Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Computer gesperrt : GVU : Gesellsachaft zur Verfolgung von Urheberrechtsverletzungen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 07.09.2012, 20:54   #1
break
 
Computer gesperrt : GVU : Gesellsachaft zur Verfolgung von Urheberrechtsverletzungen - Standard

Computer gesperrt : GVU : Gesellsachaft zur Verfolgung von Urheberrechtsverletzungen



Hi, mein computer wurde gesperrt. Ich benutze diesen Rechner nicht allein. GVU:Gesellsachaft zur Verfolgung von Urheberrechtsverletzungen. 100 € dann läuft er wieder.
Windows 7 Professional 64 bit Service Pack 1
Im Abgesicherten Modus bricht OTL immer ab: win 32 error. Code 6. Das Handle ist ungültig.

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.07.10

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Breakinusa :: BREAKINUSA-PC [Administrator]

Schutz: Deaktiviert

07.09.2012 20:27:37
mbam-log-2012-09-07 (20-45-05).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 291541
Laufzeit: 5 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Breakinusa\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt.
C:\Users\Breakinusa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.

(Ende)
         
[code]OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.09.2012 20:40:54 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Breakinusa\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,25 Gb Total Physical Memory | 13,35 Gb Available Physical Memory | 87,57% Memory free
30,50 Gb Paging File | 28,83 Gb Available in Paging File | 94,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 205,45 Gb Total Space | 19,13 Gb Free Space | 9,31% Space Free | Partition Type: NTFS
Drive E: | 367,18 Gb Total Space | 58,49 Gb Free Space | 15,93% Space Free | Partition Type: NTFS
Drive F: | 465,64 Gb Total Space | 5,47 Gb Free Space | 1,17% Space Free | Partition Type: FAT32
Drive G: | 23,42 Gb Total Space | 9,49 Gb Free Space | 40,51% Space Free | Partition Type: NTFS
Drive H: | 443,23 Gb Total Space | 0,35 Gb Free Space | 0,08% Space Free | Partition Type: NTFS
Drive I: | 488,28 Gb Total Space | 4,40 Gb Free Space | 0,90% Space Free | Partition Type: NTFS
 
