] () -- C:\Windows\System32\SWCTL.DLL
[2011.05.06 16:49:16 | 000,000,141 | -H-- | C] () -- C:\Windows\System32\ctlsw.ini
[2011.04.27 23:51:04 | 000,922,184 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011.04.27 23:51:04 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011.04.27 23:51:03 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011.04.25 21:49:26 | 000,084,480 | ---- | C] () -- C:\Windows\tbicd2hd.exe      <-terabyte
[2011.02.20 16:12:54 | 000,000,232 | ---- | C] () -- C:\users\alkdjflasfdd\powerpad.conf
[2010.04.18 01:36:21 | 000,001,948 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.01.06 03:46:40 | 000,000,676 | RHS- | C] () -- C:\users\alkdjflasfdd\ntuser.pol
[2009.12.21 14:20:47 | 000,007,640 | ---- | C] () -- C:\users\alkdjflasfdd\AppData\Local\resmon.resmoncfg
[2003.10.06 09:21:31 | 000,000,000 | -H-- | C] () -- C:\ProgramData\sdpsenv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========

(ein paar definitiv legitime programme wurden von mir der übersicht halber rausgelöscht)

[2009.12.21 15:23:52 | 000,000,000 | -HSD | M] -- C:\users\alkdjflasfdd\AppData\Roaming\.#
[2011.03.27 09:44:09 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\0AAFBEAB-806A-4CB2-91ED-5B06F11BDC01
[2011.03.29 15:46:34 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\23824715-F1D8-413E-A842-23DB1B743056
[2011.03.27 09:43:38 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\2CCFC51D-ABFA-4CEE-81D1-F0CF4F89D6FD
[2011.03.29 16:05:56 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\2D6E7029-FB78-496D-8D6C-4C5E9BE468F0
[2011.03.25 13:41:49 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\3A30ED3B-F6BB-46A1-BECF-21D7D6B0AF2D
[2011.03.29 15:46:35 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\40DCE393-547D-4A3C-8A2B-701C21058180
[2011.03.27 10:08:41 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\517A32DC-2FC9-4699-B88F-3FD3E52E2D45
[2011.03.25 13:41:53 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\57CD4456-A8BD-472C-96D5-0378F0EA7691
[2011.03.29 14:48:02 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\64CBEA9A-AF3D-4E1A-9FFB-745CABBCBFE7
[2011.03.26 22:18:43 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\68690F77-3C16-4C37-ABBB-2B2DE37C3851
[2011.03.29 16:06:10 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\6C3A9949-C2EF-476E-A7BE-80B310A28001
[2011.03.29 15:46:19 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\7991C204-B839-4F91-A1A0-DED062A123B0
[2011.03.29 16:06:36 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\7AA7CF54-B9D5-4779-97E5-E9E21635CB2D
[2011.03.29 14:50:03 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\7B2F5210-797C-4085-9FB4-C6BE67FAF64D
[2011.03.25 14:02:57 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\7D31E6A3-E6BA-4F5D-83E4-BCC7DE840E36
[2011.03.27 10:08:58 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\8EF34282-138A-4146-924B-BAF1C4157DE6
[2011.03.25 14:02:57 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\97092951-9D48-49DC-AA49-5E29FC7AF5C3
[2011.03.29 14:49:35 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\AA0E6BB3-9286-470C-A974-032542C2EDAD
[2010.05.17 15:42:08 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\Acronis
[2012.12.14 00:01:24 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\BITS
[2011.06.23 19:58:36 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\Canneverbe Limited
[2010.12.25 13:00:37 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\Chrome
[2011.03.26 22:18:43 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\D0F4A3CB-6F66-4381-B579-D00EF59B4CF5
[2011.03.27 10:08:58 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\DED3B6FB-54C1-4B32-8A35-4B0F32E6564A
[2012.12.12 23:12:24 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\Downloaded Installations
[2011.02.18 11:41:07 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\Echo Software
[2012.07.19 19:42:17 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\Ethervane
[2012.07.02 23:31:45 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\EurekaLog
[2011.03.27 09:44:09 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\FB5D50EE-9B7D-4B6C-8B48-457FFB113AF8
[2011.11.28 14:26:54 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\FMA
[2011.06.16 22:27:18 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\Leadertech
[2011.06.26 14:29:55 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\Notebook Hardware Control
[2012.11.21 01:47:30 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\Opera
[2013.03.19 03:22:57 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\QuickScan
[2011.03.01 13:32:05 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\SoftGrid Client
[2012.03.18 03:13:25 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\Softplicity
[2012.10.19 12:56:58 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\TeamViewer
[2012.10.19 14:39:42 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\temp
[2012.04.12 12:25:32 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\Tencent
[2011.05.14 17:04:39 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\tfw
[2011.03.25 12:44:49 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\TheWorld
[2011.07.11 13:46:33 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\Thunderbird
[2011.08.14 23:21:28 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\Tific
[2011.02.28 20:56:24 | 000,000,000 | ---D | M] -- C:\users\alkdjflasfdd\AppData\Roaming\TP


========== Purity Check ==========
  
 
========== Files - Unicode (All) ==========
[2011.03.24 16:13:28 | 000,000,986 | ---- | M] ()(C:\Users\Public\Desktop\???? 3.lnk) -- C:\Users\Public\Desktop\世界之窗 3.lnk <- theworld browser, legitime software
[2011.03.24 16:13:28 | 000,000,986 | ---- | C] ()(C:\Users\Public\Desktop\???? 3.lnk) -- C:\Users\Public\Desktop\世界之窗 3.lnk
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\???????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\世界之窗浏览器
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 4800 bytes -> C:\ProgramData\sdpsenv.dat:naughtypirates <- directory opus, soweit ich weiß. legitimer eintrag.
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:5294C449
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:424C5130
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:25D885FA
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0A8E2C33
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:63238B95
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D3A96964
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:F8D65F32

< End of report >

--- --- ---

[/CODE]

OTL extras log:

->Als Anhang wegen zeichenbeschränkung des beitrags.

An alle, die weiterhelfen: DANKE!!! Wenn ihr eine Anleitung irgendwo findet zum Reaktivieren der Verwaltungsintrumentation/Security Center -> bitte posten...

Windows Sicherheitscenter lässt sich nicht starten / GVU-Trojaner (unter anderem (?) )

Plagegeister aller Art und deren Bekämpfung: Windows Sicherheitscenter lässt sich nicht starten / GVU-Trojaner (unter anderem (?) )

Windows Sicherheitscenter lässt sich nicht starten / GVU-Trojaner (unter anderem (?) )

Ähnliche Themen: Windows Sicherheitscenter lässt sich nicht starten / GVU-Trojaner (unter anderem (?) )