Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.06.2012, 19:18   #1
Mäuschens
 
GVU Trojaner? - Standard

GVU Trojaner?



Hallo,

ich glaube ich habe diesen GVU Trojaner eingefangen!!

Da steht das ich irgendwelchen Kinderpornos geguckt haben soll und das gegen gesetzt xy verstößt und ich 100€ per paysafecard zahlen soll und dann mein Laptop innerhalb von 1-72 stunden wieder freigeschaltet wird.

Ich hab auch schon Malwarebytes Anti-Malware im Abgesicherten Modus runtergeladen und gescannt aber er zeigt mir kein Virus an.

Was jetzt jemand eine Idee??

Danke im Vorraus

Alt 30.06.2012, 19:19   #2
markusg
/// Malware-holic
 
GVU Trojaner? - Standard

GVU Trojaner?



hi
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 30.06.2012, 20:02   #3
Mäuschens
 
GVU Trojaner? - Standard

GVU Trojaner?



Hab nur das hier (sorry hab nicht soviel Ahnung davon):



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.06.2012 19:56:32 - Run 1
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\PIT\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 3,23 Gb Available Physical Memory | 81,03% Memory free
7,96 Gb Paging File | 7,33 Gb Available in Paging File | 92,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,15 Gb Total Space | 395,82 Gb Free Space | 87,54% Space Free | Partition Type: NTFS
Drive D: | 6,87 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PIT-VAIO | User Name: PIT | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\PIT\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VcmINSMgr) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (VCService) -- C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (SpfService) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (TGCM_ImportWiFiSvc) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D)
SRV - (DBService) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (PDFProFiltSrvPP) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (IT9135BDA) -- C:\Windows\SysNative\drivers\IT9135BDA.sys (ITE                      )
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (massfilter_hs) -- C:\Windows\SysNative\drivers\massfilter_hs.sys (ZTE Incorporated)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sony.eu/vaioportal
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ebay.de/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0E7CEFC7-9BA2-4D9A-AD55-3D16D2DF28F6}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-21/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{C85A5C06-05BD-4771-B952-6BE3AD121981}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
IE - HKCU\..\SearchScopes\{DE8FEEB7-1CF1-4671-A393-DC1F43B8DF51}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\PIT\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\PIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\PIT\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\PIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\PIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\PIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF6AE0F7-3A69-4D27-968C-3CC9060159D8}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.09.25 23:19:27 | 000,000,000 | ---D | M] - D:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2011.09.25 23:19:27 | 003,809,416 | R--- | M] (Electronic Arts Inc.) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2011.09.25 23:19:27 | 000,000,049 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{6c654468-b79c-11e0-a6d9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6c654468-b79c-11e0-a6d9-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2011.09.25 23:19:27 | 003,809,416 | R--- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.30 19:26:16 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\PIT\Desktop\OTL.exe
[2012.06.30 18:36:21 | 000,000,000 | R--D | C] -- C:\Users\PIT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012.06.30 17:35:39 | 000,000,000 | ---D | C] -- C:\Users\PIT\AppData\Roaming\Malwarebytes
[2012.06.30 17:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.30 17:35:33 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.30 17:35:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.30 17:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.30 17:25:38 | 000,000,000 | ---D | C] -- C:\Users\PIT\AppData\Local\ElevatedDiagnostics
[2012.06.26 19:47:34 | 000,000,000 | ---D | C] -- C:\Users\PIT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Downloader
[2012.06.26 19:47:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Game Downloader
[2012.06.25 12:45:21 | 000,000,000 | ---D | C] -- C:\Users\PIT\AppData\Local\Sony Corporation
[2012.06.25 12:19:14 | 000,000,000 | ---D | C] -- C:\Users\PIT\AppData\Local\Microsoft Games
[2012.06.21 08:39:56 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.21 08:39:56 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.21 08:39:55 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.21 08:39:44 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.21 08:39:44 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.21 08:39:44 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.21 08:39:29 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.21 08:39:29 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.20 21:31:53 | 000,000,000 | ---D | C] -- C:\Users\PIT\AppData\Local\{70513C18-7B64-4176-BB1D-33C8065A77C6}
[2012.06.20 21:14:17 | 000,000,000 | ---D | C] -- C:\Users\PIT\AppData\Local\Programs
[2012.06.20 21:11:41 | 000,000,000 | ---D | C] -- C:\Users\PIT\Documents\WebCam Media
[2012.06.14 18:22:54 | 000,000,000 | ---D | C] -- C:\Users\PIT\AppData\Local\{4799C0C8-8F8F-4472-8C02-EF21A21C4418}
[2012.06.13 17:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\directx
[2012.06.13 17:41:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
[2012.06.13 17:41:08 | 000,000,000 | ---D | C] -- C:\Sierra