Computer Name: BREAKINUSA-PC | User Name: Breakinusa | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Breakinusa\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\moz\firefox.exe (Mozilla Corporation)
PRC - E:\Spiele\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\moz\mozjs.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (avast! Firewall) -- C:\Programme\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- E:\Spiele\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (vncserver) -- C:\Programme\RealVNC\VNC Server\vncserver.exe (RealVNC Ltd)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE ()
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (nlsvc) -- C:\Programme\NetLimiter 3\nlsvc.exe (Locktime Software)
SRV - (AODService) -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (Norton Ghost) -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
SRV - (GenericMount Helper Service) -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe (Symantec)
SRV - (SymSnapService) -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe (Symantec)
SRV - (EPSON_EB_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION)
SRV - (JMB36X) -- C:\Windows\SysWOW64\XSrvSetup.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (Matrox.Pdesk.ServicesHost) -- C:\Program Files (x86)\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe (Matrox Graphics Inc.)
SRV - (WinVNC4) -- C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
SRV - (LiveUpdate) -- C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE (Symantec Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION)
SRV - (AMDRAIDXpert) -- C:\Program Files (x86)\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswNdis2) -- C:\Windows\SysNative\drivers\aswNdis2.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswFW) -- C:\Windows\SysNative\drivers\aswFW.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (vncmirror) -- C:\Windows\SysNative\drivers\vncmirror.sys (RealVNC Ltd.)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (LADF_CaptureOnly) -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys (Logitech)
DRV:64bit: - (LADF_RenderOnly) -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys (Logitech)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (NLNdisPT) -- C:\Windows\SysNative\drivers\nlndis.sys (Locktime Software)
DRV:64bit: - (NLNdisMP) -- C:\Windows\SysNative\drivers\nlndis.sys (Locktime Software)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\drivers\HssDrv.sys (AnchorFree Inc.)
DRV:64bit: - (aswNdis) -- C:\Windows\SysNative\drivers\aswNdis.sys (ALWIL Software)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (VKbms) -- C:\Windows\SysNative\drivers\VKbms.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (LADF_SBVM) -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys (Logitech)
DRV:64bit: - (LADF_DHP2) -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys (Logitech)
DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (danewFltr) -- C:\Windows\SysNative\drivers\danew.sys (Razer (Asia-Pacific) Pte Ltd)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (RDID1021) -- C:\Windows\SysNative\drivers\Rdwm1021.sys (Roland Corporation)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (VProEventMonitor) -- C:\Windows\SysNative\drivers\vproeventmonitor.sys (Symantec Corporation)
DRV:64bit: - (GenericMount) -- C:\Windows\SysNative\drivers\GenericMount.sys (Symantec Corporation)
DRV:64bit: - (symsnap) -- C:\Windows\SysNative\drivers\symsnap.sys (StorageCraft)
DRV:64bit: - (CYUSB) -- C:\Windows\SysNative\drivers\CYUSB.sys (Cypress Semiconductor)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (PID_0928) -- C:\Windows\SysNative\drivers\LV561V64.sys (Logitech Inc.)
DRV:64bit: - (Razerlow) -- C:\Windows\SysNative\drivers\DB3G.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (nltdi) -- C:\Programme\NetLimiter 3\nltdi.sys (Locktime Software)
DRV - (AODDriver2) -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys (Advanced Micro Devices)
DRV - (RTCore64) -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys ()
DRV - (EverestDriver) -- C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3492267845-2144503037-1421300598-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.hotspotshield.com/g/?c=h
IE - HKU\S-1-5-21-3492267845-2144503037-1421300598-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3492267845-2144503037-1421300598-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3492267845-2144503037-1421300598-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D9 82 9A 0A 56 0C CB 01  [binary data]
IE - HKU\S-1-5-21-3492267845-2144503037-1421300598-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3492267845-2144503037-1421300598-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3492267845-2144503037-1421300598-1001\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
IE - HKU\S-1-5-21-3492267845-2144503037-1421300598-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-3492267845-2144503037-1421300598-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>;*.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.01.22 05:17:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.01.22 05:17:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.08.26 19:21:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\moz\components [2012.09.02 21:44:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\moz\plugins [2012.08.15 08:27:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.01 03:04:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.15 08:27:19 | 000,000,000 | ---D | M]
 
[2010.09.23 19:40:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Breakinusa\AppData\Roaming\mozilla\Extensions
[2012.09.02 23:34:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Breakinusa\AppData\Roaming\mozilla\Firefox\Profiles\ndy5gbne.default-1346615075439\extensions
[2010.12.10 10:09:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.20 10:30:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\moz\extensions
[2012.05.30 17:07:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\moz\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.09.02 21:44:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\moz\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.09.29 16:51:39 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files (x86)\mozilla firefox\moz\extensions\afurladvisor@anchorfree.com
[2012.08.26 19:21:33 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010.07.29 12:20:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.29 12:20:50 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.29 12:20:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.29 12:20:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.29 12:20:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
 
