Trojaner-Board - GVU-Trojaner gefunden; noch keine Folgen des Trojaners

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - GVU-Trojaner gefunden; noch keine Folgen des Trojaners (https://www.trojaner-board.de/131289-gvu-trojaner-gefunden-noch-keine-folgen-trojaners.html)

GVU-Trojaner gefunden; noch keine Folgen des Trojaners

Hallo,
ich bin auch gezwungener Maßen neu hier :D
Also Brief von Telekom kommt bei uns zu Hause an und sagt, dass an einem der Recher ein Trojaner ist. Wir habem mehrere PC´s am gleichen Netzwerk hängen. Frage: ist das schlimm? Verbreitet sich der Virus auch über das einfach WLAN-Netz?

Ich habe hier die LOG-Datei von Malware. Ich habe Avira auch einmal suchen lassen, jedoch hat der nichts gefunden.
Ich kopiere bereits alle Dokumente etc. auf eine externe Festplatte. Wäre nur seeehr nervig, wenn ich Win7 neu aufsetzten müsste, also hoffe ich mit euerer Hilfe, den Trojaner so schnell wie möglich harmlos zu machen.

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.19.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
xxxx :: xxxx-VAIO [Administrator]

20.02.2013 00:27:01
MBAM-log-2013-02-20 (07-42-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 375102
Laufzeit: 1 Stunde(n), 30 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Keine Aktion durchgeführt.

(Ende)

Um eine genauere Analyse zu ermöglichen, befolge bitte diesen Link:

An alle Hilfesuchenden! Was muss ich vor Eröffnung eines Themas beachten?

Hinweis: Poste die erstellten Logfiles hier in deinem Thema - erstelle kein neues!

Falls bereits installierte Antivirensoftware Funde gemeldet hat: Füge unbedingt die entsprechenden Logdateien bei!

Hallo,

so: Ich habe die Schritte befolgt und hier sind die Dateien. Wie bereits oben geschrieben. Ich bin auf den Trojaner gestoßen als wir einen Brief von Telekom bekommen haben, der sagte, dass ein Trojaner bei einem unserer Rechner wäre. Habe anschließend meinen mit Malwarebyter gescannt und ihn NICHT entfernen lassen, was ich nichts direkt auf eigene Initiative machen wollte (wie hier im Forum stark proklamiert). Der Trojaner hat bisher also nichts gemacht, oder?! Was tut er? Kann er sich auch über das WLAN Netzwerk verbreiten, sodass ich die anderen auch nochmal scannen muss? DANKE für die Hilfe!

Defogger hat folgendes gesagt:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:04 on 20/02/2013 (Anas)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

OTL hat dann diese beiden Teile gespeichert:OTL Logfile:

Code:

OTL logfile created on: 20.02.2013 21:06:09 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Anas\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,92 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 62,91% Memory free

7,84 Gb Paging File | 6,12 Gb Available in Paging File | 78,07% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 455,66 Gb Total Space | 267,38 Gb Free Space | 58,68% Space Free | Partition Type: NTFS

Drive E: | 620,16 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive J: | 1863,01 Gb Total Space | 238,39 Gb Free Space | 12,80% Space Free | Partition Type: NTFS

 

Computer Name: ANAS-VAIO | User Name: Anas | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.02.20 21:04:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anas\Desktop\OTL.exe

PRC - [2013.02.13 03:29:26 | 000,389,928 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe

PRC - [2013.02.13 03:29:22 | 000,536,360 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe

PRC - [2013.02.12 21:30:34 | 000,444,712 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe

PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012.10.28 21:56:07 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Anas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

PRC - [2012.08.14 12:29:47 | 000,026,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\Marketing Tools\MarketingTools.exe

PRC - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.07.18 17:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.07.03 08:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

PRC - [2010.02.19 18:19:24 | 000,529,776 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

PRC - [2009.11.30 18:20:00 | 000,204,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe

PRC - [2009.11.30 18:20:00 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe

PRC - [2009.10.24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

PRC - [2009.10.24 02:18:52 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe

PRC - [2009.10.13 20:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009.10.13 20:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

PRC - [2009.09.14 18:24:08 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

PRC - [2009.09.14 17:53:48 | 000,642,416 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

PRC - [2009.08.26 18:24:00 | 000,320,880 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe

PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2007.01.04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2013.02.13 03:31:09 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll

MOD - [2013.02.13 03:30:48 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll

MOD - [2013.01.09 03:29:17 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll

MOD - [2013.01.09 03:29:00 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll

MOD - [2013.01.09 03:28:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll

MOD - [2013.01.09 03:28:56 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll

MOD - [2013.01.09 03:28:41 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll

MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - [2009.09.16 22:28:42 | 000,167,424 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector)

SRV - [2013.02.19 21:32:31 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013.02.14 03:14:02 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2013.02.13 03:29:26 | 000,389,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)

