Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
GVU Trojaner neue Version? anderes Bild

GVU Trojaner neue Version? anderes Bild


Plagegeister aller Art und deren Bekämpfung: GVU Trojaner neue Version? anderes Bild

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 27.01.2013, 13:35   #1
Tarikron
 
GVU Trojaner neue Version? anderes Bild - Standard

GVU Trojaner neue Version? anderes Bild


Hallo liebe Helfer,

vom Trojaner erwischt.

war gerade im Netz unterwegs als plötzlich ein ziemlich offiziell aussehendes Fenster aufpoppte mit der Meldung "Rechner gesperrt."

kam dann über mein Tablet auf euer Forum.
Was habe ich versucht
- Taskmanager blockiert
- neustart ohne erfolg
- abgesicherter modus geht habe auch schon gescannt mit olt.

wäre über die ersten schritte dankbar.
mein arbeitsmittel sind:
- tablett
- mac ohne brenner
- usb stick,

mein pc ist auf alle fälle vom usb stick bootbar, weis aber nicht wie ich einen bootfähigen usb stick erstelle

Pc win 7 ultimate
bin über hilfe dankbar.

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.01.2013 13:55:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxxxxxxx\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 7,00 Gb Available Physical Memory | 87,49% Memory free
16,00 Gb Paging File | 14,99 Gb Available in Paging File | 93,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 573,74 Gb Free Space | 61,60% Space Free | Partition Type: NTFS
 
Computer Name: AYLA | User Name: xxxxxxxx | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xxxxxxxx\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (Sony SCSI Helper Service) -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (BlueSoleilCS) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (IVT Corporation)
SRV - (BsHelpCS) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe (IVT Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows (R) 2000 DDK provider)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (hotcore3) -- C:\Windows\SysNative\drivers\hotcore3.sys (Paragon Software Group)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (BT) -- C:\Windows\SysNative\drivers\btnetdrv.sys (IVT Corporation.)
DRV:64bit: - (Btcsrusb) -- C:\Windows\SysNative\drivers\btcusb.sys (IVT Corporation.)
DRV:64bit: - (btnetBUs) -- C:\Windows\SysNative\drivers\btnetBus.sys ()
DRV:64bit: - (IvtBtBUs) -- C:\Windows\SysNative\drivers\IvtBtBus.sys (IVT Corporation.)
DRV:64bit: - (BtHidBus) -- C:\Windows\SysNative\drivers\BtHidBus.sys (IVT Corporation.)
DRV:64bit: - (BTCOMBUS) -- C:\Windows\SysNative\drivers\btcombus.sys (IVT Corporation.)
DRV:64bit: - (BTCOM) -- C:\Windows\SysNative\drivers\btcomport.sys (IVT Corporation.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (VF0270Dev) -- C:\Windows\SysNative\drivers\V0270Dev.sys (Creative Technology Ltd.)
DRV:64bit: - (SaiH0109) -- C:\Windows\SysNative\drivers\SaiH0109.sys (Saitek)
DRV:64bit: - (SaiU0109) -- C:\Windows\SysNative\drivers\SaiU0109.sys (Saitek)
DRV:64bit: - (VF0270Vfx) -- C:\Windows\SysNative\drivers\V0270Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (SSPORT) -- C:\Windows\SysWOW64\drivers\SSPORT.SYS (Samsung Electronics)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3223407131-3332895561-2573231389-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3223407131-3332895561-2573231389-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3223407131-3332895561-2573231389-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 06 4C E1 74 FC CD 01  [binary data]
IE - HKU\S-1-5-21-3223407131-3332895561-2573231389-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3223407131-3332895561-2573231389-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3223407131-3332895561-2573231389-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3223407131-3332895561-2573231389-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.5
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\xxxxxxxx\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.04 01:22:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.11 09:37:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.16 18:24:35 | 000,000,000 | ---D | M]
 