[2012.06.13 12:01:17 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.06.13 12:01:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.06.13 12:01:17 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.06.13 12:01:17 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.06.13 12:01:16 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.06.13 12:01:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.06.13 12:01:15 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.06.13 12:01:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.06.13 12:01:13 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.06.13 12:01:13 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.06.13 12:01:12 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.06.13 12:01:11 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.06.13 12:01:11 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.06.13 10:37:38 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.06.13 10:37:38 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.13 10:37:38 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.06.13 10:37:28 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.06.13 10:37:28 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.06.13 10:37:27 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.06.13 10:37:24 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.06.13 10:37:21 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.13 10:37:21 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.13 10:31:46 | 000,000,000 | ---D | C] -- C:\Users\PIT\AppData\Local\{B3A0BA82-ACEF-48DA-8CFC-C8CCF50CE0F6}
[2012.06.12 23:21:38 | 000,000,000 | ---D | C] -- C:\Users\PIT\AppData\Local\{6BE67411-39F9-4FB8-ABB3-2A05CF465781}
[2012.06.12 23:20:10 | 000,000,000 | ---D | C] -- C:\Users\PIT\AppData\Local\Windows Live
[2012.06.12 23:20:10 | 000,000,000 | ---D | C] -- C:\Users\PIT\AppData\Local\{7E1AB17F-FB07-42F4-B1E0-E4C155739FAF}
[2012.06.12 23:19:42 | 000,000,000 | ---D | C] -- C:\Users\PIT\AppData\Local\{EDCD741A-31C8-4185-9A26-5DB22655D520}
[2012.06.12 23:19:27 | 000,000,000 | ---D | C] -- C:\Users\PIT\AppData\Roaming\Windows Live Writer
[2012.06.12 23:19:27 | 000,000,000 | ---D | C] -- C:\Users\PIT\AppData\Local\Windows Live Writer
[2012.06.12 17:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ANNO 1503
[2012.06.12 17:24:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ANNO 1503
[2012.06.12 17:11:34 | 000,000,000 | ---D | C] -- C:\Users\PIT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012.06.12 17:10:46 | 000,505,104 | R--- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml.dll
[2012.06.12 17:10:44 | 000,089,360 | R--- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB5DB.DLL
[2012.06.12 17:10:44 | 000,028,432 | R--- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxmlr.dll
[2012.06.12 17:10:44 | 000,026,088 | R--- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xmlinst.exe
[2012.06.12 17:10:44 | 000,024,576 | R--- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2012.06.12 17:10:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubi Soft
[2012.06.12 17:10:32 | 000,000,000 | ---D | C] -- C:\Users\PIT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blue Byte
[2012.06.12 17:10:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Byte
[2012.06.12 17:08:29 | 000,000,000 | ---D | C] -- C:\BlueByte
[2012.06.12 17:08:05 | 000,305,664 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe
[2012.06.12 16:56:53 | 000,000,000 | ---D | C] -- C:\Users\PIT\AppData\Local\ArcSoft
[2012.06.12 16:56:14 | 000,000,000 | ---D | C] -- C:\Users\PIT\AppData\Roaming\ArcSoft
[2012.06.12 16:56:13 | 000,022,784 | ---- | C] (Arcsoft, Inc.) -- C:\Windows\SysWow64\drivers\afc.sys
[2012.06.12 16:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia 3.5
[2012.06.12 16:53:33 | 000,114,688 | ---- | C] (ITE Tech. Inc.) -- C:\Windows\SysNative\IRMonitor.exe
[2012.06.12 16:53:33 | 000,049,152 | ---- | C] (ITE Technologies, Inc.) -- C:\Windows\SysWow64\AF9100EX.dll
[2012.06.12 16:53:33 | 000,049,152 | ---- | C] (ITE Technologies, Inc.) -- C:\Windows\SysNative\AF9100EX.dll
[2012.06.12 16:53:30 | 000,113,280 | ---- | C] (ITE                      ) -- C:\Windows\SysNative\drivers\IT9135BDA.sys
[2012.06.05 16:29:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.06.05 10:37:39 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.06.05 10:37:39 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.04 22:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012.06.04 22:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012.06.04 22:33:37 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2012.06.04 22:15:25 | 000,000,000 | ---D | C] -- C:\Users\PIT\Documents\FUSSBALL MANAGER 12
[2012.06.04 21:58:06 | 000,000,000 | ---D | C] -- C:\Users\PIT\AppData\Roaming\Avira
[2012.06.04 21:54:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA SPORTS
[2012.06.04 21:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.06.04 21:52:38 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.06.04 21:52:38 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.06.04 21:52:38 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.06.04 21:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.06.04 21:52:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.06.04 21:36:53 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.30 19:26:38 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\PIT\Desktop\OTL.exe
[2012.06.30 19:22:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.30 19:22:23 | 3206,959,104 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.30 18:58:45 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad
