Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner gefunden; noch keine Folgen des Trojaners

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.02.2013, 07:55   #1
ananas1301
 
GVU-Trojaner gefunden; noch keine Folgen des Trojaners - Standard

GVU-Trojaner gefunden; noch keine Folgen des Trojaners



Hallo,
ich bin auch gezwungener Maßen neu hier
Also Brief von Telekom kommt bei uns zu Hause an und sagt, dass an einem der Recher ein Trojaner ist. Wir habem mehrere PC´s am gleichen Netzwerk hängen. Frage: ist das schlimm? Verbreitet sich der Virus auch über das einfach WLAN-Netz?

Ich habe hier die LOG-Datei von Malware. Ich habe Avira auch einmal suchen lassen, jedoch hat der nichts gefunden.
Ich kopiere bereits alle Dokumente etc. auf eine externe Festplatte. Wäre nur seeehr nervig, wenn ich Win7 neu aufsetzten müsste, also hoffe ich mit euerer Hilfe, den Trojaner so schnell wie möglich harmlos zu machen.


Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.19.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
xxxx :: xxxx-VAIO [Administrator]

20.02.2013 00:27:01
MBAM-log-2013-02-20 (07-42-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 375102
Laufzeit: 1 Stunde(n), 30 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Keine Aktion durchgeführt.

(Ende)

Alt 20.02.2013, 08:01   #2
Psychotic
/// Malwareteam
 
GVU-Trojaner gefunden; noch keine Folgen des Trojaners - Standard

GVU-Trojaner gefunden; noch keine Folgen des Trojaners



Um eine genauere Analyse zu ermöglichen, befolge bitte diesen Link:

An alle Hilfesuchenden! Was muss ich vor Eröffnung eines Themas beachten?

Hinweis: Poste die erstellten Logfiles hier in deinem Thema - erstelle kein neues!

Falls bereits installierte Antivirensoftware Funde gemeldet hat: Füge unbedingt die entsprechenden Logdateien bei!
__________________

__________________

Alt 20.02.2013, 23:44   #3
ananas1301
 
GVU-Trojaner gefunden; noch keine Folgen des Trojaners - Standard

GVU-Trojaner gefunden; noch keine Folgen des Trojaners



Hallo,

so: Ich habe die Schritte befolgt und hier sind die Dateien. Wie bereits oben geschrieben. Ich bin auf den Trojaner gestoßen als wir einen Brief von Telekom bekommen haben, der sagte, dass ein Trojaner bei einem unserer Rechner wäre. Habe anschließend meinen mit Malwarebyter gescannt und ihn NICHT entfernen lassen, was ich nichts direkt auf eigene Initiative machen wollte (wie hier im Forum stark proklamiert). Der Trojaner hat bisher also nichts gemacht, oder?! Was tut er? Kann er sich auch über das WLAN Netzwerk verbreiten, sodass ich die anderen auch nochmal scannen muss? DANKE für die Hilfe!

Defogger hat folgendes gesagt:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:04 on 20/02/2013 (Anas)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-



OTL hat dann diese beiden Teile gespeichert:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.02.2013 21:06:09 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Anas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,92 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 62,91% Memory free
7,84 Gb Paging File | 6,12 Gb Available in Paging File | 78,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,66 Gb Total Space | 267,38 Gb Free Space | 58,68% Space Free | Partition Type: NTFS
Drive E: | 620,16 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 1863,01 Gb Total Space | 238,39 Gb Free Space | 12,80% Space Free | Partition Type: NTFS
 