[2011.11.28 22:31:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxxxx\AppData\Roaming\mozilla\Extensions
[2013.01.11 08:51:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\bs41gjm7.default\extensions
[2012.11.15 19:47:24 | 000,124,993 | ---- | M] () (No name found) -- C:\Users\xxxxxxxx\AppData\Roaming\mozilla\firefox\profiles\bs41gjm7.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012.06.01 18:04:20 | 000,138,110 | ---- | M] () (No name found) -- C:\Users\xxxxxxxx\AppData\Roaming\mozilla\firefox\profiles\bs41gjm7.default\extensions\betterfacebook@mattkruse.com.xpi
[2012.11.03 09:57:42 | 000,004,404 | ---- | M] () (No name found) -- C:\Users\xxxxxxxx\AppData\Roaming\mozilla\firefox\profiles\bs41gjm7.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2013.01.11 08:51:15 | 000,347,812 | ---- | M] () (No name found) -- C:\Users\xxxxxxxx\AppData\Roaming\mozilla\firefox\profiles\bs41gjm7.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012.12.12 12:15:29 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\xxxxxxxx\AppData\Roaming\mozilla\firefox\profiles\bs41gjm7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.01.05 19:16:44 | 000,220,411 | ---- | M] () (No name found) -- C:\Users\xxxxxxxx\AppData\Roaming\mozilla\firefox\profiles\bs41gjm7.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012.11.23 13:16:29 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\xxxxxxxx\AppData\Roaming\mozilla\firefox\profiles\bs41gjm7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.01.11 09:37:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.11 09:37:31 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.26 19:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.06.20 06:17:33 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 12:53:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.20 06:17:33 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.20 06:17:33 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.20 06:17:33 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.20 06:17:33 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Reader Application Detector (Enabled) = C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\xxxxxxxx\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - Extension: Google Docs = C:\Users\xxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.4_0\
CHR - Extension: Google Drive = C:\Users\xxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\xxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\xxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\xxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.56_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\xxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\xxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (smartdownloader Class) - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - C:\Program Files (x86)\PutLockerDownloader\smarterdownloader.dll File not found
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [3180 Scan2PC] C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [CLX3180_Scan2Pc] C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [V0270Mon.exe] C:\Windows\V0270Mon.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3223407131-3332895561-2573231389-1001..\Run: [Akamai NetSession Interface] C:\Users\xxxxxxxx\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-3223407131-3332895561-2573231389-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3223407131-3332895561-2573231389-1001..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-3223407131-3332895561-2573231389-1001..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-3223407131-3332895561-2573231389-1001..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\S-1-5-21-3223407131-3332895561-2573231389-1001..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\xxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\xxxxxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3223407131-3332895561-2573231389-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8:64bit: - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\xxxxxxxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\xxxxxxxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7132C16D-8E33-4643-A32C-30452E43E06C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{081c25f1-554b-11e1-af88-e06995ea6cf5}\Shell - "" = AutoRun
O33 - MountPoints2\{081c25f1-554b-11e1-af88-e06995ea6cf5}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{b234beaf-6a15-11e1-b544-e06995ea6cf5}\Shell - "" = AutoRun
O33 - MountPoints2\{b234beaf-6a15-11e1-b544-e06995ea6cf5}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.25 09:45:08 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\Documents\00 JavaSchulungen
[2013.01.24 23:57:25 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Roaming\Apple Computer
[2013.01.24 23:57:25 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Local\Apple Computer
[2013.01.24 23:57:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Unity
[2013.01.22 09:19:15 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Local\Star Prospector
[2013.01.22 09:17:35 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Prospector
[2013.01.21 18:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Empire Interactive
[2013.01.21 17:33:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Space Hack
[2013.01.19 04:53:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DreamCatcher
[2013.01.19 02:48:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Unity Projects
[2013.01.19 02:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity
[2013.01.19 02:37:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unity
[2013.01.18 08:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.01.18 08:20:06 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Local\Google
[2013.01.18 08:20:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.01.18 08:19:52 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Local\Apps
[2013.01.18 08:19:51 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Local\Deployment
[2013.01.16 18:23:54 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.01.16 18:23:54 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.01.16 18:23:54 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.01.11 09:37:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.09 20:26:47 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.01.09 20:26:46 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.01.09 20:26:46 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.01.09 20:26:16 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.01.02 02:23:50 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013.01.02 02:23:50 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013.01.02 02:23:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013.01.02 02:23:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013.01.02 02:23:49 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013.01.02 02:23:49 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013.01.02 02:23:49 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013.01.02 02:23:49 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.01.02 02:23:49 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.01.02 02:23:49 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013.01.02 02:23:49 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013.01.02 02:23:49 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013.01.02 02:23:49 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013.01.02 02:23:49 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013.01.02 02:23:49 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013.01.02 02:23:49 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013.01.02 02:23:49 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.01.02 02:23:49 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013.01.02 02:23:49 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.01.02 02:23:49 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013.01.02 02:23:49 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013.01.02 02:23:48 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.01.02 02:23:48 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.01.02 02:23:48 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013.01.02 02:23:18 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2013.01.02 02:23:18 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2013.01.02 02:23:18 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2013.01.02 02:23:18 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2013.01.02 02:22:04 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2013.01.02 02:22:02 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2013.01.02 02:22:02 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2013.01.02 02:22:02 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2013.01.02 02:21:57 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013.01.02 02:21:53 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2013.01.02 02:21:53 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013.01.02 02:21:53 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2013.01.02 02:21:53 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2013.01.02 02:21:53 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2013.01.02 02:21:53 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2013.01.02 02:21:29 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.12.29 01:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZU-ONLINE