SRV - [2013.02.13 03:29:22 | 000,536,360 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)

SRV - [2013.02.12 22:03:26 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)

SRV - [2013.02.12 21:30:34 | 000,444,712 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)

SRV - [2013.02.09 23:25:31 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013.02.07 13:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012.10.26 09:44:28 | 001,286,784 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update\VUAgent.exe -- (VUAgent)

SRV - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.02.19 18:19:28 | 000,115,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)

SRV - [2010.02.19 18:19:24 | 000,529,776 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)

SRV - [2009.11.30 18:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)

SRV - [2009.11.30 18:20:00 | 000,204,648 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)

SRV - [2009.11.25 18:06:06 | 000,821,760 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)

SRV - [2009.10.24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)

SRV - [2009.10.15 15:34:36 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)

SRV - [2009.10.15 15:34:36 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)

SRV - [2009.10.15 15:34:36 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)

SRV - [2009.10.15 15:34:34 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)

SRV - [2009.10.15 15:34:34 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)

SRV - [2009.10.13 20:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)

SRV - [2009.09.21 15:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV - [2009.09.21 15:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV - [2009.09.14 18:24:08 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)

SRV - [2009.09.14 18:24:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)

SRV - [2009.09.14 17:53:48 | 000,642,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)

SRV - [2009.09.04 22:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV - [2009.09.01 20:42:00 | 000,361,840 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)

SRV - [2009.08.31 00:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)

SRV - [2009.08.31 00:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)

SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009.02.06 16:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2008.09.18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)

SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2007.01.04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013.02.12 21:51:52 | 000,042,184 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)

DRV:64bit: - [2013.02.11 21:59:31 | 000,086,384 | ---- | M] (Hola Networks Ltd.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\hola_net.sys -- (hola_net)

DRV:64bit: - [2013.01.10 20:44:02 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)

DRV:64bit: - [2012.08.14 22:49:10 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2012.08.01 19:13:40 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)

DRV:64bit: - [2012.07.18 17:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2012.07.18 17:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2012.07.18 17:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2012.06.04 12:42:44 | 000,071,680 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabser.sys -- (silabser)

DRV:64bit: - [2012.06.04 12:42:44 | 000,027,336 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabenm.sys -- (silabenm)

DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2009.11.18 21:03:16 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2009.11.18 21:03:15 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2009.11.18 21:03:15 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2009.11.18 21:03:13 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)

DRV:64bit: - [2009.11.18 21:02:45 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2009.11.06 21:34:48 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2009.11.06 21:27:30 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)

DRV:64bit: - [2009.11.05 07:30:19 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009.11.04 10:59:59 | 000,253,488 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2009.10.27 21:06:59 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2009.10.13 20:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009.09.15 21:09:08 | 000,075,776 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)

DRV:64bit: - [2009.09.15 11:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)

DRV:64bit: - [2009.08.19 21:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)

DRV:64bit: - [2009.08.05 22:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2009.07.31 21:02:03 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.05.26 13:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)

DRV:64bit: - [2009.05.20 11:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2007.04.17 10:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)

DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2007.04.17 19:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\regi.sys -- (regi)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}

IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8e219849-c80e-4ad0-b7c7-df6543a56cd1&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8e219849-c80e-4ad0-b7c7-df6543a56cd1&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8e219849-c80e-4ad0-b7c7-df6543a56cd1&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8e219849-c80e-4ad0-b7c7-df6543a56cd1&affid=111585&searchtype=hp&babsrc=lnkry_nt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8e219849-c80e-4ad0-b7c7-df6543a56cd1&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8e219849-c80e-4ad0-b7c7-df6543a56cd1&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}

IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8e219849-c80e-4ad0-b7c7-df6543a56cd1&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{3AC7320F-4EBE-4498-85C1-199DA863FCFA}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363

IE - HKCU\..\SearchScopes\{604ADECF-574B-444D-9DDA-1B0EC78A8B95}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC

IE - HKCU\..\SearchScopes\{9EE59456-569A-4F16-B0F5-258B7ABE0B7B}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}

IE - HKCU\..\SearchScopes\{AD84026C-168D-45F3-8A91-15C3C21D2FE5}: "URL" = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8555

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "https://www.google.de/"

FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9

FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.4

FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33

FF - prefs.js..extensions.enabledAddons: afurladvisor%40anchorfree.com:1.0

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0

FF - prefs.js..keyword.URL: "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8e219849-c80e-4ad0-b7c7-df6543a56cd1&affid=111585&searchtype=ds&babsrc=lnkry&q="

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.19 21:32:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.19 21:32:31 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2012.08.14 13:14:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anas\AppData\Roaming\mozilla\Extensions

[2013.02.14 21:44:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anas\AppData\Roaming\mozilla\Firefox\Profiles\exvch0v7.default\extensions