[2012.06.30 18:57:33 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.30 17:57:30 | 001,614,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.30 17:57:30 | 000,697,284 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.30 17:57:30 | 000,652,602 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.30 17:57:30 | 000,148,322 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.30 17:57:30 | 000,121,276 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.30 17:35:34 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.30 16:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.30 16:21:00 | 000,001,877 | ---- | M] () -- C:\Users\PIT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.06.30 15:50:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.30 12:52:03 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.06.30 12:32:29 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.30 12:32:29 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.26 19:48:42 | 000,001,095 | ---- | M] () -- C:\Users\PIT\Desktop\Game Downloader.lnk
[2012.06.26 08:43:07 | 000,020,480 | ---- | M] () -- C:\Users\PIT\Desktop\Rechnung_0000008301029364_1246204959.pdf
[2012.06.25 12:29:24 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.06.25 12:29:24 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.14 20:26:53 | 006,517,133 | ---- | M] () -- C:\Users\PIT\Desktop\M7_wYBkEMjU.mp3
[2012.06.14 20:24:30 | 007,195,063 | ---- | M] () -- C:\Users\PIT\Desktop\Breathe Carolina  Blackout Music Video.mp3
[2012.06.14 20:21:35 | 005,925,554 | ---- | M] () -- C:\Users\PIT\Desktop\Loreen - Euphoria (Lyrics).mp3
[2012.06.14 20:19:40 | 006,748,683 | ---- | M] () -- C:\Users\PIT\Desktop\R.I.O. feat. Nicco - Party Shaker (Official Video HD).mp3
[2012.06.13 17:48:51 | 000,001,537 | ---- | M] () -- C:\Users\Public\Desktop\EE-ZDE.lnk
[2012.06.13 17:46:06 | 000,000,415 | ---- | M] () -- C:\Windows\SIERRA.INI
[2012.06.13 17:44:14 | 000,001,637 | ---- | M] () -- C:\Users\Public\Desktop\Empire Earth.lnk
[2012.06.13 16:01:01 | 000,297,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.12 17:27:45 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\ANNO 1503 spielen.lnk
[2012.06.12 16:56:11 | 000,002,016 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
[2012.06.12 16:56:11 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\TotalMedia 3.5.lnk
[2012.06.12 16:53:30 | 000,114,688 | ---- | M] (ITE Tech. Inc.) -- C:\Windows\SysNative\IRMonitor.exe
[2012.06.12 16:53:30 | 000,113,280 | ---- | M] (ITE                      ) -- C:\Windows\SysNative\drivers\IT9135BDA.sys
[2012.06.12 16:53:30 | 000,049,152 | ---- | M] (ITE Technologies, Inc.) -- C:\Windows\SysWow64\AF9100EX.dll
[2012.06.12 16:53:30 | 000,049,152 | ---- | M] (ITE Technologies, Inc.) -- C:\Windows\SysNative\AF9100EX.dll
[2012.06.12 16:53:30 | 000,000,126 | ---- | M] () -- C:\Windows\SysNative\AF15IRTBL.bin
[2012.06.08 22:17:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.06.04 21:52:46 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.03 00:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.03 00:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.03 00:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.03 00:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.30 17:35:34 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.30 16:21:00 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
[2012.06.30 16:21:00 | 000,001,877 | ---- | C] () -- C:\Users\PIT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.06.26 19:48:42 | 000,001,095 | ---- | C] () -- C:\Users\PIT\Desktop\Game Downloader.lnk
[2012.06.26 08:43:04 | 000,020,480 | ---- | C] () -- C:\Users\PIT\Desktop\Rechnung_0000008301029364_1246204959.pdf
[2012.06.14 20:26:38 | 006,517,133 | ---- | C] () -- C:\Users\PIT\Desktop\M7_wYBkEMjU.mp3
[2012.06.14 20:24:25 | 007,195,063 | ---- | C] () -- C:\Users\PIT\Desktop\Breathe Carolina  Blackout Music Video.mp3
[2012.06.14 20:21:23 | 005,925,554 | ---- | C] () -- C:\Users\PIT\Desktop\Loreen - Euphoria (Lyrics).mp3
[2012.06.14 20:19:33 | 006,748,683 | ---- | C] () -- C:\Users\PIT\Desktop\R.I.O. feat. Nicco - Party Shaker (Official Video HD).mp3
[2012.06.13 17:48:51 | 000,001,537 | ---- | C] () -- C:\Users\Public\Desktop\EE-ZDE.lnk
[2012.06.13 17:44:14 | 000,001,637 | ---- | C] () -- C:\Users\Public\Desktop\Empire Earth.lnk
[2012.06.13 17:41:08 | 000,000,415 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012.06.12 17:27:45 | 000,001,919 | ---- | C] () -- C:\Users\Public\Desktop\ANNO 1503 spielen.lnk
[2012.06.12 17:10:44 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2012.06.12 17:10:44 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2012.06.12 17:10:44 | 000,035,840 | R--- | C] () -- C:\Windows\SysWow64\comdlg32.oca
[2012.06.12 17:10:44 | 000,029,184 | R--- | C] () -- C:\Windows\SysWow64\MSINET.oca
[2012.06.12 16:56:11 | 000,002,016 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
[2012.06.12 16:56:11 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\TotalMedia 3.5.lnk
[2012.06.12 16:53:33 | 000,000,126 | ---- | C] () -- C:\Windows\SysNative\AF15IRTBL.bin
[2012.06.08 22:17:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.06.05 10:37:40 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.04 21:52:46 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.08 10:29:44 | 000,000,260 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011.12.08 10:29:44 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011.12.08 10:29:03 | 000,000,000 | ---- | C] () -- C:\Windows\BRPARAM.INI
[2011.12.08 10:27:40 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011.12.08 10:27:37 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011.12.08 10:27:04 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2011.12.08 10:26:57 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2011.02.11 01:03:27 | 001,592,786 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== LOP Check ==========
 