Computer Name: ANAS-VAIO | User Name: Anas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.20 21:04:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anas\Desktop\OTL.exe
PRC - [2013.02.13 03:29:26 | 000,389,928 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2013.02.13 03:29:22 | 000,536,360 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2013.02.12 21:30:34 | 000,444,712 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.10.28 21:56:07 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Anas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.08.14 12:29:47 | 000,026,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\Marketing Tools\MarketingTools.exe
PRC - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.18 17:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.03 08:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2010.02.19 18:19:24 | 000,529,776 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2009.11.30 18:20:00 | 000,204,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
PRC - [2009.11.30 18:20:00 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
PRC - [2009.10.24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009.10.24 02:18:52 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe
PRC - [2009.10.13 20:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.10.13 20:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.09.14 18:24:08 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009.09.14 17:53:48 | 000,642,416 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009.08.26 18:24:00 | 000,320,880 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe
PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.01.04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.13 03:31:09 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll
MOD - [2013.02.13 03:30:48 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.01.09 03:29:17 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.09 03:29:00 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.09 03:28:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.09 03:28:56 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.09 03:28:41 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.09.16 22:28:42 | 000,167,424 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector)
SRV - [2013.02.19 21:32:31 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.14 03:14:02 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.13 03:29:26 | 000,389,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013.02.13 03:29:22 | 000,536,360 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2013.02.12 22:03:26 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - [2013.02.12 21:30:34 | 000,444,712 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2013.02.09 23:25:31 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.07 13:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.10.26 09:44:28 | 001,286,784 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 18:19:28 | 000,115,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2010.02.19 18:19:24 | 000,529,776 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2009.11.30 18:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2009.11.30 18:20:00 | 000,204,648 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009.11.25 18:06:06 | 000,821,760 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2009.10.24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009.10.15 15:34:36 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009.10.15 15:34:36 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009.10.15 15:34:36 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009.10.15 15:34:34 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009.10.15 15:34:34 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009.10.13 20:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2009.09.21 15:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009.09.21 15:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2009.09.14 18:24:08 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009.09.14 18:24:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009.09.14 17:53:48 | 000,642,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009.09.04 22:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.09.01 20:42:00 | 000,361,840 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2009.08.31 00:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009.08.31 00:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.06 16:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008.09.18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.01.04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.12 21:51:52 | 000,042,184 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013.02.11 21:59:31 | 000,086,384 | ---- | M] (Hola Networks Ltd.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\hola_net.sys -- (hola_net)
DRV:64bit: - [2013.01.10 20:44:02 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012.08.14 22:49:10 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.08.01 19:13:40 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012.07.18 17:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.07.18 17:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.07.18 17:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.06.04 12:42:44 | 000,071,680 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabser.sys -- (silabser)
DRV:64bit: - [2012.06.04 12:42:44 | 000,027,336 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabenm.sys -- (silabenm)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.11.18 21:03:16 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.11.18 21:03:15 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.11.18 21:03:15 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.11.18 21:03:13 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009.11.18 21:02:45 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.11.06 21:34:48 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.11.06 21:27:30 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2009.11.05 07:30:19 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.11.04 10:59:59 | 000,253,488 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.10.27 21:06:59 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.10.13 20:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.09.15 21:09:08 | 000,075,776 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2009.09.15 11:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.08.19 21:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.08.05 22:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009.07.31 21:02:03 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 13:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009.05.20 11:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007.04.17 10:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.04.17 19:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\regi.sys -- (regi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8e219849-c80e-4ad0-b7c7-df6543a56cd1&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8e219849-c80e-4ad0-b7c7-df6543a56cd1&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8e219849-c80e-4ad0-b7c7-df6543a56cd1&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8e219849-c80e-4ad0-b7c7-df6543a56cd1&affid=111585&searchtype=hp&babsrc=lnkry_nt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8e219849-c80e-4ad0-b7c7-df6543a56cd1&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8e219849-c80e-4ad0-b7c7-df6543a56cd1&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8e219849-c80e-4ad0-b7c7-df6543a56cd1&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3AC7320F-4EBE-4498-85C1-199DA863FCFA}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363
IE - HKCU\..\SearchScopes\{604ADECF-574B-444D-9DDA-1B0EC78A8B95}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC
IE - HKCU\..\SearchScopes\{9EE59456-569A-4F16-B0F5-258B7ABE0B7B}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{AD84026C-168D-45F3-8A91-15C3C21D2FE5}: "URL" = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8555
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.4
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: afurladvisor%40anchorfree.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..keyword.URL: "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8e219849-c80e-4ad0-b7c7-df6543a56cd1&affid=111585&searchtype=ds&babsrc=lnkry&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.19 21:32:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.19 21:32:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.08.14 13:14:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anas\AppData\Roaming\mozilla\Extensions
[2013.02.14 21:44:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anas\AppData\Roaming\mozilla\Firefox\Profiles\exvch0v7.default\extensions
[2013.01.18 15:21:42 | 000,538,938 | ---- | M] () (No name found) -- C:\Users\Anas\AppData\Roaming\mozilla\firefox\profiles\exvch0v7.default\extensions\toolbar@web.de.xpi
[2012.12.12 08:09:35 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Anas\AppData\Roaming\mozilla\firefox\profiles\exvch0v7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.02.14 21:44:33 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Anas\AppData\Roaming\mozilla\firefox\profiles\exvch0v7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.01.18 15:21:44 | 000,000,911 | ---- | M] () -- C:\Users\Anas\AppData\Roaming\mozilla\firefox\profiles\exvch0v7.default\searchplugins\11-suche.xml
[2013.01.18 15:21:44 | 000,002,273 | ---- | M] () -- C:\Users\Anas\AppData\Roaming\mozilla\firefox\profiles\exvch0v7.default\searchplugins\englische-ergebnisse.xml
[2013.01.18 15:21:44 | 000,010,563 | ---- | M] () -- C:\Users\Anas\AppData\Roaming\mozilla\firefox\profiles\exvch0v7.default\searchplugins\gmx-suche.xml