O1 HOSTS File: ([2011.03.23 14:41:20 | 000,433,090 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 14905 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] E:\Spiele\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3492267845-2144503037-1421300598-1001..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-3492267845-2144503037-1421300598-1001..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] E:\Spiele\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Breakinusa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Prog\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Breakinusa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Prog\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Prog\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCFC2562-3C4A-4BB3-9322-07A109F5E506}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.03.03 04:59:10 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{77588d14-5b81-11df-93a3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{77588d14-5b81-11df-93a3-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Run.exe
O33 - MountPoints2\{c8ed28f0-5b8d-11df-be95-6cf0490d09c6}\Shell - "" = AutoRun
O33 - MountPoints2\{c8ed28f0-5b8d-11df-be95-6cf0490d09c6}\Shell\AutoRun\command - "" = J:\SetupSeriesA.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\install.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.07 20:21:08 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Breakinusa\Desktop\mbam-setup-1.62.0.1300.exe
[2012.09.07 20:18:54 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Breakinusa\Desktop\OTL.exe
[2012.09.07 13:20:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.09.07 13:20:02 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.09.07 13:20:02 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.09.07 13:19:51 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.09.07 13:19:51 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.09.07 13:19:51 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.09.07 11:42:11 | 000,000,000 | ---D | C] -- C:\Users\Breakinusa\AppData\Roaming\Malwarebytes
[2012.09.07 11:42:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.07 11:42:07 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.07 11:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.07 01:28:31 | 000,000,000 | ---D | C] -- C:\Users\Breakinusa\Tracing
[2012.09.05 20:01:48 | 000,000,000 | ---D | C] -- C:\Users\Breakinusa\AppData\Local\{D3DA1CB3-8F3B-4885-9619-060233E8ECD1}
[2012.09.05 02:45:17 | 000,000,000 | ---D | C] -- C:\Users\Breakinusa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\oDC
[2012.09.05 02:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oDC
[2012.09.05 02:45:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\oDC
[2012.09.04 11:15:04 | 000,000,000 | ---D | C] -- C:\Users\Breakinusa\AppData\Local\{860C18EB-0A33-494D-85C7-1F74429AC229}
[2012.09.02 21:44:40 | 000,000,000 | ---D | C] -- C:\Users\Breakinusa\Desktop\Alte Firefox-Daten
[2012.09.02 21:43:46 | 000,000,000 | ---D | C] -- C:\Users\Breakinusa\AppData\Local\{71E0C04A-8697-45B5-A1E9-C53959142FB7}
[2012.08.31 19:34:57 | 000,000,000 | ---D | C] -- C:\Users\Breakinusa\AppData\Local\{B93F4806-CAA4-4DCC-AB54-0550B4361BDC}
[2012.08.29 21:23:57 | 000,000,000 | ---D | C] -- C:\Users\Breakinusa\AppData\Local\{75A1080C-523A-4D55-820E-DE6C0BDD8858}
[2012.08.27 08:28:22 | 000,000,000 | ---D | C] -- C:\Users\Breakinusa\AppData\Local\{B573C9CB-BD69-4024-B7BD-F82B4BDFC436}
[2012.08.26 19:06:15 | 000,000,000 | ---D | C] -- C:\Users\Breakinusa\AppData\Roaming\NetMeter
[2012.08.26 19:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetMeter
[2012.08.26 19:06:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetMeter
[2012.08.26 03:31:57 | 000,000,000 | ---D | C] -- C:\Users\Breakinusa\AppData\Local\{66A2FBD6-B4EF-48C4-A302-E427A4FDA66F}
[2012.08.24 19:48:19 | 000,000,000 | ---D | C] -- C:\Users\Breakinusa\AppData\Local\{FA3F13A9-7923-471A-9E23-2F5C86A83E1E}
[2012.08.24 07:47:55 | 000,000,000 | ---D | C] -- C:\Users\Breakinusa\AppData\Local\{40BFC28D-AF99-4B4C-AA3A-A58D2EB12AFF}
[2012.08.22 21:09:38 | 000,000,000 | ---D | C] -- C:\Users\Breakinusa\AppData\Local\{9F74F016-E8E7-42F8-AC82-B2879FF57777}