[2011.11.24 10:35:26 | 000,000,000 | ---D | M] -- C:\Users\PIT\AppData\Roaming\Canon
[2011.12.08 10:33:25 | 000,000,000 | ---D | M] -- C:\Users\PIT\AppData\Roaming\ControlCenter4
[2011.10.06 21:22:48 | 000,000,000 | ---D | M] -- C:\Users\PIT\AppData\Roaming\elsterformular
[2011.12.08 10:21:46 | 000,000,000 | ---D | M] -- C:\Users\PIT\AppData\Roaming\Nuance
[2011.10.05 09:14:32 | 000,000,000 | ---D | M] -- C:\Users\PIT\AppData\Roaming\ProtectDisc
[2012.06.25 20:11:39 | 000,000,000 | ---D | M] -- C:\Users\PIT\AppData\Roaming\SoftGrid Client
[2011.10.10 19:08:25 | 000,000,000 | ---D | M] -- C:\Users\PIT\AppData\Roaming\Telefónica
[2011.10.05 12:54:28 | 000,000,000 | ---D | M] -- C:\Users\PIT\AppData\Roaming\TP
[2012.06.12 23:19:27 | 000,000,000 | ---D | M] -- C:\Users\PIT\AppData\Roaming\Windows Live Writer
[2012.06.12 13:41:25 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---
[/TABLE]
__________________