[2013.01.18 15:21:44 | 000,002,432 | ---- | M] () -- C:\Users\Anas\AppData\Roaming\mozilla\firefox\profiles\exvch0v7.default\searchplugins\lastminute.xml
[2012.08.14 23:09:33 | 000,002,474 | ---- | M] () -- C:\Users\Anas\AppData\Roaming\mozilla\firefox\profiles\exvch0v7.default\searchplugins\Web Search.xml
[2013.01.18 15:21:44 | 000,005,545 | ---- | M] () -- C:\Users\Anas\AppData\Roaming\mozilla\firefox\profiles\exvch0v7.default\searchplugins\webde-suche.xml
[2013.02.19 21:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.19 21:32:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.02.19 21:32:25 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com
[2013.02.19 21:32:31 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 00:03:24 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKCU..\Run: [Spotify] C:\Users\Anas\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Anas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-S8QKV.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Anas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Anas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Anas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Anas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 10.5.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.11.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46404E14-D2C3-472A-B130-FF70D7B0BC92}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBB7F47C-7FC5-4C6F-810A-24219E03CF16}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.05.13 19:44:47 | 000,000,048 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2011.05.11 05:00:37 | 000,000,000 | RH-D | M] - J:\autorun -- [ NTFS ]
O32 - Unable to obtain root file information for disk J:\
O33 - MountPoints2\{3f5f2cef-e600-11e1-941d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3f5f2cef-e600-11e1-941d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\LaunchSetup.exe -- [2005.01.31 17:26:56 | 000,106,496 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.20 21:04:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Anas\Desktop\OTL.exe
[2013.02.19 21:32:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.18 07:28:31 | 000,000,000 | ---D | C] -- C:\Users\Anas\AppData\Roaming\Skype
[2013.02.18 07:28:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.18 07:28:22 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.02.18 07:28:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.18 07:28:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.02.17 18:50:40 | 000,000,000 | ---D | C] -- C:\Users\Anas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LibreCAD
[2013.02.17 18:50:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreCAD
[2013.02.16 14:49:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Dot Forever
[2013.02.16 14:49:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Dot Forever
[2013.02.16 14:13:27 | 000,000,000 | ---D | C] -- C:\Users\Anas\AppData\Roaming\Audacity
[2013.02.16 14:13:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2013.02.12 21:51:52 | 000,042,184 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013.02.11 21:59:31 | 000,565,488 | ---- | C] (Hola Networks Ltd.) -- C:\Windows\SysNative\drivers\hola_drv.sys
[2013.02.11 21:59:31 | 000,086,384 | ---- | C] (Hola Networks Ltd.) -- C:\Windows\SysNative\drivers\hola_net.sys
[2013.02.11 21:59:31 | 000,086,128 | ---- | C] (Hola Networks Ltd.) -- C:\Windows\SysNative\drivers\hola_mon_drv.sys
[2013.02.11 21:59:25 | 000,000,000 | ---D | C] -- C:\Program Files\Hola
[2013.02.11 13:17:36 | 000,000,000 | ---D | C] -- C:\Users\Anas\Desktop\Fotos zum sortieren
[2013.02.01 11:36:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.20 21:04:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anas\Desktop\OTL.exe
[2013.02.20 21:03:43 | 000,000,168 | ---- | M] () -- C:\Users\Anas\defogger_reenable
[2013.02.20 21:02:15 | 000,050,477 | ---- | M] () -- C:\Users\Anas\Desktop\Defogger.exe
[2013.02.20 20:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.20 07:25:22 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.20 07:25:22 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.20 07:25:22 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.20 07:25:22 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.20 07:25:22 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.20 00:26:02 | 000,710,504 | ---- | M] () -- C:\Windows\is-S8QKV.exe
[2013.02.20 00:26:02 | 000,013,521 | ---- | M] () -- C:\Windows\is-S8QKV.msg
[2013.02.20 00:26:02 | 000,000,392 | ---- | M] () -- C:\Windows\is-S8QKV.lst
[2013.02.19 21:20:24 | 000,749,283 | ---- | M] () -- C:\Users\Anas\Desktop\Partielle Integration und Integration mit Substitution.pdf
[2013.02.18 15:40:54 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.18 15:40:54 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.17 23:02:28 | 000,017,200 | ---- | M] () -- C:\Users\Anas\Desktop\Koffer CAD Untere Plexiglasplatte.dxf
[2013.02.17 19:52:59 | 000,015,920 | ---- | M] () -- C:\Users\Anas\Desktop\Koffer CAD Untere Plexiglasplatte.dxf~
[2013.02.17 18:50:40 | 000,001,033 | ---- | M] () -- C:\Users\Anas\Desktop\LibreCAD.lnk
[2013.02.16 17:38:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.16 17:38:35 | 486,513,392 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.02.16 17:38:32 | 3156,807,680 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.16 16:14:23 | 000,226,497 | ---- | M] () -- C:\Users\Anas\Desktop\Sicherung Krämer, Kekule und Keller.pdf
[2013.02.16 16:14:18 | 002,348,412 | ---- | M] () -- C:\Users\Anas\Desktop\Ewiges Leben.pdf
[2013.02.16 14:49:27 | 000,000,966 | ---- | M] () -- C:\Users\Anas\Desktop\Red Dot Forever.lnk
[2013.02.13 03:28:08 | 000,475,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.12 21:51:52 | 000,042,184 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013.02.11 21:59:31 | 000,565,488 | ---- | M] (Hola Networks Ltd.) -- C:\Windows\SysNative\drivers\hola_drv.sys
[2013.02.11 21:59:31 | 000,086,384 | ---- | M] (Hola Networks Ltd.) -- C:\Windows\SysNative\drivers\hola_net.sys
[2013.02.11 21:59:31 | 000,086,128 | ---- | M] (Hola Networks Ltd.) -- C:\Windows\SysNative\drivers\hola_mon_drv.sys
[2013.02.10 00:23:17 | 000,187,215 | R--- | M] () -- C:\Users\Anas\Desktop\All Of Me - Jon Schmidt.pdf
[2013.02.01 11:34:18 | 003,179,048 | ---- | M] () -- C:\Users\Anas\Desktop\HRS_Song_TravelDreams_long.mp3
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.20 21:03:43 | 000,000,168 | ---- | C] () -- C:\Users\Anas\defogger_reenable
[2013.02.20 21:02:15 | 000,050,477 | ---- | C] () -- C:\Users\Anas\Desktop\Defogger.exe
[2013.02.20 00:26:02 | 000,710,504 | ---- | C] () -- C:\Windows\is-S8QKV.exe
[2013.02.20 00:26:02 | 000,013,521 | ---- | C] () -- C:\Windows\is-S8QKV.msg
[2013.02.20 00:26:02 | 000,000,392 | ---- | C] () -- C:\Windows\is-S8QKV.lst
[2013.02.19 21:20:23 | 000,749,283 | ---- | C] () -- C:\Users\Anas\Desktop\Partielle Integration und Integration mit Substitution.pdf
[2013.02.17 19:52:59 | 000,015,920 | ---- | C] () -- C:\Users\Anas\Desktop\Koffer CAD Untere Plexiglasplatte.dxf~
[2013.02.17 19:43:29 | 000,017,200 | ---- | C] () -- C:\Users\Anas\Desktop\Koffer CAD Untere Plexiglasplatte.dxf
[2013.02.17 18:50:40 | 000,001,033 | ---- | C] () -- C:\Users\Anas\Desktop\LibreCAD.lnk
[2013.02.16 16:14:23 | 000,226,497 | ---- | C] () -- C:\Users\Anas\Desktop\Sicherung Krämer, Kekule und Keller.pdf
[2013.02.16 16:14:17 | 002,348,412 | ---- | C] () -- C:\Users\Anas\Desktop\Ewiges Leben.pdf
[2013.02.16 14:49:27 | 000,000,966 | ---- | C] () -- C:\Users\Anas\Desktop\Red Dot Forever.lnk
[2013.02.16 14:13:25 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013.02.10 00:23:20 | 000,187,215 | R--- | C] () -- C:\Users\Anas\Desktop\All Of Me - Jon Schmidt.pdf
[2013.02.01 11:34:17 | 003,179,048 | ---- | C] () -- C:\Users\Anas\Desktop\HRS_Song_TravelDreams_long.mp3
[2013.01.27 10:11:06 | 000,001,141 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
[2012.10.12 20:35:52 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012.09.05 22:39:26 | 004,503,728 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.08.15 02:41:16 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2012.08.14 12:30:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\SonyVideoProcessor.dll
[2012.08.14 12:17:47 | 000,001,607 | ---- | C] () -- C:\Windows\SysWow64\McOEMAppRules.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.08.14 18:05:13 | 000,000,000 | ---D | M] -- C:\Users\Anas\AppData\Roaming\Arduino
[2013.02.16 15:06:23 | 000,000,000 | ---D | M] -- C:\Users\Anas\AppData\Roaming\Audacity
[2012.08.14 22:50:47 | 000,000,000 | ---D | M] -- C:\Users\Anas\AppData\Roaming\DAEMON Tools Lite
[2013.02.16 17:40:15 | 000,000,000 | ---D | M] -- C:\Users\Anas\AppData\Roaming\Dropbox
[2012.10.28 18:34:09 | 000,000,000 | ---D | M] -- C:\Users\Anas\AppData\Roaming\DVDVideoSoft
[2012.08.14 14:01:54 | 000,000,000 | ---D | M] -- C:\Users\Anas\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.10.15 22:20:17 | 000,000,000 | ---D | M] -- C:\Users\Anas\AppData\Roaming\GoPro
[2013.01.19 12:46:26 | 000,000,000 | ---D | M] -- C:\Users\Anas\AppData\Roaming\MakeMusic
[2012.08.26 20:09:36 | 000,000,000 | ---D | M] -- C:\Users\Anas\AppData\Roaming\MAXON
[2012.08.14 22:49:09 | 000,000,000 | ---D | M] -- C:\Users\Anas\AppData\Roaming\OpenCandy
[2012.08.18 20:25:44 | 000,000,000 | ---D | M] -- C:\Users\Anas\AppData\Roaming\Publish Providers
[2012.08.19 00:21:39 | 000,000,000 | ---D | M] -- C:\Users\Anas\AppData\Roaming\Sony
[2012.10.07 19:10:14 | 000,000,000 | ---D | M] -- C:\Users\Anas\AppData\Roaming\Sony Creative Software Inc
[2013.02.19 23:41:01 | 000,000,000 | ---D | M] -- C:\Users\Anas\AppData\Roaming\Spotify
[2013.02.16 15:16:34 | 000,000,000 | ---D | M] -- C:\Users\Anas\AppData\Roaming\Synthesia
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:054203E4