[2012.08.22 08:41:48 | 000,000,000 | ---D | C] -- C:\Users\Breakinusa\AppData\Local\{B32C3D8D-3FDB-4A95-86A9-14F513A465B9}
[2012.08.21 20:41:13 | 000,000,000 | ---D | C] -- C:\Users\Breakinusa\AppData\Local\{11359D32-EC62-43FC-AAC8-2A774200303C}
[2012.08.21 08:40:50 | 000,000,000 | ---D | C] -- C:\Users\Breakinusa\AppData\Local\{7CCB8AF7-7CA7-4676-834C-00282E7E10AC}
[2012.08.20 12:50:33 | 000,000,000 | ---D | C] -- C:\Users\Breakinusa\AppData\Local\{A2D8F246-3F2E-4965-A424-97A182EE3800}
[2012.08.18 17:56:24 | 000,000,000 | ---D | C] -- C:\Users\Breakinusa\AppData\Local\{84FE4C11-B4DF-4FD6-8287-6445923EA20C}
[2012.08.17 22:11:45 | 000,000,000 | ---D | C] -- C:\Users\Breakinusa\AppData\Local\{133390FC-C0B6-4A4F-B227-8610320F5183}
[2012.08.17 22:11:33 | 000,000,000 | ---D | C] -- C:\Users\Breakinusa\AppData\Local\{8968FDA3-ED8A-478A-A5C6-321ABA9335ED}
[2012.08.17 10:05:10 | 000,000,000 | ---D | C] -- C:\Users\Breakinusa\AppData\Local\{6737FDB5-74F9-4F82-AE6B-436CD0185A7C}
[2012.08.17 10:04:49 | 000,000,000 | ---D | C] -- C:\Users\Breakinusa\AppData\Local\{083679BD-CA58-4F90-A1C6-E3EAAC2A46ED}
[2012.08.16 23:39:11 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.16 23:39:11 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.16 23:39:10 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.16 23:39:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.16 23:39:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.16 23:39:09 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.16 23:39:09 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.08.16 23:39:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.16 23:39:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.16 23:39:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.08.16 23:39:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.16 23:39:08 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.16 23:39:07 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.16 22:04:24 | 000,000,000 | ---D | C] -- C:\Users\Breakinusa\AppData\Local\{D656DBC7-D845-47A5-8F7D-14289BC81998}
[2012.08.16 10:07:17 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.16 10:07:13 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.16 10:07:13 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.08.16 10:07:13 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.16 10:07:11 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.16 10:07:11 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.16 10:07:11 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.16 10:07:08 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.16 10:03:50 | 000,000,000 | ---D | C] -- C:\Users\Breakinusa\AppData\Local\{AC63A554-4AE5-4A34-B002-80876703D6F3}
[2012.08.16 10:03:40 | 000,000,000 | ---D | C] -- C:\Users\Breakinusa\AppData\Local\{6A18E0FA-02DE-4106-97BA-F77629CC81D9}
[2012.08.15 10:27:14 | 000,000,000 | ---D | C] -- C:\Users\Breakinusa\AppData\Local\{18AFC135-285F-4DF1-8994-9C43FCC13E79}
[2012.08.15 10:26:53 | 000,000,000 | ---D | C] -- C:\Users\Breakinusa\AppData\Local\{1CA8A596-0F18-48AA-9F64-F419951C1BDB}
[2012.08.14 22:26:28 | 000,000,000 | ---D | C] -- C:\Users\Breakinusa\AppData\Local\{507AFD68-1A04-44B9-A721-20C91C559463}
[2012.08.14 10:25:53 | 000,000,000 | ---D | C] -- C:\Users\Breakinusa\AppData\Local\{02FCBD3C-3415-437D-869D-AF541496C0BC}
[2012.08.14 10:25:43 | 000,000,000 | ---D | C] -- C:\Users\Breakinusa\AppData\Local\{B07D86CC-B086-475A-9193-DE42BB56D262}
[2012.08.13 19:21:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Napster 5
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.07 20:21:15 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Breakinusa\Desktop\mbam-setup-1.62.0.1300.exe
[2012.09.07 20:18:56 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Breakinusa\Desktop\OTL.exe