Alt 02.07.2012, 21:35   #4
markusg
/// Malware-holic
 
GVU Trojaner? - Standard

GVU Trojaner?



Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.07.2012, 13:55   #5
Mäuschens
 
GVU Trojaner? - Standard

GVU Trojaner?



Combofix Logfile:
Code:
ATTFilter
ComboFix 12-07-02.01 - PIT 03.07.2012  13:45:31.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4078.3432 [GMT 2:00]
ausgeführt von:: c:\users\PIT\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\PIT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
c:\windows\IsUn0407.exe
c:\windows\SysWow64\AF9100EX.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-03 bis 2012-07-03  ))))))))))))))))))))))))))))))
.
.
2012-07-03 11:50 . 2012-07-03 11:50	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-30 15:35 . 2012-06-30 15:35	--------	d-----w-	c:\users\PIT\AppData\Roaming\Malwarebytes
2012-06-30 15:35 . 2012-06-30 15:35	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-30 15:35 . 2012-06-30 15:35	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-30 15:35 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-30 15:25 . 2012-06-30 15:25	--------	d-----w-	c:\users\PIT\AppData\Local\ElevatedDiagnostics
2012-06-26 17:47 . 2012-06-26 17:47	--------	d-----w-	c:\program files (x86)\Game Downloader
2012-06-25 10:45 . 2012-06-25 10:45	--------	d-----w-	c:\users\PIT\AppData\Local\Sony Corporation
2012-06-25 10:19 . 2012-06-25 10:19	--------	d-----w-	c:\users\PIT\AppData\Local\Microsoft Games
2012-06-21 06:39 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-21 06:39 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-21 06:39 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-21 06:39 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-21 06:39 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-21 06:39 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-21 06:39 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-21 06:39 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-21 06:39 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-20 19:14 . 2012-06-20 19:14	--------	d-sh--we	c:\windows\SysWow64\config\systemprofile\Lokale Einstellungen
2012-06-20 19:14 . 2012-06-20 19:14	--------	d-sh--we	c:\windows\SysWow64\config\systemprofile\Anwendungsdaten
2012-06-20 19:14 . 2012-06-20 19:14	--------	d-----w-	c:\users\PIT\AppData\Local\Programs
2012-06-13 15:44 . 2012-06-13 15:44	--------	d-----w-	c:\program files (x86)\directx
2012-06-13 15:41 . 2012-06-13 15:46	--------	d-----w-	C:\Sierra
2012-06-13 08:37 . 2012-04-26 05:41	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-12 21:20 . 2012-06-12 21:21	--------	d-----w-	c:\users\PIT\AppData\Local\Windows Live
2012-06-12 21:19 . 2012-06-12 21:19	--------	d-----w-	c:\users\PIT\AppData\Local\Windows Live Writer
2012-06-12 21:19 . 2012-06-12 21:19	--------	d-----w-	c:\users\PIT\AppData\Roaming\Windows Live Writer
2012-06-12 15:24 . 2012-06-12 15:27	--------	d-----w-	c:\program files (x86)\ANNO 1503
2012-06-12 15:23 . 2002-12-05 12:10	155648	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-06-12 15:23 . 2002-12-02 13:22	5632	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-06-12 15:23 . 2002-12-02 11:33	57344	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-06-12 15:23 . 2002-12-02 11:33	32768	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-06-12 15:23 . 2002-12-02 11:33	237568	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-06-12 15:23 . 2002-12-05 12:12	692224	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-06-12 15:23 . 2012-06-12 15:23	282756	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-06-12 15:23 . 2012-06-12 15:23	163972	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-06-12 15:10 . 2001-05-04 10:05	505104	----a-r-	c:\windows\SysWow64\msxml.dll
2012-06-12 15:10 . 2002-06-17 06:25	26088	----a-r-	c:\windows\SysWow64\xmlinst.exe
2012-06-12 15:10 . 2002-04-24 11:43	35840	----a-r-	c:\windows\SysWow64\comdlg32.oca
2012-06-12 15:10 . 2002-04-09 16:23	29184	----a-r-	c:\windows\SysWow64\MSINET.oca
2012-06-12 15:10 . 2002-01-07 15:30	24576	----a-r-	c:\windows\SysWow64\msxml3a.dll
2012-06-12 15:10 . 2001-05-04 10:05	28432	----a-r-	c:\windows\SysWow64\msxmlr.dll
2012-06-12 15:10 . 2000-03-17 07:21	36864	----a-r-	c:\windows\SysWow64\xmlparse.dll
2012-06-12 15:10 . 2000-03-17 07:21	69632	----a-r-	c:\windows\SysWow64\xmltok.dll
2012-06-12 15:10 . 1998-06-17 23:00	89360	----a-r-	c:\windows\SysWow64\VB5DB.DLL
2012-06-12 15:10 . 2012-06-12 15:10	--------	d-----w-	c:\program files (x86)\Ubi Soft
2012-06-12 15:08 . 2012-06-12 15:10	--------	d-----w-	C:\BlueByte
2012-06-12 14:56 . 2012-06-12 14:56	--------	d-----w-	c:\users\PIT\AppData\Local\ArcSoft
2012-06-12 14:56 . 2012-06-20 19:16	--------	d-----w-	c:\users\PIT\AppData\Roaming\ArcSoft
2012-06-12 14:56 . 2006-11-14 09:31	22784	----a-w-	c:\windows\SysWow64\drivers\afc.sys
2012-06-12 14:53 . 2012-06-12 14:53	49152	----a-w-	c:\windows\system32\AF9100EX.dll