< End of report >
         
--- --- ---

Das zweite Dokument hatte den Namen "Extras":OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 20.02.2013 21:06:09 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Anas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,92 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 62,91% Memory free
7,84 Gb Paging File | 6,12 Gb Available in Paging File | 78,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,66 Gb Total Space | 267,38 Gb Free Space | 58,68% Space Free | Partition Type: NTFS
Drive E: | 620,16 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 1863,01 Gb Total Space | 238,39 Gb Free Space | 12,80% Space Free | Partition Type: NTFS
 
Computer Name: ANAS-VAIO | User Name: Anas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B3561F-F651-4FAB-A4C3-F833ECEC3B83}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0494401C-AA4C-4944-AFED-11CEE62C57CA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0F084D36-174F-4E52-8427-CCEEF982483C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{11091E7A-0DF2-4A37-9894-DB3E36695F4A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{12B8ACA9-D0D3-4DC6-892A-F863DAC63107}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{196EB233-94BC-48DE-9923-DD801D51E9D2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{27B51EF6-70BB-469E-90D7-A91F02827BF7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{32F446DF-DA9E-40AE-8700-6CA8F8D82767}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4200F887-7A27-4BD8-B2DE-2D487332E2A0}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4256B78C-754C-4435-88E9-555910B1B1B9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{428F3CC5-B1E8-443D-8B06-68F5D601C369}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{554C046B-9A8A-44BE-B5DD-B30A88147546}" = rport=138 | protocol=17 | dir=out | app=system | 
"{625DA547-FF52-420C-8DDD-F0806EF318C0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6B080C0C-2CB7-42DD-B61C-F3EA4CB1614C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{74012E98-30E5-4A2D-85F2-320E908704D5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7D4EC2FF-9D92-4C40-84FC-6BFAE24D2822}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8D8D4FF5-27F1-43F4-9B34-79FE846AA6FD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8DC35227-A4AE-463F-8346-2AC58CF4EB7F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A1575999-14D2-4BE1-B69E-9375F04DE131}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A461F19D-8AE4-4FA6-8CB1-EC0CE8CF65BC}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A60D1903-2DB2-4CB8-BBF8-50BC3D0709CC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{AE2B557F-F43F-48AC-AC83-6DB8F43E255F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B0862210-4316-4289-AA8C-0135D94FE8D9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{BE7BF654-8C6E-4E91-BF12-FE005BBF33D9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D5721666-E562-4BCB-8393-797613992F3A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E60D0919-4173-4BDC-9B7E-47C43713BB18}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04B74114-1378-4B24-897A-045EB6447C28}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{0B056D92-3D35-467F-AA0D-2FE879567167}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{11B6810C-FCBD-4AF6-A0F9-3851E55F25C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{159C434A-5F6A-472B-B9AA-AD51D21FF707}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1772D8C1-9552-47E4-A92D-291D030DCF98}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2769B337-C4EE-46EF-AF1C-5E086E4A50C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{3B6E4EBD-4F92-4931-B0C5-B6D6CD94D6AE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{3DA11CC7-FB38-419D-9C4E-F54F9A6D7F77}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{436F9226-43C6-4D1D-97D2-F40FD9798976}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{50E23006-4869-4F61-8A73-D80B5910B397}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{57152EA0-5B07-4032-8C06-DA6F9EFB498A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{603D4700-2505-4B4E-95AE-F4BCA04118F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{63CD7612-C751-4824-A0CB-D3857DA2DE7D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{76CD3645-D487-4CA9-BA02-85E3592EC497}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{777FDB8E-5D65-4806-8D78-A24B30DFF037}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{85261C57-FE68-41F6-90EA-2E63E27BA766}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{8757E314-B271-485B-8B42-57909EF7020D}" = protocol=6 | dir=in | app=c:\users\anas\appdata\roaming\dropbox\bin\dropbox.exe | 
"{89A55E8A-CC47-48AA-B5F6-6028EE50369F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{970582C7-217F-460A-99B7-420618A19818}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{998CFC35-588F-41EF-9247-219A997B0BD4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A2F31FBE-6F55-42C1-A964-31A454063594}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A6E0485E-B4DD-43F7-B581-8957140A60EA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{AA0F95F4-A971-4D82-BB0A-0EB61365994D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{ABA6B33F-E49B-4CD0-9946-860E2966FF17}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{AC0B2DCC-EA04-42FB-AA4E-6FB2EA79D40C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{ACF8BBD0-67CF-48C4-BF55-D6BE89D97102}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B5F0B6C5-6EC2-4622-9D0C-EB94DB9ECF80}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{BF7B2BA6-1F12-4FC1-96C4-C5368B1B4053}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C1A7FDBB-B4BC-4760-921B-B4FAE21FC143}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C46FC089-ABA6-41B0-972E-AA5A36DE54E3}" = protocol=6 | dir=in | app=e:\easy_search.exe | 
"{C638052A-7D0E-4392-89D0-9C9EE1A72DEB}" = protocol=6 | dir=out | app=system | 
"{CEFB4C0D-54A1-4960-8F9D-C1D79A145A33}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D0A28067-6420-484C-B22F-420355612A9B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{D80EB072-7CF7-4952-98AE-D22646BAE41D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{DA214E7A-2D53-4002-AD8D-9B9D22FB637B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{DB20E779-03C8-43DB-9FD7-A0524171A450}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E7F2E4E1-3704-4205-ACB6-37F9FD3E752E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{F572A1CD-6A4E-4CB9-B200-B99E7B3AE9FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{F9C44456-6BE4-47D1-8066-512556FF6158}" = protocol=17 | dir=in | app=c:\users\anas\appdata\roaming\dropbox\bin\dropbox.exe | 
"{FCEBDA82-51DA-47CB-A651-195D1820DB7B}" = protocol=17 | dir=in | app=e:\easy_search.exe | 
"TCP Query User{2122D602-BAA8-4DE2-BD3C-52C7DC8418D0}C:\users\anas\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\anas\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{42A93F32-747C-42AB-99CF-D378DF3A7A1C}C:\users\anas\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\anas\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{BD153E64-44BB-40ED-9304-EFC25B2D83F9}E:\clicknconnect.exe" = protocol=6 | dir=in | app=e:\clicknconnect.exe | 
"TCP Query User{CD8C102A-83F5-4249-B893-D35FE4D2A099}E:\easy_search.exe" = protocol=6 | dir=in | app=e:\easy_search.exe | 
"TCP Query User{D209213D-4B65-4D92-B274-930957D677B4}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"UDP Query User{167EB2E8-FDEE-46E0-B4AD-19DF24E0B803}C:\users\anas\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\anas\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{3505D1C8-6B77-4E76-9A45-8CB61FF8D238}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"UDP Query User{5F3C6E91-C788-4DC5-ABBE-367610C18247}C:\users\anas\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\anas\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{63D47779-3A36-4A10-9FAC-44A5F6D3035D}E:\clicknconnect.exe" = protocol=17 | dir=in | app=e:\clicknconnect.exe | 
"UDP Query User{8E74D9EC-F9FC-448E-856F-285324B7CDFB}E:\easy_search.exe" = protocol=17 | dir=in | app=e:\easy_search.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{27225900-26A4-11E1-9C98-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
"{29AFE1B0-26A4-11E1-BFD4-F04DA23A5C58}" = MSVCRT Redists
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{6B7DE186-374B-4873-AEC1-7464DA337DD6}" = VU5x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C37B6246-7D4A-4E5C-BFB4-11C8660BDC99}" = VAIO Movie Story MergeModules x64
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0B624A43DD66DBF5CF3EDFA9741A364E688062A4" = Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 )
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth  (09/09/2009 6.2.0.9405)
"MAXONFB05E576" = CINEMA 4D 13.016
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings
"{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"{1E450972-E996-4EC1-A4C3-1518A46928D0}" = VAIO Content Metadata Intelligent Network Service Manager
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1FD416D0-CC16-41D1-A25C-C9986CD8BBAB}" = VAIO Content Metadata Intelligent Analyzing Manager
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{208345BE-27BB-4367-B245-A5B6E764FDD0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = Einstellungen für VAIO-Inhaltsüberwachung
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11
"{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{37531547-B1F4-45E6-98FC-8AF5F2F0EAA4}" = VAIO Content Metadata Manager Settings
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{436A5F3E-8944-4128-8E1A-B09CB1D3AAB4}" = eMedia Starter Keyboard Lessons
"{4427F384-B5BE-4769-B7D0-C784FC321EB1}" = VAIO Content Metadata Intelligent Network Service Manager
"{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D320CE8-79EB-4D45-8C6D-DEF74D84B49A}" = VAIO Window Organizer
"{6D8ED20E-E792-4DAC-BB66-009836CBD80B}" = VAIO Content Monitoring Settings
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7392AA60-133D-4761-94DB-8FBC9B6CD5EA}" = VAIO Content Metadata Intelligent Network Service Manager
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{75ED9EBF-EB3E-4896-BB94-DB2830BCF099}" = Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Energie Verwaltung
"{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8FA63AA5-7138-4B6F-8404-F18835E2B8F4}" = Media Gallery
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 
"{96D8E26D-70CB-44DE-AE50-43095A39E5B2}" = VAIO Entertainment Platform
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B163B82-3B46-4CE5-BF01-A53E550A8E58}" = Sony Home Network Library
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9DA53D22-D922-494C-B1D7-51CD9BCB9E4A}" = VAIO Hardware Diagnostics
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Funktion Einstellungen
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A95187EF-BCF4-4468-B501-C0BAB976ADD1}" = VAIO Personalization Manager
"{AB259D46-F851-41B0-9AFA-AED8998AD68A}" = MusicStation
"{AC050677-EAFC-4B57-8F83-8205F65134D2}" = VAIO Content Metadata XML Interface Library
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{B1DADBEB-7F82-4B29-84D6-5F14A020F0A0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{BCA907B6-5A0F-473E-8C63-0FF0CFAEB7B7}" = VAIO Personalization Manager
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = Media Gallery
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3DC1111-5D32-40F9-BB81-64E31294C1A4}" = VAIO Personalization Manager
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = 
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0.3
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Finale NotePad 2012" = Finale NotePad 2012
"Free Studio_is1" = Free Studio version 5.6.3.706
"GoPro CineForm Studio" = GoPro CineForm Studio 1.3.0
"HotspotShield" = Hotspot Shield 2.87
"InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MarketingTools" = VAIO Marketing Tools
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Red Dot Forever_is1" = Red Dot Forever 1.04
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Synthesia" = Synthesia (remove only)
"VAIO Help and Support" = 
"VAIO Premium Partners" = VAIO Premium Partners
"VAIO screensaver" = VAIO screensaver
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.01.2013 05:45:00 | Computer Name = Anas-VAIO | Source = hshld | ID = 10103
Description = 
 