[2013.01.18 15:21:42 | 000,538,938 | ---- | M] () (No name found) -- C:\Users\Anas\AppData\Roaming\mozilla\firefox\profiles\exvch0v7.default\extensions\toolbar@web.de.xpi

[2012.12.12 08:09:35 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Anas\AppData\Roaming\mozilla\firefox\profiles\exvch0v7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

[2013.02.14 21:44:33 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Anas\AppData\Roaming\mozilla\firefox\profiles\exvch0v7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2013.01.18 15:21:44 | 000,000,911 | ---- | M] () -- C:\Users\Anas\AppData\Roaming\mozilla\firefox\profiles\exvch0v7.default\searchplugins\11-suche.xml

[2013.01.18 15:21:44 | 000,002,273 | ---- | M] () -- C:\Users\Anas\AppData\Roaming\mozilla\firefox\profiles\exvch0v7.default\searchplugins\englische-ergebnisse.xml

[2013.01.18 15:21:44 | 000,010,563 | ---- | M] () -- C:\Users\Anas\AppData\Roaming\mozilla\firefox\profiles\exvch0v7.default\searchplugins\gmx-suche.xml

[2013.01.18 15:21:44 | 000,002,432 | ---- | M] () -- C:\Users\Anas\AppData\Roaming\mozilla\firefox\profiles\exvch0v7.default\searchplugins\lastminute.xml

[2012.08.14 23:09:33 | 000,002,474 | ---- | M] () -- C:\Users\Anas\AppData\Roaming\mozilla\firefox\profiles\exvch0v7.default\searchplugins\Web Search.xml

[2013.01.18 15:21:44 | 000,005,545 | ---- | M] () -- C:\Users\Anas\AppData\Roaming\mozilla\firefox\profiles\exvch0v7.default\searchplugins\webde-suche.xml

[2013.02.19 21:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2013.02.19 21:32:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2013.02.19 21:32:25 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com

[2013.02.19 21:32:31 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.08.30 00:03:24 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)

O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.

O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)

O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)

O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)

O4 - HKCU..\Run: [Spotify] C:\Users\Anas\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)

O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Anas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)

O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-S8QKV.exe ()

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe (Adobe Systems Incorporated)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Anas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Anas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Free YouTube Download - C:\Users\Anas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Anas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)

O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 10.5.0)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 10.5.0)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.11.2)

O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.11.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46404E14-D2C3-472A-B130-FF70D7B0BC92}: NameServer = 8.8.8.8

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBB7F47C-7FC5-4C6F-810A-24219E03CF16}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.05.13 19:44:47 | 000,000,048 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]

O32 - AutoRun File - [2011.05.11 05:00:37 | 000,000,000 | RH-D | M] - J:\autorun -- [ NTFS ]

O32 - Unable to obtain root file information for disk J:\

O33 - MountPoints2\{3f5f2cef-e600-11e1-941d-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{3f5f2cef-e600-11e1-941d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\LaunchSetup.exe -- [2005.01.31 17:26:56 | 000,106,496 | R--- | M] ()

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.02.20 21:04:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Anas\Desktop\OTL.exe

[2013.02.19 21:32:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013.02.18 07:28:31 | 000,000,000 | ---D | C] -- C:\Users\Anas\AppData\Roaming\Skype

[2013.02.18 07:28:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2013.02.18 07:28:22 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype

[2013.02.18 07:28:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2013.02.18 07:28:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[2013.02.17 18:50:40 | 000,000,000 | ---D | C] -- C:\Users\Anas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LibreCAD

[2013.02.17 18:50:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreCAD

[2013.02.16 14:49:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Dot Forever

[2013.02.16 14:49:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Dot Forever

[2013.02.16 14:13:27 | 000,000,000 | ---D | C] -- C:\Users\Anas\AppData\Roaming\Audacity

[2013.02.16 14:13:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity

[2013.02.12 21:51:52 | 000,042,184 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys

[2013.02.11 21:59:31 | 000,565,488 | ---- | C] (Hola Networks Ltd.) -- C:\Windows\SysNative\drivers\hola_drv.sys

[2013.02.11 21:59:31 | 000,086,384 | ---- | C] (Hola Networks Ltd.) -- C:\Windows\SysNative\drivers\hola_net.sys

[2013.02.11 21:59:31 | 000,086,128 | ---- | C] (Hola Networks Ltd.) -- C:\Windows\SysNative\drivers\hola_mon_drv.sys

[2013.02.11 21:59:25 | 000,000,000 | ---D | C] -- C:\Program Files\Hola

[2013.02.11 13:17:36 | 000,000,000 | ---D | C] -- C:\Users\Anas\Desktop\Fotos zum sortieren

[2013.02.01 11:36:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.02.20 21:04:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anas\Desktop\OTL.exe

[2013.02.20 21:03:43 | 000,000,168 | ---- | M] () -- C:\Users\Anas\defogger_reenable