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.27 13:54:53 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.27 13:54:53 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.27 13:54:53 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.27 13:54:53 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.27 13:54:53 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.27 13:50:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.27 13:50:25 | 2146,787,327 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.27 13:31:25 | 095,023,320 | ---- | M] () -- C:\ProgramData\bm3d4eE.pad
[2013.01.27 13:30:28 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.27 13:30:24 | 000,001,171 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2013.01.27 12:25:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.27 11:56:26 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.27 11:56:26 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.27 11:45:43 | 000,003,274 | ---- | M] () -- C:\ProgramData\bm3d4eE.js
[2013.01.27 11:45:43 | 000,000,153 | ---- | M] () -- C:\ProgramData\bm3d4eE.reg
[2013.01.27 11:45:43 | 000,000,082 | ---- | M] () -- C:\ProgramData\bm3d4eE.bat
[2013.01.27 11:45:42 | 000,001,081 | ---- | M] () -- C:\Users\xxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.27 11:44:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.25 10:25:45 | 000,013,013 | ---- | M] () -- C:\Users\xxxxxxxx\Desktop\Bewerbun gsübersicht.ods
[2013.01.17 00:56:35 | 001,713,752 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\1.jpeg
[2013.01.17 00:56:35 | 001,485,444 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\11.jpeg
[2013.01.12 03:30:18 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.01.12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.01.12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.01.10 13:25:32 | 000,299,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.10 07:36:06 | 001,590,298 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.09 16:44:44 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.01.09 16:44:44 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.27 11:45:43 | 000,003,274 | ---- | C] () -- C:\ProgramData\bm3d4eE.js
[2013.01.27 11:45:43 | 000,000,153 | ---- | C] () -- C:\ProgramData\bm3d4eE.reg
[2013.01.27 11:45:43 | 000,000,082 | ---- | C] () -- C:\ProgramData\bm3d4eE.bat
[2013.01.27 11:45:42 | 000,001,081 | ---- | C] () -- C:\Users\xxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.27 11:45:41 | 095,023,320 | ---- | C] () -- C:\ProgramData\bm3d4eE.pad
[2013.01.24 17:37:32 | 000,013,013 | ---- | C] () -- C:\Users\xxxxxxxx\Desktop\Bewerbun gsübersicht.ods
[2013.01.18 08:20:09 | 000,001,114 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.18 08:20:08 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.17 00:56:33 | 001,485,444 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\11.jpeg
[2013.01.17 00:56:31 | 001,713,752 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\1.jpeg
[2013.01.02 02:23:18 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.10.17 14:11:05 | 000,008,192 | ---- | C] () -- C:\Users\xxxxxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.26 19:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.09.26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.09.26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.09.26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.09.26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.08.18 12:35:11 | 000,182,272 | ---- | C] () -- C:\Windows\patchw32.dll
[2012.04.18 21:10:13 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.07 15:22:00 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2012.01.07 15:21:50 | 006,366,094 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-53.dll
[2012.01.07 15:21:50 | 001,007,151 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-53.dll
[2012.01.07 15:21:50 | 000,354,979 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
[2012.01.07 15:21:50 | 000,203,306 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll
[2012.01.07 15:21:50 | 000,138,727 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-2.dll
[2012.01.07 13:55:11 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012.01.07 13:55:11 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.01.07 13:55:07 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.01.07 13:55:07 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012.01.02 08:08:34 | 000,006,495 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2012.01.02 08:08:33 | 000,000,096 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2012.01.01 15:06:52 | 000,113,768 | ---- | C] () -- C:\Windows\Wiainst.exe
[2012.01.01 13:07:11 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI
[2011.12.28 23:36:53 | 000,493,432 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.12.19 07:29:40 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.12.19 07:27:16 | 000,236,544 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.12.10 10:31:48 | 000,002,785 | ---- | C] () -- C:\Users\xxxxxxxx\.recently-used.xbel
[2011.12.07 23:39:23 | 000,000,000 | ---- | C] () -- C:\Windows\TOONO.INI
[2011.11.30 19:49:13 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.11.30 07:29:27 | 000,007,605 | ---- | C] () -- C:\Users\xxxxxxxx\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.17 13:59:05 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\ACD Systems
[2012.05.21 23:01:55 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\Aeria Games & Entertainment
[2012.06.28 18:31:12 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\Awesomium
[2012.02.04 01:14:35 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\Babylon
[2012.02.13 00:49:47 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\BoneCraft
[2012.02.12 19:29:37 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\DAEMON Tools Lite
[2013.01.27 13:31:01 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\Dropbox
[2012.11.03 09:58:40 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\DVDVideoSoft
[2012.11.02 20:12:04 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.11.30 19:12:55 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\Easeware
[2012.07.12 00:19:48 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\Evaer
[2011.11.28 22:54:01 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\FlashGet
[2012.08.18 11:51:44 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\GHISLER
[2011.12.07 23:45:15 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\gtk-2.0
[2011.12.10 10:34:09 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\IrfanView
[2012.01.24 21:14:30 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\Leadertech
[2011.11.30 20:34:10 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\LolClient
[2012.01.26 21:03:11 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\MAGIX
[2013.01.16 23:58:10 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\NetSpeedMonitor
[2011.12.28 22:46:39 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\OpenOffice.org
[2012.08.13 07:41:44 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\Orbit
[2012.04.11 21:29:08 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\ProgSense
[2012.11.17 16:19:57 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\RenPy
[2012.10.17 19:46:48 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\Samsung
[2013.01.24 23:49:05 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\TS3Client
[2012.05.07 18:37:45 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\ts3overlay
[2012.11.18 22:34:23 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\ts3overlay_hook_win64
[2012.03.04 08:38:49 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\TuneUp Software
[2011.12.02 01:54:03 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\Unity
[2012.10.17 13:48:18 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---
Geändert von Tarikron (27.01.2013 um 14:14 Uhr)