Error - 04.01.2013 05:45:00 | Computer Name = Anas-VAIO | Source = hshld | ID = 10103
Description = 
 
Error - 04.01.2013 05:45:01 | Computer Name = Anas-VAIO | Source = hshld | ID = 10103
Description = 
 
Error - 04.01.2013 05:45:01 | Computer Name = Anas-VAIO | Source = hshld | ID = 10103
Description = 
 
Error - 04.01.2013 05:45:01 | Computer Name = Anas-VAIO | Source = hshld | ID = 10103
Description = 
 
Error - 04.01.2013 05:45:01 | Computer Name = Anas-VAIO | Source = hshld | ID = 10103
Description = 
 
Error - 04.01.2013 05:45:02 | Computer Name = Anas-VAIO | Source = hshld | ID = 10106
Description = 
 
Error - 04.01.2013 05:45:16 | Computer Name = Anas-VAIO | Source = hshld | ID = 10103
Description = 
 
Error - 04.01.2013 05:45:17 | Computer Name = Anas-VAIO | Source = hshld | ID = 10103
Description = 
 
Error - 04.01.2013 05:45:17 | Computer Name = Anas-VAIO | Source = hshld | ID = 10103
Description = 
 
[ System Events ]
Error - 15.02.2013 15:22:36 | Computer Name = ANAS-VAIO | Source = BugCheck | ID = 1001
Description = 
 
Error - 15.02.2013 15:22:47 | Computer Name = Anas-VAIO | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Roxio Upnp Server 10 erreicht.
 
Error - 15.02.2013 15:23:14 | Computer Name = Anas-VAIO | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   hola_net
 
Error - 15.02.2013 15:42:51 | Computer Name = Anas-VAIO | Source = BROWSER | ID = 8032
Description = 
 
Error - 15.02.2013 16:39:59 | Computer Name = Anas-VAIO | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 15.02.2013 16:39:59 | Computer Name = Anas-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 16.02.2013 12:38:47 | Computer Name = Anas-VAIO | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?16.?02.?2013 um 16:36:49 unerwartet heruntergefahren.
 
Error - 16.02.2013 12:38:47 | Computer Name = ANAS-VAIO | Source = BugCheck | ID = 1001
Description = 
 
Error - 16.02.2013 12:39:02 | Computer Name = Anas-VAIO | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Roxio Upnp Server 10 erreicht.
 
Error - 16.02.2013 12:39:24 | Computer Name = Anas-VAIO | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   hola_net
 
 
< End of report >
         
--- --- ---



Zum Schluss noch die GMER Datei:

GMER Logfile:
Code:
ATTFilter
GMER 2.1.18952 - hxxp://www.gmer.net
Rootkit scan 2013-02-20 23:33:57
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0003 465,76GB
Running: GMER_2.1.18952.exe; Driver: C:\Users\Anas\AppData\Local\Temp\kxliypoc.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                        0000000075a61465 2 bytes [A6, 75]
.text   C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                       0000000075a614bb 2 bytes [A6, 75]
.text   ...                                                                                                                                                                                      * 2
.text   C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                  0000000075a61465 2 bytes [A6, 75]
.text   C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                 0000000075a614bb 2 bytes [A6, 75]
.text   ...                                                                                                                                                                                      * 2
.text   C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[2548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                     0000000075a61465 2 bytes [A6, 75]
.text   C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[2548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                    0000000075a614bb 2 bytes [A6, 75]
.text   ...                                                                                                                                                                                      * 2
.text   C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                       0000000075a61465 2 bytes [A6, 75]
.text   C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                      0000000075a614bb 2 bytes [A6, 75]
.text   ...                                                                                                                                                                                      * 2
.text   C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe[3100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                               0000000075a61465 2 bytes [A6, 75]
.text   C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe[3100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                              0000000075a614bb 2 bytes [A6, 75]
.text   ...                                                                                                                                                                                      * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\SysWOW64\ntdll.dll [1668:1672]                                                                                                                                                0000000000a9ce26
Thread  C:\Windows\SysWOW64\ntdll.dll [1668:3500]                                                                                                                                                000000001000e2eb
Thread  C:\Windows\SysWOW64\ntdll.dll [1668:3584]                                                                                                                                                00000000017b66e0
Thread  C:\Windows\SysWOW64\ntdll.dll [1668:3588]                                                                                                                                                00000000017b66e0
Thread  C:\Windows\SysWOW64\ntdll.dll [1668:3592]                                                                                                                                                00000000017b66e0
Thread  C:\Windows\SysWOW64\ntdll.dll [1668:3596]                                                                                                                                                00000000017b2560
Thread   [1244:2056]                                                                                                                                                                             0000000075022ffc
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5204:5776]                                                                                                                           000007fefc282a7c

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076d49816                                                                                                              
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313ea4886                                                                                                              
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313ea4886@90cf159e1067                                                                                                 0x48 0x42 0x6F 0xA3 ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076d49816 (not active ControlSet)                                                                                          
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313ea4886 (not active ControlSet)                                                                                          
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313ea4886@90cf159e1067                                                                                                     0x48 0x42 0x6F 0xA3 ...
Reg     HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Anas\Desktop\Christal\xb4s Twixtor OFX Sony Vegas\Twixtor5.11OFXInstall.exe  1

---- EOF - GMER 2.1 ----
         
--- --- ---
__________________

Alt 21.02.2013, 08:59   #4
Psychotic
/// Malwareteam
 
GVU-Trojaner gefunden; noch keine Folgen des Trojaners - Standard

GVU-Trojaner gefunden; noch keine Folgen des Trojaners



Virustotal




Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
  • Klicke auf Durchsuchen
  • Kopiere nun folgendes in die Suchleiste.
    Code:
    ATTFilter
    C:\Windows\is-S8QKV.exe
             
  • und klicke auf Öffnen.
  • Klicke auf Send File.
Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen.
Zitat:
File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
klicke auf Reanalyse. Warte bis unter Current status: Finished steht. Kopiere den Link aus deiner Adresszeile und poste ihn hier.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 21.02.2013, 20:23   #5
ananas1301
 
GVU-Trojaner gefunden; noch keine Folgen des Trojaners - Standard

GVU-Trojaner gefunden; noch keine Folgen des Trojaners



Hallo,

DANKE nochmal für die Hilfe:

Hier ist der Link zum Bericht von virustotal:

https://www.virustotal.com/de/file/d0b9d679c4713fb100205f861cc8c32f54f0f7133093c9f1d244bf71b1ce3379/analysis/1361474381/