[2013.02.20 21:02:15 | 000,050,477 | ---- | M] () -- C:\Users\Anas\Desktop\Defogger.exe

[2013.02.20 20:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.02.20 07:25:22 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013.02.20 07:25:22 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2013.02.20 07:25:22 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013.02.20 07:25:22 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2013.02.20 07:25:22 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013.02.20 00:26:02 | 000,710,504 | ---- | M] () -- C:\Windows\is-S8QKV.exe

[2013.02.20 00:26:02 | 000,013,521 | ---- | M] () -- C:\Windows\is-S8QKV.msg

[2013.02.20 00:26:02 | 000,000,392 | ---- | M] () -- C:\Windows\is-S8QKV.lst

[2013.02.19 21:20:24 | 000,749,283 | ---- | M] () -- C:\Users\Anas\Desktop\Partielle Integration und Integration mit Substitution.pdf

[2013.02.18 15:40:54 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.02.18 15:40:54 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.02.17 23:02:28 | 000,017,200 | ---- | M] () -- C:\Users\Anas\Desktop\Koffer CAD Untere Plexiglasplatte.dxf

[2013.02.17 19:52:59 | 000,015,920 | ---- | M] () -- C:\Users\Anas\Desktop\Koffer CAD Untere Plexiglasplatte.dxf~

[2013.02.17 18:50:40 | 000,001,033 | ---- | M] () -- C:\Users\Anas\Desktop\LibreCAD.lnk

[2013.02.16 17:38:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.02.16 17:38:35 | 486,513,392 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2013.02.16 17:38:32 | 3156,807,680 | -HS- | M] () -- C:\hiberfil.sys

[2013.02.16 16:14:23 | 000,226,497 | ---- | M] () -- C:\Users\Anas\Desktop\Sicherung Krämer, Kekule und Keller.pdf

[2013.02.16 16:14:18 | 002,348,412 | ---- | M] () -- C:\Users\Anas\Desktop\Ewiges Leben.pdf

[2013.02.16 14:49:27 | 000,000,966 | ---- | M] () -- C:\Users\Anas\Desktop\Red Dot Forever.lnk

[2013.02.13 03:28:08 | 000,475,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013.02.12 21:51:52 | 000,042,184 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys

[2013.02.11 21:59:31 | 000,565,488 | ---- | M] (Hola Networks Ltd.) -- C:\Windows\SysNative\drivers\hola_drv.sys

[2013.02.11 21:59:31 | 000,086,384 | ---- | M] (Hola Networks Ltd.) -- C:\Windows\SysNative\drivers\hola_net.sys

[2013.02.11 21:59:31 | 000,086,128 | ---- | M] (Hola Networks Ltd.) -- C:\Windows\SysNative\drivers\hola_mon_drv.sys

[2013.02.10 00:23:17 | 000,187,215 | R--- | M] () -- C:\Users\Anas\Desktop\All Of Me - Jon Schmidt.pdf

[2013.02.01 11:34:18 | 003,179,048 | ---- | M] () -- C:\Users\Anas\Desktop\HRS_Song_TravelDreams_long.mp3

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.02.20 21:03:43 | 000,000,168 | ---- | C] () -- C:\Users\Anas\defogger_reenable

[2013.02.20 21:02:15 | 000,050,477 | ---- | C] () -- C:\Users\Anas\Desktop\Defogger.exe

[2013.02.20 00:26:02 | 000,710,504 | ---- | C] () -- C:\Windows\is-S8QKV.exe

[2013.02.20 00:26:02 | 000,013,521 | ---- | C] () -- C:\Windows\is-S8QKV.msg

[2013.02.20 00:26:02 | 000,000,392 | ---- | C] () -- C:\Windows\is-S8QKV.lst

[2013.02.19 21:20:23 | 000,749,283 | ---- | C] () -- C:\Users\Anas\Desktop\Partielle Integration und Integration mit Substitution.pdf

[2013.02.17 19:52:59 | 000,015,920 | ---- | C] () -- C:\Users\Anas\Desktop\Koffer CAD Untere Plexiglasplatte.dxf~

[2013.02.17 19:43:29 | 000,017,200 | ---- | C] () -- C:\Users\Anas\Desktop\Koffer CAD Untere Plexiglasplatte.dxf

[2013.02.17 18:50:40 | 000,001,033 | ---- | C] () -- C:\Users\Anas\Desktop\LibreCAD.lnk

[2013.02.16 16:14:23 | 000,226,497 | ---- | C] () -- C:\Users\Anas\Desktop\Sicherung Krämer, Kekule und Keller.pdf

[2013.02.16 16:14:17 | 002,348,412 | ---- | C] () -- C:\Users\Anas\Desktop\Ewiges Leben.pdf

[2013.02.16 14:49:27 | 000,000,966 | ---- | C] () -- C:\Users\Anas\Desktop\Red Dot Forever.lnk