2012-06-12 14:53 . 2012-06-12 14:53	126	----a-w-	c:\windows\system32\AF15IRTBL.bin
2012-06-12 14:53 . 2012-06-12 14:53	114688	----a-w-	c:\windows\system32\IRMonitor.exe
2012-06-12 14:53 . 2012-06-12 14:53	113280	----a-w-	c:\windows\system32\drivers\IT9135BDA.sys
2012-06-05 14:29 . 2012-06-05 14:29	--------	d-----w-	c:\windows\system32\Macromed
2012-06-05 08:37 . 2012-06-25 10:29	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-05 08:37 . 2012-06-25 10:29	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-04 20:34 . 2012-06-04 20:34	--------	d-----w-	c:\programdata\EA Core
2012-06-04 20:34 . 2012-06-04 20:35	--------	d-----w-	c:\programdata\Electronic Arts
2012-06-04 20:33 . 2008-07-12 06:18	3851784	----a-w-	c:\windows\SysWow64\D3DX9_39.dll
2012-06-04 19:54 . 2012-06-04 19:54	--------	d-----w-	c:\program files (x86)\EA SPORTS
2012-06-04 19:36 . 2012-03-03 06:35	1544704	----a-w-	c:\windows\system32\DWrite.dll
2012-06-04 19:36 . 2012-03-03 05:31	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-06-04 19:36 . 2012-03-17 07:58	75120	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-06-04 19:36 . 2012-03-30 11:35	1918320	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-06-04 19:35 . 2012-03-31 05:42	1732096	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2012-06-04 19:35 . 2012-03-31 05:40	1402880	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2012-06-04 19:35 . 2012-03-31 05:40	1367552	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-04 19:35 . 2012-03-31 05:40	1393664	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2012-06-04 19:35 . 2012-03-31 04:29	936960	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2010-10-28 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2012-6-12 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-31 146592]
R2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-31 75936]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 DBService;DATA BECKER Update Service;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe [2010-10-28 189776]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-09 136176]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-29 2361344]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-08 144672]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
R2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-02-18 378472]
R2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [2010-11-11 199600]
R2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
R2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-02-28 852160]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 250056]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-31 36000]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys [2011-03-31 51872]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-31 259232]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-03-31 109216]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-03-31 166048]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-31 59040]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-03-31 283296]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-31 287392]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-09 136176]
R3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\Drivers\IT9135BDA.sys [2012-06-12 113280]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-12-28 12800]
R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2009-02-03 12800]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-03-29 173160]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-03-29 335464]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-02-18 546608]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-18 385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-18 99104]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2011-03-30 1021112]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-03-31 29344]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-10-19 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-29 425064]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-04-26 12032]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 10:29]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-09 12:02]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-09 12:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-03-29 518784]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-31 790176]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-31 657056]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-01 2710856]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ebay.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.178.1
.
.
------- Dateityp-Verknüpfung -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-03  13:52:11
ComboFix-quarantined-files.txt  2012-07-03 11:52
.
Vor Suchlauf: 14 Verzeichnis(se), 425.457.897.472 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 425.714.765.824 Bytes frei
.
- - End Of File - - EC61B8C290EC73E43C471C0AD5A451C8
         