Alt 22.02.2013, 06:25   #6
Psychotic
/// Malwareteam
 
GVU-Trojaner gefunden; noch keine Folgen des Trojaners - Standard

GVU-Trojaner gefunden; noch keine Folgen des Trojaners



Combofix


Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> GVU-Trojaner gefunden; noch keine Folgen des Trojaners

Alt 22.02.2013, 18:06   #7
ananas1301
 
GVU-Trojaner gefunden; noch keine Folgen des Trojaners - Standard

GVU-Trojaner gefunden; noch keine Folgen des Trojaners



Hallo,
ist der Trojaner jetzt weg und mein PC "clean"?
hier ist der Log von Combofix
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-02-22.01 - Anas 22.02.2013  17:35:17.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4014.1206 [GMT 1:00]
ausgeführt von:: c:\users\Anas\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dsgsdgdsgdsgw.pad
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-22 bis 2013-02-22  ))))))))))))))))))))))))))))))
.
.
2013-02-22 16:40 . 2013-02-22 16:40	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-19 23:26 . 2013-02-19 23:26	710504	----a-w-	c:\windows\is-S8QKV.exe
2013-02-18 06:28 . 2013-02-18 22:17	--------	d-----w-	c:\users\Anas\AppData\Roaming\Skype
2013-02-18 06:28 . 2013-02-18 06:28	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-02-18 06:28 . 2013-02-18 06:28	--------	d-----r-	c:\program files (x86)\Skype
2013-02-18 06:28 . 2013-02-18 06:28	--------	d-----w-	c:\programdata\Skype
2013-02-17 17:50 . 2013-02-17 17:50	--------	d-----w-	c:\program files (x86)\LibreCAD
2013-02-16 13:49 . 2013-02-16 13:49	--------	d-----w-	c:\program files (x86)\Red Dot Forever
2013-02-16 13:13 . 2013-02-16 14:06	--------	d-----w-	c:\users\Anas\AppData\Roaming\Audacity
2013-02-16 13:13 . 2013-02-16 13:13	--------	d-----w-	c:\program files (x86)\Audacity
2013-02-13 02:02 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 02:02 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-12 23:17 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-12 23:17 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-02-12 23:17 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-02-12 23:16 . 2013-01-04 03:26	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-12 23:16 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-02-12 23:16 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-02-12 23:16 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-02-12 23:16 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-02-12 23:16 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-02-12 23:16 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-02-12 23:16 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-12 23:16 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-12 20:51 . 2013-02-12 20:51	42184	----a-w-	c:\windows\system32\drivers\hssdrv6.sys
2013-02-11 20:59 . 2013-02-11 20:59	86384	----a-w-	c:\windows\system32\drivers\hola_net.sys
2013-02-11 20:59 . 2013-02-11 20:59	86128	----a-w-	c:\windows\system32\drivers\hola_mon_drv.sys
2013-02-11 20:59 . 2013-02-11 20:59	565488	----a-w-	c:\windows\system32\drivers\hola_drv.sys
2013-02-11 20:59 . 2013-02-11 21:00	--------	d-----w-	c:\program files\Hola
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-13 02:06 . 2012-12-24 07:28	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-02-09 22:25 . 2012-08-14 12:52	74096	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-09 22:25 . 2012-08-14 12:52	697712	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-12 02:30 . 2013-01-21 05:54	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-10 19:44 . 2013-01-10 19:44	42184	----a-w-	c:\windows\system32\drivers\taphss6.sys
2013-01-04 04:43 . 2013-02-12 23:16	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-24 07:24 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2012-12-24 07:24 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2012-12-16 17:11 . 2012-12-21 12:10	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 12:10	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 12:10	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 12:10	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-14 15:49 . 2012-08-14 13:28	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-07 13:20 . 2013-01-09 01:34	441856	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 01:34	2746368	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 01:34	308736	----a-w-	c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 01:34	2576384	----a-w-	c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 01:34	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 01:34	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 01:34	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 01:34	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 01:34	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 01:34	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 01:34	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 01:34	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 01:34	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 01:34	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 01:34	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 01:34	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 01:34	55296	----a-w-	c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 01:34	51712	----a-w-	c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 01:34	43520	----a-w-	c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 01:34	30720	----a-w-	c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 01:34	45568	----a-w-	c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 01:34	44544	----a-w-	c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 01:34	20480	----a-w-	c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 01:34	23552	----a-w-	c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 01:34	20480	----a-w-	c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 01:34	46592	----a-w-	c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 01:34	20480	----a-w-	c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 01:34	21504	----a-w-	c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 01:34	40960	----a-w-	c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 01:34	15360	----a-w-	c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 01:34	55296	----a-w-	c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 01:34	51712	----a-w-	c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-09 01:34	362496	----a-w-	c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 01:34	243200	----a-w-	c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 01:34	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-09 01:34	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 01:34	424448	----a-w-	c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 01:34	1161216	----a-w-	c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:53 . 2013-01-09 01:34	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 01:34	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2013-02-12 19:39	233288	----a-w-	c:\program files (x86)\Hotspot Shield\HssIE\HssIE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Anas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Anas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Anas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\Anas\AppData\Roaming\Spotify\Spotify.exe" [2012-10-28 7880664]
"Spotify Web Helper"="c:\users\Anas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-28 1199576]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-02-14 1597864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2012-08-14 26624]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-14 512360]
"InnoSetupRegFile.0000000001"="c:\windows\is-S8QKV.exe" [2013-02-19 710504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-11-30 17:20	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
R1 hola_net;Hola Fast Internet Adapter;c:\windows\system32\DRIVERS\hola_net.sys [2013-02-11 86384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-30 362992]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-07 161384]
R2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-30 313840]
R3 SampleCollector;Intel(R) Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2009-09-16 167424]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2012-06-04 27336]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2012-06-04 71680]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-15 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-15 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-15 427304]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-15 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-15 91432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-01 361840]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-02-19 115568]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-18 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-07-18 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-14 283200]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2013-02-12 42184]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-07-18 86224]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2013-02-13 536360]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2013-02-13 389928]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-11-06 93696]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-09-15 75776]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-14 642416]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-19 529776]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2009-11-25 821760]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-27 151040]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-01-10 42184]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [2012-10-26 1286784]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KXLIYPOC
*Deregistered* - kxliypoc
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 22:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Anas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Anas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Anas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Anas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-07 9636896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2012-08-14 171520]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 16397416]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8e219849-c80e-4ad0-b7c7-df6543a56cd1&affid=111585&searchtype=hp&babsrc=lnkry_nt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:8555
uInternet Settings,ProxyOverride = <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8e219849-c80e-4ad0-b7c7-df6543a56cd1&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\Anas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Anas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{46404E14-D2C3-472A-B130-FF70D7B0BC92}: NameServer = 8.8.8.8
FF - ProfilePath - c:\users\Anas\AppData\Roaming\Mozilla\Firefox\Profiles\exvch0v7.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8e219849-c80e-4ad0-b7c7-df6543a56cd1&affid=111585&searchtype=ds&babsrc=lnkry&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\program files (x86)\Silabs\MCU\DriverUninstall\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-22  17:42:51
ComboFix-quarantined-files.txt  2013-02-22 16:42
.
Vor Suchlauf: 13 Verzeichnis(se), 295.002.652.672 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 295.533.133.824 Bytes frei
.
- - End Of File - - 7D8BE04AE90BD69F2A09808DA60E9707
         
--- --- ---

Geändert von ananas1301 (22.02.2013 um 18:14 Uhr)

Alt 25.02.2013, 06:25   #8
Psychotic
/// Malwareteam
 
GVU-Trojaner gefunden; noch keine Folgen des Trojaners - Standard

GVU-Trojaner gefunden; noch keine Folgen des Trojaners



Zitat:
uInternet Settings,ProxyServer = http=127.0.0.1:8555
uInternet Settings,ProxyOverride = <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
Hast du diese Proxy-Daten eingegeben?
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 25.02.2013, 06:49   #9
ananas1301
 
GVU-Trojaner gefunden; noch keine Folgen des Trojaners - Standard

GVU-Trojaner gefunden; noch keine Folgen des Trojaners



nein, wo hätte ich die denn eingeben sollen?