[2013.02.16 14:13:25 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk

[2013.02.10 00:23:20 | 000,187,215 | R--- | C] () -- C:\Users\Anas\Desktop\All Of Me - Jon Schmidt.pdf

[2013.02.01 11:34:17 | 003,179,048 | ---- | C] () -- C:\Users\Anas\Desktop\HRS_Song_TravelDreams_long.mp3

[2013.01.27 10:11:06 | 000,001,141 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk

[2012.10.12 20:35:52 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2012.09.05 22:39:26 | 004,503,728 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad

[2012.08.15 02:41:16 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat

[2012.08.14 12:30:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\SonyVideoProcessor.dll

[2012.08.14 12:17:47 | 000,001,607 | ---- | C] () -- C:\Windows\SysWow64\McOEMAppRules.dat

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== LOP Check ==========

 

[2012.08.14 18:05:13 | 000,000,000 | ---D | M] -- C:\Users\Anas\AppData\Roaming\Arduino

[2013.02.16 15:06:23 | 000,000,000 | ---D | M] -- C:\Users\Anas\AppData\Roaming\Audacity

[2012.08.14 22:50:47 | 000,000,000 | ---D | M] -- C:\Users\Anas\AppData\Roaming\DAEMON Tools Lite

[2013.02.16 17:40:15 | 000,000,000 | ---D | M] -- C:\Users\Anas\AppData\Roaming\Dropbox

[2012.10.28 18:34:09 | 000,000,000 | ---D | M] -- C:\Users\Anas\AppData\Roaming\DVDVideoSoft

[2012.08.14 14:01:54 | 000,000,000 | ---D | M] -- C:\Users\Anas\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.10.15 22:20:17 | 000,000,000 | ---D | M] -- C:\Users\Anas\AppData\Roaming\GoPro

[2013.01.19 12:46:26 | 000,000,000 | ---D | M] -- C:\Users\Anas\AppData\Roaming\MakeMusic

[2012.08.26 20:09:36 | 000,000,000 | ---D | M] -- C:\Users\Anas\AppData\Roaming\MAXON

[2012.08.14 22:49:09 | 000,000,000 | ---D | M] -- C:\Users\Anas\AppData\Roaming\OpenCandy

[2012.08.18 20:25:44 | 000,000,000 | ---D | M] -- C:\Users\Anas\AppData\Roaming\Publish Providers

[2012.08.19 00:21:39 | 000,000,000 | ---D | M] -- C:\Users\Anas\AppData\Roaming\Sony

[2012.10.07 19:10:14 | 000,000,000 | ---D | M] -- C:\Users\Anas\AppData\Roaming\Sony Creative Software Inc

[2013.02.19 23:41:01 | 000,000,000 | ---D | M] -- C:\Users\Anas\AppData\Roaming\Spotify

[2013.02.16 15:16:34 | 000,000,000 | ---D | M] -- C:\Users\Anas\AppData\Roaming\Synthesia

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:054203E4
 

< End of report >

--- --- ---

Das zweite Dokument hatte den Namen "Extras":OTL Logfile:

Code:

OTL Extras logfile created on: 20.02.2013 21:06:09 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Anas\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,92 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 62,91% Memory free

7,84 Gb Paging File | 6,12 Gb Available in Paging File | 78,07% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 455,66 Gb Total Space | 267,38 Gb Free Space | 58,68% Space Free | Partition Type: NTFS

Drive E: | 620,16 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive J: | 1863,01 Gb Total Space | 238,39 Gb Free Space | 12,80% Space Free | Partition Type: NTFS

 

Computer Name: ANAS-VAIO | User Name: Anas | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01B3561F-F651-4FAB-A4C3-F833ECEC3B83}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{0494401C-AA4C-4944-AFED-11CEE62C57CA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{0F084D36-174F-4E52-8427-CCEEF982483C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{11091E7A-0DF2-4A37-9894-DB3E36695F4A}" = lport=445 | protocol=6 | dir=in | app=system | 

"{12B8ACA9-D0D3-4DC6-892A-F863DAC63107}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{196EB233-94BC-48DE-9923-DD801D51E9D2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{27B51EF6-70BB-469E-90D7-A91F02827BF7}" = lport=137 | protocol=17 | dir=in | app=system | 

"{32F446DF-DA9E-40AE-8700-6CA8F8D82767}" = rport=139 | protocol=6 | dir=out | app=system | 

"{4200F887-7A27-4BD8-B2DE-2D487332E2A0}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{4256B78C-754C-4435-88E9-555910B1B1B9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{428F3CC5-B1E8-443D-8B06-68F5D601C369}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{554C046B-9A8A-44BE-B5DD-B30A88147546}" = rport=138 | protocol=17 | dir=out | app=system | 

"{625DA547-FF52-420C-8DDD-F0806EF318C0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{6B080C0C-2CB7-42DD-B61C-F3EA4CB1614C}" = lport=138 | protocol=17 | dir=in | app=system | 