--- --- ---


Alt 03.07.2012, 17:11   #6
markusg
/// Malware-holic
 
GVU Trojaner? - Standard

GVU Trojaner?



hi
gibts noch probleme?
lade den CCleaner standard:
CCleaner Download - CCleaner 3.20.1750
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
--> GVU Trojaner?

Alt 09.07.2012, 10:41   #7
Mäuschens
 
GVU Trojaner? - Standard

GVU Trojaner?



keine probleme mehr


ActiveX контрола на Windows Live Mesh за отдалечени връзкиMicrosoft Corporation20.05.20115,57MB15.4.5722.2
ActiveX-kontroll för fjärranslutningar för Windows Live MeshMicrosoft Corporation20.05.20115,37MB15.4.5722.2
Adobe AIRAdobe Systems Inc.20.05.2011 2.5.1.17730
Adobe Flash Player 11 ActiveXAdobe Systems Incorporated08.06.20126,00MB11.3.300.257
Adobe Flash Player 11 PluginAdobe Systems Incorporated25.06.20126,00MB11.3.300.262
Adobe Reader X MUIAdobe Systems Incorporated20.05.2011470MB10.0.0
Alps Pointing-device for VAIOALPS ELECTRIC CO., LTD.20.05.2011  
ArcSoft Magic-i Visual Effects 2ArcSoft26.07.201169,5MB2.0.1.142
ArcSoft TotalMedia 3.5ArcSoft12.06.2012 3.5.28.322
ArcSoft WebCam Companion 4ArcSoft20.06.201281,3MB4.0.21.484
Babylon toolbar on IE 03.07.2012  
BabylonObjectInstallerBabylon Ltd03.07.20122,05MB2.0.0.2
Bing BarMicrosoft Corporation04.07.201226,8MB7.0.850.0
Blue Byte Game ChannelUbiSoft12.06.2012  
Bluetooth Win7 Suite (64)Atheros Communications20.05.201174,2MB7.3.0.95
Brother MFL-Pro Suite MFC-J6510DWBrother Industries, Ltd.08.12.2011 1.0.20.0
Canon Easy-WebPrint EX 05.10.2011  
Canon Inkjet Printer/Scanner/Fax Extended Survey Program 05.10.2011  
Canon Kurzwahlprogramm 05.10.2011  
Canon MP Navigator EX 3.1 05.10.2011  
Canon MX870 series Benutzerregistrierung 05.10.2011  
Canon MX870 series MP Drivers 05.10.2011  
Canon Utilities Easy-PhotoPrint EX 05.10.2011  
Canon Utilities My Printer 05.10.2011  
Canon Utilities Solution Menu 05.10.2011  
CCleanerPiriform22.06.2012 3.20
Conexant HD AudioConexant20.05.2011 8.54.0.53
Control ActiveX Windows Live Mesh pentru conexiuni la distanțăMicrosoft Corporation20.05.20115,37MB15.4.5722.2
Controlo ActiveX do Windows Live Mesh para Ligações RemotasMicrosoft Corporation20.05.20115,38MB15.4.5722.2
Contrôle ActiveX Windows Live Mesh pour connexions à distanceMicrosoft Corporation20.05.20115,37MB15.4.5722.2
ElsterFormularLandesfinanzdirektion Thüringen06.10.2011 12.4.0.7094u
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnychMicrosoft Corporation20.05.20115,37MB15.4.5722.2
FUSSBALL MANAGER 12Electronic Arts04.06.20126,56GB1.0.0.0
Google ChromeGoogle Inc.09.10.2011 20.0.1132.47
Google EarthGoogle22.11.201192,7MB6.1.0.5001
Intel(R) Control CenterIntel Corporation20.05.2011 1.2.1.1007
Intel(R) Management Engine ComponentsIntel Corporation20.05.2011 7.0.0.1144
Intel(R) Rapid Storage TechnologyIntel Corporation20.05.2011 10.0.0.1046
Java(TM) 6 Update 22Oracle20.05.201197,0MB6.0.220
Java(TM) 6 Update 22 (64-bit)Oracle20.05.201190,6MB6.0.220
Malwarebytes Anti-Malware Version 1.61.0.1400Malwarebytes Corporation30.06.201218,0MB1.61.0.1400
Microsoft .NET Framework 4 Client ProfileMicrosoft Corporation11.02.201138,8MB4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language PackMicrosoft Corporation20.05.20112,93MB4.0.30319
Microsoft .NET Framework 4 ExtendedMicrosoft Corporation11.02.201151,9MB4.0.30319
Microsoft .NET Framework 4 Extended DEU Language PackMicrosoft Corporation20.05.201110,6MB4.0.30319
Microsoft Office 2010Microsoft Corporation20.05.20116,31MB14.0.4763.1000
Microsoft Office Klick-und-Los 2010Microsoft Corporation05.10.2011 14.0.4763.1000
Microsoft Office Starter 2010 - DeutschMicrosoft Corporation05.10.2011 14.0.4763.1000
Microsoft Security EssentialsMicrosoft Corporation03.07.2012 4.0.1526.0
Microsoft SilverlightMicrosoft Corporation04.06.2012100MB4.1.10329.0
Microsoft SQL Server 2005 Compact Edition [ENU]Microsoft Corporation20.05.20111,69MB3.1.0000
Microsoft Visual C++ 2005 RedistributableMicrosoft Corporation09.12.2011300KB8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64)Microsoft Corporation08.12.2011610KB8.0.61000
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Corporation06.10.2011600KB9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Corporation05.06.201212,3MB10.0.40219
Mobile Connection ManagerMobile Connection Manager10.10.2011  
MSXML 4.0 SP3 ParserMicrosoft Corporation20.05.20111,47MB4.30.2100.0
MSXML 4.0 SP3 Parser (KB973685)Microsoft Corporation04.10.20111,53MB4.30.2107.0