Alt 25.02.2013, 07:26   #10
Psychotic
/// Malwareteam
 
GVU-Trojaner gefunden; noch keine Folgen des Trojaners - Standard

GVU-Trojaner gefunden; noch keine Folgen des Trojaners



Schritt 1: CF-Script


Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
DDS::
uStart Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8e219849-c80e-4ad0-b7c7-df6543a56cd1&affid=111585&searchtype=hp&babsrc=lnkry_nt
uInternet Settings,ProxyServer = http=127.0.0.1:8555
uInternet Settings,ProxyOverride = <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8e219849-c80e-4ad0-b7c7-df6543a56cd1&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
FIREFOX::
FF - ProfilePath - c:\users\Anas\AppData\Roaming\Mozilla\Firefox\Profiles\exvch0v7.default\
FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8e219849-c80e-4ad0-b7c7-df6543a56cd1&affid=111585&searchtype=ds&babsrc=lnkry&q=
.
CLEARJAVACACHE::
         
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.




Schritt 2: MBAM



  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 27.02.2013, 11:40   #11
Psychotic
/// Malwareteam
 
GVU-Trojaner gefunden; noch keine Folgen des Trojaners - Standard

GVU-Trojaner gefunden; noch keine Folgen des Trojaners



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 27.02.2013, 18:32   #12
ananas1301
 
GVU-Trojaner gefunden; noch keine Folgen des Trojaners - Standard

GVU-Trojaner gefunden; noch keine Folgen des Trojaners



COMBOFIX.TXT:


Combofix Logfile:
Code:
ATTFilter
ComboFix 13-02-13.02 - Anas 27.02.2013  18:07:06.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4014.2176 [GMT 1:00]
ausgeführt von:: c:\users\Anas\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Anas\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-27 bis 2013-02-27  ))))))))))))))))))))))))))))))
.
.
2013-02-27 17:11 . 2013-02-27 17:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-26 23:12 . 2013-02-26 23:12	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1ED3009-1900-4777-AF50-ED573E8BC9BF}\offreg.dll
2013-02-26 11:56 . 2013-02-19 02:57	9162192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1ED3009-1900-4777-AF50-ED573E8BC9BF}\mpengine.dll
2013-02-25 15:53 . 2013-02-25 15:53	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-23 10:45 . 2013-01-17 00:28	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-02-19 23:26 . 2013-02-19 23:26	710504	----a-w-	c:\windows\is-S8QKV.exe
2013-02-18 06:28 . 2013-02-18 22:17	--------	d-----w-	c:\users\Anas\AppData\Roaming\Skype
2013-02-18 06:28 . 2013-02-18 06:28	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-02-18 06:28 . 2013-02-18 06:28	--------	d-----r-	c:\program files (x86)\Skype
2013-02-18 06:28 . 2013-02-18 06:28	--------	d-----w-	c:\programdata\Skype
2013-02-17 17:50 . 2013-02-17 17:50	--------	d-----w-	c:\program files (x86)\LibreCAD
2013-02-16 13:49 . 2013-02-16 13:49	--------	d-----w-	c:\program files (x86)\Red Dot Forever
2013-02-16 13:13 . 2013-02-16 14:06	--------	d-----w-	c:\users\Anas\AppData\Roaming\Audacity
2013-02-16 13:13 . 2013-02-16 13:13	--------	d-----w-	c:\program files (x86)\Audacity
2013-02-15 22:31 . 2013-02-15 22:31	186432	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-13 02:02 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 02:02 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-12 23:17 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-12 23:17 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-02-12 23:17 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-02-12 23:16 . 2013-01-04 03:26	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-12 23:16 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-02-12 23:16 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-02-12 23:16 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-02-12 23:16 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-02-12 23:16 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-02-12 23:16 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-02-12 23:16 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-12 23:16 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-12 20:51 . 2013-02-12 20:51	42184	----a-w-	c:\windows\system32\drivers\hssdrv6.sys
2013-02-11 20:59 . 2013-02-11 20:59	86384	----a-w-	c:\windows\system32\drivers\hola_net.sys
2013-02-11 20:59 . 2013-02-11 20:59	86128	----a-w-	c:\windows\system32\drivers\hola_mon_drv.sys
2013-02-11 20:59 . 2013-02-11 20:59	565488	----a-w-	c:\windows\system32\drivers\hola_drv.sys
2013-02-11 20:59 . 2013-02-11 21:00	--------	d-----w-	c:\program files\Hola
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-26 23:25 . 2012-08-14 12:52	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-26 23:25 . 2012-08-14 12:52	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-25 15:53 . 2012-08-14 12:17	861088	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-02-25 15:53 . 2012-08-14 12:17	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-02-13 02:06 . 2012-12-24 07:28	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-01-10 19:44 . 2013-01-10 19:44	42184	----a-w-	c:\windows\system32\drivers\taphss6.sys
2013-01-04 04:43 . 2013-02-12 23:16	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-24 07:24 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2012-12-24 07:24 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2012-12-16 17:11 . 2012-12-21 12:10	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 12:10	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 12:10	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 12:10	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-14 15:49 . 2012-08-14 13:28	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-07 13:20 . 2013-01-09 01:34	441856	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 01:34	2746368	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 01:34	308736	----a-w-	c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 01:34	2576384	----a-w-	c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 01:34	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 01:34	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 01:34	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 01:34	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 01:34	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 01:34	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 01:34	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 01:34	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 01:34	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 01:34	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 01:34	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 01:34	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 01:34	55296	----a-w-	c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 01:34	51712	----a-w-	c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 01:34	43520	----a-w-	c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 01:34	30720	----a-w-	c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 01:34	45568	----a-w-	c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 01:34	44544	----a-w-	c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 01:34	20480	----a-w-	c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 01:34	23552	----a-w-	c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 01:34	20480	----a-w-	c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 01:34	46592	----a-w-	c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 01:34	20480	----a-w-	c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 01:34	21504	----a-w-	c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 01:34	40960	----a-w-	c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 01:34	15360	----a-w-	c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 01:34	55296	----a-w-	c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 01:34	51712	----a-w-	c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-09 01:34	362496	----a-w-	c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 01:34	243200	----a-w-	c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 01:34	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-09 01:34	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 01:34	424448	----a-w-	c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 01:34	1161216	----a-w-	c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:53 . 2013-01-09 01:34	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 01:34	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 01:34	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2013-02-12 19:39	233288	----a-w-	c:\program files (x86)\Hotspot Shield\HssIE\HssIE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Anas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Anas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Anas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\Anas\AppData\Roaming\Spotify\Spotify.exe" [2012-10-28 7880664]
"Spotify Web Helper"="c:\users\Anas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-28 1199576]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-02-14 1597864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2012-08-14 26624]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jaureg.exe" [2012-07-03 232368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-14 512360]
"InnoSetupRegFile.0000000001"="c:\windows\is-S8QKV.exe" [2013-02-19 710504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-11-30 17:20	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
R1 hola_net;Hola Fast Internet Adapter;c:\windows\system32\DRIVERS\hola_net.sys [2013-02-11 86384]
R2 AviraUpgradeService;Avira Upgrade Service;c:\windows\TEMP\AVSETUP_51289767\avupgsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-30 362992]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-07 161384]
R2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-30 313840]
R3 SampleCollector;Intel(R) Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2009-09-16 167424]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2012-06-04 27336]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2012-06-04 71680]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-15 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-15 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-15 427304]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-15 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-15 91432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-01 361840]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-02-19 115568]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-18 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-14 283200]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2013-02-12 42184]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2013-02-13 536360]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2013-02-13 389928]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-11-06 93696]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-09-15 75776]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-14 642416]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-19 529776]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2009-11-25 821760]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-27 151040]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-01-10 42184]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [2012-10-26 1286784]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216]
S4 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KXLIYPOC
*Deregistered* - kxliypoc
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 23:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Anas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Anas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Anas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Anas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-07 9636896]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2012-08-14 171520]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 16397416]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8e219849-c80e-4ad0-b7c7-df6543a56cd1&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\Anas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Anas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{46404E14-D2C3-472A-B130-FF70D7B0BC92}: NameServer = 8.8.8.8
FF - ProfilePath - c:\users\Anas\AppData\Roaming\Mozilla\Firefox\Profiles\exvch0v7.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-AVSetupPending - c:\windows\TEMP\AVSETUP_51289767\SetupPending.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\program files (x86)\Silabs\MCU\DriverUninstall\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-27  18:13:13
ComboFix-quarantined-files.txt  2013-02-27 17:13
ComboFix2.txt  2013-02-22 16:42
.
Vor Suchlauf: 15 Verzeichnis(se), 295.133.982.720 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 295.234.732.032 Bytes frei
.
- - End Of File - - C7F0976B5E817F7198F4B526B0EE0FA0
         