 

Themen zu GVU Trojaner neue Version? anderes Bild
adware.hotbar.rb, bootfähige, exploit.java.blacole.f, exploit.java.cve, exploit.java.cve-2012-0507.z, exploit.pdf-js.gw, gen:adware.heur.qu0@ribiphdi, gen:heur.pif.4, java.exploit.cve-2011-3544.f, js:trojan.js.agent.go, launch, neue version, nvidia update, packer.modifiedupx, plug-in, pup.netcat, tablet, trojan.dropper, trojan.generic.7731122, trojan.generic.7918766, trojan.java.exploit.i, trojan.java.exploit.n, trojan.java.exploit.s, trojan.js.agent.euw, trojan.ransom, trojan.ransom.sugen, trojan.script.480412, trojan.win32.dropper, unterwegs, usb stick


« mystart incredibar virus | Malewarebytes Anti-Malware und viele PUP.LoadTubes »


Ähnliche Themen: GVU Trojaner neue Version? anderes Bild


  1. Ist das ein Virus oder etwas anderes? Mit Bild.
    Plagegeister aller Art und deren Bekämpfung - 03.05.2015 (11)
  2. YouTube Videos ohne Bild angezeigt! Neuste Version von Flash schon installiert-GoogleChrome
    Plagegeister aller Art und deren Bekämpfung - 26.02.2014 (3)
  3. Neue Version BKA- Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 12.10.2013 (5)
  4. GVU Trojaner (neue Version)
    Plagegeister aller Art und deren Bekämpfung - 09.07.2013 (15)
  5. GVU Trojaner neue Version, explorer.exe blockiert
    Log-Analyse und Auswertung - 27.05.2013 (3)
  6. BKA Trojaner-Neue Version? Entschlüsseln der Dateien?
    Plagegeister aller Art und deren Bekämpfung - 31.01.2013 (7)
  7. BKA Trojaner neue version
    Plagegeister aller Art und deren Bekämpfung - 08.12.2012 (2)
  8. Neue Version von Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 12.09.2012 (9)
  9. BKA Trojaner Österreich - ganz neue Version - Win XP
    Plagegeister aller Art und deren Bekämpfung - 27.07.2012 (9)
  10. Bundespolizei Trojaner (neue Version) auf Win XP Pro
    Log-Analyse und Auswertung - 08.07.2012 (13)
  11. Verschlüsselungs-Trojaner, Neue Version
    Plagegeister aller Art und deren Bekämpfung - 13.06.2012 (1)
  12. Neue Version Verschlüsslungstrojaner
    Log-Analyse und Auswertung - 10.06.2012 (1)
  13. Windows Verschlüsselungs Trojaner neue Version nur Buchstabensalat
    Log-Analyse und Auswertung - 05.06.2012 (1)
  14. neue version von SmitFraud?
    Plagegeister aller Art und deren Bekämpfung - 01.07.2008 (9)
  15. Neue Hardware Teile -> Kein Bild mehr
    Netzwerk und Hardware - 31.01.2007 (2)
  16. Spybot SD Version 1.4 RC (Neue Version)
    Antiviren-, Firewall- und andere Schutzprogramme - 25.05.2006 (13)
  17. Neue Version von STINGER
    Antiviren-, Firewall- und andere Schutzprogramme - 21.02.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Trojaner neue Version? anderes Bild - Hallo liebe Helfer, vom Trojaner erwischt. war gerade im Netz unterwegs als plötzlich ein ziemlich offiziell aussehendes Fenster aufpoppte mit der Meldung "Rechner gesperrt." kam dann über mein Tablet auf - GVU Trojaner neue Version? anderes Bild...
Archiv
Du betrachtest: GVU Trojaner neue Version? anderes Bild auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131