Nuance PaperPort 12Nuance Communications, Inc.08.12.2011203MB12.1.0000
Nuance PDF Viewer PlusNuance Communications, Inc08.12.201138,0MB5.30.3290
NVIDIA 3D Vision Treiber 267.21NVIDIA Corporation20.05.2011 267.21
NVIDIA Grafiktreiber 267.21NVIDIA Corporation20.05.2011 267.21
NVIDIA HD-Audiotreiber 1.2.19.0NVIDIA Corporation20.05.2011 1.2.19.0
NVIDIA PhysX-Systemsoftware 9.10.0514NVIDIA Corporation20.05.2011 9.10.0514
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojeníMicrosoft Corporation20.05.20115,37MB15.4.5722.2
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojeniaMicrosoft Corporation20.05.20115,37MB15.4.5722.2
PaperPort Image Printer 64-bitNuance Communications, Inc.08.12.2011558KB1.00.0001
PMBSony Corporation20.05.2011282MB5.5.02.12220
Protect Disc License Helper 1.0.125 (IE)Protect Disc05.10.2011 1.0.125
ProtectDisc Driver, Version 11ProtectDisc Software GmbH05.10.2011 11.0.0.14
Realtek PCIE Card ReaderRealtek Semiconductor Corp.20.05.2011 6.1.7600.77
Skype™ 5.1Skype Technologies S.A.20.05.201122,5MB5.1.104
Uzak Bağlantılar İçin Windows Live Mesh ActiveX DenetimiMicrosoft Corporation20.05.20115,37MB15.4.5722.2
VAIO - Media GallerySony Corporation20.05.2011 1.5.0.16020
VAIO - PMB VAIO Edition GuideSony Corporation20.05.201172,3MB1.5.00.02250
VAIO - PMB VAIO Edition Plug-inSony Corporation20.05.2011193MB1.5.00.04060
VAIO - Remote Play mit PlayStation®3Sony Corporation20.05.2011 1.1.0.15070
VAIO - Remote-TastaturSony Corporation20.05.2011 1.0.1.03020
VAIO CareSony Corporation20.05.2011 6.4.0.15030
VAIO Control CenterSony Corporation20.05.2011 4.5.0.03040
VAIO Data Restore ToolSony Corporation20.05.2011 1.6.0.13140
VAIO Easy ConnectSony Corporation20.05.2011 1.0.0.03050
VAIO Event ServiceSony Corporation20.05.2011 5.5.0.03040
VAIO GateSony Corporation20.05.2011 2.3.0.11090
VAIO Gate DefaultSony Corporation20.05.2011 2.4.0.03240
VAIO Hero Screensaver - Summer 2011 Screensaver 26.07.2011  
VAIO ImprovementSony Corporation20.05.2011 1.0.0.14150
VAIO Improvement ValidationSony Corporation20.05.2011496KB1.0.4.01190
VAIO Quick Web AccessSony Corporation20.05.2011334MB1.4.5.3
VAIO Sample ContentsSony Corporation20.05.2011 1.4.2.09010
VAIO Smart NetworkSony Corporation20.05.2011 3.5.0.02280
VAIO UpdateSony Corporation20.05.2011 5.4.0.15300
VAIO-HandbuchSony Corporation20.05.2011 2.0.0.02250
VAIO-Support für ÜbertragungenSony Corporation20.05.2011 1.4.0.14230
Windows Live EssentialsMicrosoft Corporation20.05.2011 15.4.3508.1109
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingenMicrosoft Corporation20.05.20115,37MB15.4.5722.2
Windows Live Mesh ActiveX control for remote connectionsMicrosoft Corporation20.05.20115,38MB15.4.5722.2
Windows Live Mesh ActiveX Control for Remote ConnectionsMicrosoft Corporation20.05.20115,37MB15.4.5722.2
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblingerMicrosoft Corporation20.05.20115,37MB15.4.5722.2
Windows Live Mesh ActiveX-objekt til fjernforbindelserMicrosoft Corporation20.05.20115,37MB15.4.5722.2
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhozMicrosoft Corporation20.05.20115,38MB15.4.5722.2
Windows Live Meshin etäyhteyksien ActiveX-komponenttiMicrosoft Corporation20.05.20115,37MB15.4.5722.2
ZTE USB DriverZTE Corporation10.10.2011 1.0.1.25_TME
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσειςMicrosoft Corporation20.05.20115,38MB15.4.5722.2
Елемент керування Windows Live Mesh ActiveX для віддалених підключеньMicrosoft Corporation20.05.20115,38MB15.4.5722.2
Элемент управления Windows Live Mesh ActiveX для удаленных подключенийMicrosoft Corporation20.05.20115,37MB15.4.5722.2



Danke nochmal für die Schnelle und Gute Hilfe!!!

Alt 10.07.2012, 14:35   #8
markusg
/// Malware-holic
 
GVU Trojaner? - Standard

GVU Trojaner?



die beschriftungen fehlen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu GVU Trojaner?
abgesicherte, abgesicherten, abgesicherten modus, anti-malware, eingefangen, gefangen, gen, gescannt, gesetzt, glaube, innerhalb, kinderpornos, laptop, malwarebytes, malwarebytes anti-malware, modus, runtergeladen, stunde, stunden, troja, trojaner, trojaner?, verstößt, virus, zahlen



Zum Thema GVU Trojaner? - Hallo, ich glaube ich habe diesen GVU Trojaner eingefangen!! Da steht das ich irgendwelchen Kinderpornos geguckt haben soll und das gegen gesetzt xy verstößt und ich 100€ per paysafecard zahlen - GVU Trojaner?...
Archiv
Du betrachtest: GVU Trojaner? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.