[2012.09.07 20:06:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.07 20:05:51 | 3689,799,678 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.07 14:11:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.07 13:19:37 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.09.07 13:19:36 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.09.07 13:19:36 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.09.07 13:19:36 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.09.07 13:19:36 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.09.07 13:19:36 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.09.07 11:42:08 | 000,000,724 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.07 11:37:45 | 004,503,728 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.07 11:28:34 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.07 11:28:34 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.07 04:19:22 | 000,001,901 | ---- | M] () -- C:\Users\Breakinusa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.09.07 01:54:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.09.06 21:29:55 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.09.06 21:29:55 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.09.06 21:29:46 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.09.06 00:00:03 | 000,928,526 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.06 00:00:03 | 000,712,748 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.06 00:00:03 | 000,154,618 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.06 00:00:03 | 000,052,760 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.06 00:00:03 | 000,023,062 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.05 01:18:02 | 000,951,746 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.08.26 19:06:11 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\NetMeter.lnk
[2012.08.21 11:13:13 | 000,969,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.08.21 11:13:13 | 000,359,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.08.21 11:13:13 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.08.21 11:13:12 | 000,266,776 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2012.08.21 11:13:12 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.08.21 11:13:12 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.08.21 11:13:11 | 000,142,128 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2012.08.21 11:13:11 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.08.21 11:13:11 | 000,019,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.08.21 11:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.08.17 08:28:42 | 005,002,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.16 11:11:09 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.16 11:11:09 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.16 10:42:16 | 000,108,090 | ---- | M] () -- C:\Users\Breakinusa\Desktop\aha.jpg
[2012.08.13 19:21:37 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\Napster 5.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.07 11:42:08 | 000,000,724 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.06 23:59:52 | 004,503,728 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.06 23:59:52 | 000,001,901 | ---- | C] () -- C:\Users\Breakinusa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.26 19:06:11 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\NetMeter.lnk
[2012.08.16 10:42:16 | 000,108,090 | ---- | C] () -- C:\Users\Breakinusa\Desktop\aha.jpg
[2012.03.26 16:20:22 | 000,163,976 | ---- | C] () -- C:\Windows\SysWow64\AirfoilInject3.dll
[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.10.05 01:20:32 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.06.07 03:01:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.06.02 09:17:24 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini
[2011.05.05 01:28:10 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.04.27 00:36:52 | 000,000,000 | ---- | C] () -- C:\Windows\PlgEnabler2a.INI
[2011.04.20 14:44:25 | 000,000,551 | ---- | C] () -- C:\Users\Breakinusa\AppData\Roaming\AutoGK.ini
[2011.04.20 11:48:12 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.28 09:54:37 | 000,000,132 | ---- | C] () -- C:\Users\Breakinusa\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.03.02 17:57:21 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2010.12.11 18:22:59 | 000,215,799 | ---- | C] () -- C:\ProgramData\LUInstall.LiveUpdate
[2010.10.04 10:13:23 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2010.09.21 20:56:38 | 000,007,599 | ---- | C] () -- C:\Users\Breakinusa\AppData\Local\Resmon.ResmonCfg
[2010.05.17 19:01:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.10 17:58:39 | 000,000,098 | ---- | C] () -- C:\Users\Breakinusa\AppData\Local\fusioncache.dat
 