--- --- ---




MBAM sagte mir:





Malwarebytes Anti-Malware 1.70.0.1100
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.02.27.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Anas :: ANAS-VAIO [Administrator]

27.02.2013 18:23:28
mbam-log-2013-02-27 (18-23-28).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 211359
Laufzeit: 2 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 28.02.2013, 16:52   #13
Psychotic
/// Malwareteam
 
GVU-Trojaner gefunden; noch keine Folgen des Trojaners - Standard

GVU-Trojaner gefunden; noch keine Folgen des Trojaners



Sieht ganz gut aus - kontrollieren wir alles nochmal!


Schritt 1: MBAM vollständig


Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen. (Hinweis: Alle Festplatten anhaken!)
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.



Schritt 2: ESET


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 01.03.2013, 19:52   #14
ananas1301
 
GVU-Trojaner gefunden; noch keine Folgen des Trojaners - Standard

GVU-Trojaner gefunden; noch keine Folgen des Trojaners



Hallo,

also mit MBAM hab ich das alles nochmal so gemacht:

Malwarebytes Anti-Malware (Test) 1.70.0.1100
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.02.28.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Anas :: ANAS-VAIO [Administrator]

Schutz: Aktiviert

28.02.2013 17:05:54
mbam-log-2013-02-28 (17-05-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 381347
Laufzeit: 52 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Aber beim ESET Online Scanner gab es keinen Button. Nachdem EINMAL (!) Start gedrückt habe, hat der direkt Aktualisiert etc. und auch sofort angefangen zu scannen. Anschließend zeigte der mir zum Schluss nur einmal an, dass er nichts gefunden hat. Da stand dann so etwas wie: "Keine infizierte Dateien" oder ähnliches. Aber der einzige Button, denn ich da drücken konnte war "Finish". Vielleicht haben die das Programm aktualisiert?

Alt 05.03.2013, 14:09   #15
Psychotic
/// Malwareteam
 
GVU-Trojaner gefunden; noch keine Folgen des Trojaners - Standard

GVU-Trojaner gefunden; noch keine Folgen des Trojaners



SecurityCheck

Downloade Dir bitte SecurityCheck von einem der folgenden Links:
LINK1 LINK2
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Antwort

Themen zu GVU-Trojaner gefunden; noch keine Folgen des Trojaners
administrator, anti-malware, autostart, avira, brief, dateien, einfach, explorer, folge, frage, log-datei, nervig, netzwerk, neu, neu aufsetzten, nichts, rojaner gefunden, schlimm?, schnell, service, speicher, suche, telekom, trojaner, version, virus, win, win7




Ähnliche Themen: GVU-Trojaner gefunden; noch keine Folgen des Trojaners


  1. Dateianhang geöffnet- bisher noch keine Anzeichen auf einen Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.05.2015 (3)
  2. BKA Trojaner (Firefox) - noch funktioniert alles, keine Systemwh. möglich
    Plagegeister aller Art und deren Bekämpfung - 23.11.2013 (7)
  3. 2 Trojaner gefunden, Rechner macht noch Probleme
    Log-Analyse und Auswertung - 09.08.2013 (7)
  4. Malwarebytes Anti-Malware: Pfund eines Trojaners, Antivir: keine Funde
    Log-Analyse und Auswertung - 08.08.2013 (7)
  5. BKA Trojaner und noch mehr mit Malwarebytes gefunden
    Plagegeister aller Art und deren Bekämpfung - 27.10.2012 (17)
  6. BKA Trojaner und seine Folgen ?
    Diskussionsforum - 18.08.2012 (1)
  7. (2x) Bundespolizei 100€ Trojaner noch+ keine antwort+
    Mülltonne - 12.04.2012 (1)
  8. WIN xp Trojaner Es besteht noch keine Internetverbindung, bitte warten
    Plagegeister aller Art und deren Bekämpfung - 30.01.2012 (4)
  9. Trojaner rx5iur6idx - Es besteht noch keine Internetverbindung, bitte warten
    Log-Analyse und Auswertung - 25.01.2012 (27)
  10. Es besteht noch keine Internetverbindung Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 22.01.2012 (13)
  11. GEMA Trojaner, bisher keine Lösung gefunden, OTPLE Log
    Log-Analyse und Auswertung - 16.11.2011 (12)
  12. Folgen nach Löschung von AV Security - Keine Themenerstellung auf trojaner board möglich
    Plagegeister aller Art und deren Bekämpfung - 27.07.2010 (60)
  13. 42 Trojaner gefunden, Rechner macht immer noch was er will...
    Plagegeister aller Art und deren Bekämpfung - 27.01.2009 (25)
  14. Trojaner TR/Dldr.Delf.gmg.1 gefunden/gelöscht noch vorhanden?
    Log-Analyse und Auswertung - 20.04.2008 (1)
  15. Bitte um Auswertung, ob noch Spuren eines Trojaners
    Log-Analyse und Auswertung - 07.02.2008 (4)
  16. Trojaner HotKeysHook gefunden, ich glaub aber es ist noch mehr
    Plagegeister aller Art und deren Bekämpfung - 30.10.2007 (1)
  17. Quelle oder Zwischenlager eines Trojaners gefunden
    Log-Analyse und Auswertung - 21.09.2004 (2)

Zum Thema GVU-Trojaner gefunden; noch keine Folgen des Trojaners - Hallo, ich bin auch gezwungener Maßen neu hier Also Brief von Telekom kommt bei uns zu Hause an und sagt, dass an einem der Recher ein Trojaner ist. Wir habem - GVU-Trojaner gefunden; noch keine Folgen des Trojaners...
Archiv
Du betrachtest: GVU-Trojaner gefunden; noch keine Folgen des Trojaners auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.