"{74012E98-30E5-4A2D-85F2-320E908704D5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{7D4EC2FF-9D92-4C40-84FC-6BFAE24D2822}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{8D8D4FF5-27F1-43F4-9B34-79FE846AA6FD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{8DC35227-A4AE-463F-8346-2AC58CF4EB7F}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{A1575999-14D2-4BE1-B69E-9375F04DE131}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{A461F19D-8AE4-4FA6-8CB1-EC0CE8CF65BC}" = rport=445 | protocol=6 | dir=out | app=system | 

"{A60D1903-2DB2-4CB8-BBF8-50BC3D0709CC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 

"{AE2B557F-F43F-48AC-AC83-6DB8F43E255F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{B0862210-4316-4289-AA8C-0135D94FE8D9}" = lport=139 | protocol=6 | dir=in | app=system | 

"{BE7BF654-8C6E-4E91-BF12-FE005BBF33D9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{D5721666-E562-4BCB-8393-797613992F3A}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{E60D0919-4173-4BDC-9B7E-47C43713BB18}" = rport=137 | protocol=17 | dir=out | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{04B74114-1378-4B24-897A-045EB6447C28}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 

"{0B056D92-3D35-467F-AA0D-2FE879567167}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{11B6810C-FCBD-4AF6-A0F9-3851E55F25C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{159C434A-5F6A-472B-B9AA-AD51D21FF707}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{1772D8C1-9552-47E4-A92D-291D030DCF98}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{2769B337-C4EE-46EF-AF1C-5E086E4A50C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 

"{3B6E4EBD-4F92-4931-B0C5-B6D6CD94D6AE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

"{3DA11CC7-FB38-419D-9C4E-F54F9A6D7F77}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{436F9226-43C6-4D1D-97D2-F40FD9798976}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{50E23006-4869-4F61-8A73-D80B5910B397}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{57152EA0-5B07-4032-8C06-DA6F9EFB498A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{603D4700-2505-4B4E-95AE-F4BCA04118F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 

"{63CD7612-C751-4824-A0CB-D3857DA2DE7D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 

"{76CD3645-D487-4CA9-BA02-85E3592EC497}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{777FDB8E-5D65-4806-8D78-A24B30DFF037}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{85261C57-FE68-41F6-90EA-2E63E27BA766}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 

"{8757E314-B271-485B-8B42-57909EF7020D}" = protocol=6 | dir=in | app=c:\users\anas\appdata\roaming\dropbox\bin\dropbox.exe | 

"{89A55E8A-CC47-48AA-B5F6-6028EE50369F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{970582C7-217F-460A-99B7-420618A19818}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

"{998CFC35-588F-41EF-9247-219A997B0BD4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{A2F31FBE-6F55-42C1-A964-31A454063594}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{A6E0485E-B4DD-43F7-B581-8957140A60EA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{AA0F95F4-A971-4D82-BB0A-0EB61365994D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 

"{ABA6B33F-E49B-4CD0-9946-860E2966FF17}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

"{AC0B2DCC-EA04-42FB-AA4E-6FB2EA79D40C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{ACF8BBD0-67CF-48C4-BF55-D6BE89D97102}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{B5F0B6C5-6EC2-4622-9D0C-EB94DB9ECF80}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 

"{BF7B2BA6-1F12-4FC1-96C4-C5368B1B4053}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{C1A7FDBB-B4BC-4760-921B-B4FAE21FC143}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{C46FC089-ABA6-41B0-972E-AA5A36DE54E3}" = protocol=6 | dir=in | app=e:\easy_search.exe | 

"{C638052A-7D0E-4392-89D0-9C9EE1A72DEB}" = protocol=6 | dir=out | app=system | 

"{CEFB4C0D-54A1-4960-8F9D-C1D79A145A33}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{D0A28067-6420-484C-B22F-420355612A9B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 

"{D80EB072-7CF7-4952-98AE-D22646BAE41D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

"{DA214E7A-2D53-4002-AD8D-9B9D22FB637B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 

"{DB20E779-03C8-43DB-9FD7-A0524171A450}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{E7F2E4E1-3704-4205-ACB6-37F9FD3E752E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 

"{F572A1CD-6A4E-4CB9-B200-B99E7B3AE9FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 

"{F9C44456-6BE4-47D1-8066-512556FF6158}" = protocol=17 | dir=in | app=c:\users\anas\appdata\roaming\dropbox\bin\dropbox.exe | 

"{FCEBDA82-51DA-47CB-A651-195D1820DB7B}" = protocol=17 | dir=in | app=e:\easy_search.exe | 

"TCP Query User{2122D602-BAA8-4DE2-BD3C-52C7DC8418D0}C:\users\anas\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\anas\appdata\roaming\spotify\spotify.exe | 