========== LOP Check ==========
 
[2011.03.02 13:58:29 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\.bittorrent
[2011.04.27 23:57:52 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\.minecraft
[2011.10.13 20:26:14 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\Ableton
[2011.03.02 13:58:27 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\BlogMatrix
[2012.07.11 12:46:59 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\com.Rhapsody.Napster5
[2010.05.31 14:46:42 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\DAEMON Tools Lite
[2010.05.09 19:08:50 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\DAEMON Tools Pro
[2012.09.07 04:18:00 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\Dropbox
[2011.10.15 22:54:50 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\DVDVideoSoft
[2011.10.15 22:54:38 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.07 13:02:11 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\Epson
[2012.02.22 23:38:47 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\Freudenreich
[2010.05.31 10:37:55 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\GHISLER
[2011.06.12 20:00:21 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\HTC
[2011.06.12 16:19:26 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.04.13 03:24:17 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\ICQ
[2011.03.31 21:08:59 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\Jeyo
[2010.05.18 17:01:21 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\Leadertech
[2011.01.06 17:12:10 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\Local
[2011.02.01 02:06:05 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\LolClient
[2012.09.06 21:11:54 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\Mumble
[2012.02.28 18:52:30 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\Nemetschek
[2012.08.26 19:11:15 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\NetMeter
[2010.09.16 10:52:54 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\OpenOffice.org
[2012.08.16 22:17:53 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\Origin
[2012.02.16 19:10:23 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\Outlook
[2011.09.20 14:24:33 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\pdfforge
[2011.09.21 11:37:31 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\POV-Ray
[2011.04.14 09:49:20 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\PunkBuster
[2011.09.12 18:07:22 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\Razer
[2011.04.13 16:32:41 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.04.27 01:04:06 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\Steinberg
[2011.03.16 14:12:43 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\streamripper
[2012.03.14 18:15:56 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\TeamViewer
[2011.03.31 16:11:05 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\The Creative Assembly
[2010.12.11 17:29:45 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\Thinstall
[2012.03.01 22:54:09 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\TrueCrypt
[2012.07.27 02:53:20 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\TS3Client
[2010.05.10 18:00:29 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\Turbine
[2012.09.07 04:08:44 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\uTorrent
[2012.03.30 13:34:32 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\VST3 Presets
[2011.04.14 03:32:57 | 000,000,000 | ---D | M] -- C:\Users\Breakinusa\AppData\Roaming\XMedia Recode
[2012.08.13 19:20:59 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\com.Rhapsody.Napster5
[2011.08.22 09:27:11 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\Epson
[2011.08.22 09:27:20 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\HTC
[2012.09.03 17:35:33 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\OpenOffice.org
[2012.07.02 15:42:55 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.08.06 20:37:08 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\TeamViewer
[2012.09.05 19:59:52 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---
Und schon mal danke an jeden der sich damit beschäftigt!

Ursache war wohl eine veraltete Java-Version

Warum beendet OTL den scan bei der stelle:scanning spybot - search and destroy event log.
win 32 error. code 6. das handle ist ungültig?

Geändert von break (07.09.2012 um 21:03 Uhr)

Alt 08.09.2012, 19:36   #2
t'john
/// Helfer-Team
 
Computer gesperrt : GVU : Gesellsachaft zur Verfolgung von Urheberrechtsverletzungen - Standard

Computer gesperrt : GVU : Gesellsachaft zur Verfolgung von Urheberrechtsverletzungen





Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-3492267845-2144503037-1421300598-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\S-1-5-21-3492267845-2144503037-1421300598-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKU\S-1-5-21-3492267845-2144503037-1421300598-1001\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = http://search.hotspotshield.com/g/results.php?c=s&q={searchTerms} 
IE - HKU\S-1-5-21-3492267845-2144503037-1421300598-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 
IE - HKU\S-1-5-21-3492267845-2144503037-1421300598-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;;*.local 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found 
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) 
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found 
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found 
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found 
O4 - HKLM..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" File not found 
O4 - HKU\S-1-5-21-3492267845-2144503037-1421300598-1001..\Run: [AdobeBridge] File not found 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2012.03.03 04:59:10 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ FAT32 ] 
O33 - MountPoints2\{77588d14-5b81-11df-93a3-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{77588d14-5b81-11df-93a3-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Run.exe 
O33 - MountPoints2\{c8ed28f0-5b8d-11df-be95-6cf0490d09c6}\Shell - "" = AutoRun 
O33 - MountPoints2\{c8ed28f0-5b8d-11df-be95-6cf0490d09c6}\Shell\AutoRun\command - "" = J:\SetupSeriesA.exe 
O33 - MountPoints2\D\Shell - "" = AutoRun 
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\install.exe 
 
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] 
[2012.09.07 11:37:45 | 004,503,728 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad 
[2012.09.07 04:19:22 | 000,001,901 | ---- | M] () -- C:\Users\Breakinusa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 
[2012.09.07 01:54:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt 
 
:Files
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Breakinusa\AppData\Local\{*}
C:\Users\Breakinusa\AppData\Local\Temp\*.exe
C:\Users\Breakinusa\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

3. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.