"TCP Query User{42A93F32-747C-42AB-99CF-D378DF3A7A1C}C:\users\anas\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\anas\appdata\roaming\spotify\spotify.exe | 

"TCP Query User{BD153E64-44BB-40ED-9304-EFC25B2D83F9}E:\clicknconnect.exe" = protocol=6 | dir=in | app=e:\clicknconnect.exe | 

"TCP Query User{CD8C102A-83F5-4249-B893-D35FE4D2A099}E:\easy_search.exe" = protocol=6 | dir=in | app=e:\easy_search.exe | 

"TCP Query User{D209213D-4B65-4D92-B274-930957D677B4}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 

"UDP Query User{167EB2E8-FDEE-46E0-B4AD-19DF24E0B803}C:\users\anas\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\anas\appdata\roaming\spotify\spotify.exe | 

"UDP Query User{3505D1C8-6B77-4E76-9A45-8CB61FF8D238}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 

"UDP Query User{5F3C6E91-C788-4DC5-ABBE-367610C18247}C:\users\anas\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\anas\appdata\roaming\spotify\spotify.exe | 

"UDP Query User{63D47779-3A36-4A10-9FAC-44A5F6D3035D}E:\clicknconnect.exe" = protocol=17 | dir=in | app=e:\clicknconnect.exe | 

"UDP Query User{8E74D9EC-F9FC-448E-856F-285324B7CDFB}E:\easy_search.exe" = protocol=17 | dir=in | app=e:\easy_search.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)

"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)

"{27225900-26A4-11E1-9C98-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)

"{29AFE1B0-26A4-11E1-BFD4-F04DA23A5C58}" = MSVCRT Redists

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{6B7DE186-374B-4873-AEC1-7464DA337DD6}" = VU5x64

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{C37B6246-7D4A-4E5C-BFB4-11C8660BDC99}" = VAIO Movie Story MergeModules x64

"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software

"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst

"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"0B624A43DD66DBF5CF3EDFA9741A364E688062A4" = Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 )

"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)

"930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth  (09/09/2009 6.2.0.9405)

"MAXONFB05E576" = CINEMA 4D 13.016

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"NVIDIA Drivers" = NVIDIA Drivers

"ProInst" = Intel PROSet Wireless

"VLC media player" = VLC media player 2.0.2

"WinRAR archiver" = WinRAR 4.20 (64-Bit)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings

"{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)

"{1E450972-E996-4EC1-A4C3-1518A46928D0}" = VAIO Content Metadata Intelligent Network Service Manager

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools

"{1FD416D0-CC16-41D1-A25C-C9986CD8BBAB}" = VAIO Content Metadata Intelligent Analyzing Manager

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{208345BE-27BB-4367-B245-A5B6E764FDD0}" = VAIO Content Metadata Intelligent Analyzing Manager

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = Einstellungen für VAIO-Inhaltsüberwachung

"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33

"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11

"{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library

"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie

"{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool

"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care

"{37531547-B1F4-45E6-98FC-8AF5F2F0EAA4}" = VAIO Content Metadata Manager Settings

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{436A5F3E-8944-4128-8E1A-B09CB1D3AAB4}" = eMedia Starter Keyboard Lessons

"{4427F384-B5BE-4769-B7D0-C784FC321EB1}" = VAIO Content Metadata Intelligent Network Service Manager

"{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}" = VAIO Content Metadata Intelligent Analyzing Manager

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ

"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool

"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data

"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD

"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform

"{6D320CE8-79EB-4D45-8C6D-DEF74D84B49A}" = VAIO Window Organizer

"{6D8ED20E-E792-4DAC-BB66-009836CBD80B}" = VAIO Content Monitoring Settings

"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data

"{70991E0A-1108-437E-BA7D-085702C670C0}" = 

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center

"{7392AA60-133D-4761-94DB-8FBC9B6CD5EA}" = VAIO Content Metadata Intelligent Network Service Manager

"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio

"{75ED9EBF-EB3E-4896-BB94-DB2830BCF099}" = Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7

"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2

"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Energie Verwaltung

"{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide

"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus

"{8FA63AA5-7138-4B6F-8404-F18835E2B8F4}" = Media Gallery

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie

"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 

"{96D8E26D-70CB-44DE-AE50-43095A39E5B2}" = VAIO Entertainment Platform

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B163B82-3B46-4CE5-BF01-A53E550A8E58}" = Sony Home Network Library

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86

"{9DA53D22-D922-494C-B1D7-51CD9BCB9E4A}" = VAIO Hardware Diagnostics

"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update

"{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library

"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Funktion Einstellungen

"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate

"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series

"{A95187EF-BCF4-4468-B501-C0BAB976ADD1}" = VAIO Personalization Manager

"{AB259D46-F851-41B0-9AFA-AED8998AD68A}" = MusicStation

"{AC050677-EAFC-4B57-8F83-8205F65134D2}" = VAIO Content Metadata XML Interface Library