4. Schritt
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
__________________

__________________

Alt 27.10.2012, 04:44   #3
t'john
/// Helfer-Team
 
Computer gesperrt : GVU : Gesellsachaft zur Verfolgung von Urheberrechtsverletzungen - Standard

Computer gesperrt : GVU : Gesellsachaft zur Verfolgung von Urheberrechtsverletzungen



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
__________________

Antwort

Themen zu Computer gesperrt : GVU : Gesellsachaft zur Verfolgung von Urheberrechtsverletzungen
antivirus, autorun, avast, bho, bonjour, browser, computer, converter, excel, explorer, firefox, flash player, format, freude, gesperrt, helper, helper.exe, homepage, hotspot, langs, launch, logfile, monitor, mozilla, mp3, nvidia update, plug-in, realtek, registry, software, symantec, temp, wgsdgsdgdsgsd.exe



Ähnliche Themen: Computer gesperrt : GVU : Gesellsachaft zur Verfolgung von Urheberrechtsverletzungen


  1. Windows Vista, kurze Einblendung auf Bildschirm, mit Text: zu viele Klicks, wird gespeichert zwecks Verfolgung
    Log-Analyse und Auswertung - 31.08.2013 (6)
  2. ihr computer ist gesperrt
    Plagegeister aller Art und deren Bekämpfung - 29.08.2013 (1)
  3. Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 09.08.2013 (18)
  4. Gesellschaft Zur Verfolgung und Urheberrechtsverletzung - komme nicht in den Abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 01.08.2013 (7)
  5. computer gesperrt von GVU
    Plagegeister aller Art und deren Bekämpfung - 22.06.2013 (2)
  6. GVU - Computer ist gesperrt
    Plagegeister aller Art und deren Bekämpfung - 02.03.2013 (14)
  7. Rechner gesperrt - "Polizei - Ihr Computer wurde gesperrt"
    Log-Analyse und Auswertung - 12.02.2013 (5)
  8. Ihr Computer ist gesperrt GVU
    Plagegeister aller Art und deren Bekämpfung - 20.01.2013 (17)
  9. Computer ist gesperrt - GVU
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (30)
  10. Ihr Computer ist gesperrt!
    Plagegeister aller Art und deren Bekämpfung - 12.01.2013 (1)
  11. Bundestrojaner Variante: "Ihr Computer wurde gesperrt"; " Ihr Computer wurde durch das Speichern der autom. Informationskontrolle gesperrt"
    Log-Analyse und Auswertung - 25.11.2012 (10)
  12. BKA Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (8)
  13. GVU Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 12.09.2012 (21)
  14. Computer gesperrt mit der Nachricht: Der Computer ist für die Verletzung der BRD wurde bockiert!
    Plagegeister aller Art und deren Bekämpfung - 19.08.2012 (6)
  15. Computer gesperrt mit der Nachricht: Der Computer ist für die Verletzung der BRD wurde bockiert!
    Antiviren-, Firewall- und andere Schutzprogramme - 29.07.2012 (1)
  16. DHL-Verfolgung - e-Mail Trojaner - Windows 7 Schwer Befallen
    Plagegeister aller Art und deren Bekämpfung - 22.05.2012 (20)
  17. DHL-Verfolgung - e-Mail Trojaner
    Plagegeister aller Art und deren Bekämpfung - 21.05.2012 (5)

Zum Thema Computer gesperrt : GVU : Gesellsachaft zur Verfolgung von Urheberrechtsverletzungen - Hi, mein computer wurde gesperrt. Ich benutze diesen Rechner nicht allein. GVU:Gesellsachaft zur Verfolgung von Urheberrechtsverletzungen. 100 € dann läuft er wieder. Windows 7 Professional 64 bit Service Pack 1 - Computer gesperrt : GVU : Gesellsachaft zur Verfolgung von Urheberrechtsverletzungen...
Archiv
Du betrachtest: Computer gesperrt : GVU : Gesellsachaft zur Verfolgung von Urheberrechtsverletzungen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.