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch

"{B1DADBEB-7F82-4B29-84D6-5F14A020F0A0}" = VAIO Content Metadata Intelligent Analyzing Manager

"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)

"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy

"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB

"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default

"{BCA907B6-5A0F-473E-8C63-0FF0CFAEB7B7}" = VAIO Personalization Manager

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service

"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library

"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86

"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents

"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver

"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = Media Gallery

"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E3DC1111-5D32-40F9-BB81-64E31294C1A4}" = VAIO Personalization Manager

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = 

"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Audacity_is1" = Audacity 2.0.3

"Avira AntiVir Desktop" = Avira Free Antivirus

"DAEMON Tools Lite" = DAEMON Tools Lite

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Finale NotePad 2012" = Finale NotePad 2012

"Free Studio_is1" = Free Studio version 5.6.3.706

"GoPro CineForm Studio" = GoPro CineForm Studio 1.3.0

"HotspotShield" = Hotspot Shield 2.87

"InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)

"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)

"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data

"InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide

"InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100

"MarketingTools" = VAIO Marketing Tools

"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Red Dot Forever_is1" = Red Dot Forever 1.04

"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)

"Steam App 42680" = Call of Duty: Modern Warfare 3

"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer

"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server

"Synthesia" = Synthesia (remove only)

"VAIO Help and Support" = 

"VAIO Premium Partners" = VAIO Premium Partners

"VAIO screensaver" = VAIO screensaver

"VLC media player" = VLC media player 2.0.5

"WinLiveSuite_Wave3" = Windows Live Essentials

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"Spotify" = Spotify

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 04.01.2013 05:45:00 | Computer Name = Anas-VAIO | Source = hshld | ID = 10103

Description = 

 

Error - 04.01.2013 05:45:00 | Computer Name = Anas-VAIO | Source = hshld | ID = 10103

Description = 

 

Error - 04.01.2013 05:45:01 | Computer Name = Anas-VAIO | Source = hshld | ID = 10103

Description = 

 

Error - 04.01.2013 05:45:01 | Computer Name = Anas-VAIO | Source = hshld | ID = 10103

Description = 

 

Error - 04.01.2013 05:45:01 | Computer Name = Anas-VAIO | Source = hshld | ID = 10103

Description = 

 

Error - 04.01.2013 05:45:01 | Computer Name = Anas-VAIO | Source = hshld | ID = 10103

Description = 

 

Error - 04.01.2013 05:45:02 | Computer Name = Anas-VAIO | Source = hshld | ID = 10106

Description = 

 

Error - 04.01.2013 05:45:16 | Computer Name = Anas-VAIO | Source = hshld | ID = 10103

Description = 

 

Error - 04.01.2013 05:45:17 | Computer Name = Anas-VAIO | Source = hshld | ID = 10103

Description = 

 

Error - 04.01.2013 05:45:17 | Computer Name = Anas-VAIO | Source = hshld | ID = 10103

Description = 

 

[ System Events ]

Error - 15.02.2013 15:22:36 | Computer Name = ANAS-VAIO | Source = BugCheck | ID = 1001

Description = 

 

Error - 15.02.2013 15:22:47 | Computer Name = Anas-VAIO | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 Roxio Upnp Server 10 erreicht.

 

Error - 15.02.2013 15:23:14 | Computer Name = Anas-VAIO | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   hola_net

 

Error - 15.02.2013 15:42:51 | Computer Name = Anas-VAIO | Source = BROWSER | ID = 8032

Description = 

 

Error - 15.02.2013 16:39:59 | Computer Name = Anas-VAIO | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 Steam Client Service erreicht.

 

Error - 15.02.2013 16:39:59 | Computer Name = Anas-VAIO | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers

 nicht gestartet:   %%1053

 

Error - 16.02.2013 12:38:47 | Computer Name = Anas-VAIO | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am ?16.?02.?2013 um 16:36:49 unerwartet heruntergefahren.

 

Error - 16.02.2013 12:38:47 | Computer Name = ANAS-VAIO | Source = BugCheck | ID = 1001

Description = 

 

Error - 16.02.2013 12:39:02 | Computer Name = Anas-VAIO | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 Roxio Upnp Server 10 erreicht.

 

Error - 16.02.2013 12:39:24 | Computer Name = Anas-VAIO | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   hola_net

 

 

< End of report >

--- --- ---

Zum Schluss noch die Gmer Datei:

GMER Logfile:

Code:

GMER 2.1.18952 - hxxp://www.gmer.net

Rootkit scan 2013-02-20 23:33:57

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0003 465,76GB

Running: GMER_2.1.18952.exe; Driver: C:\Users\Anas\AppData\Local\Temp\kxliypoc.sys
 
 

---- User code sections - GMER 2.1 ----
 

.text   C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                        0000000075a61465 2 bytes [A6, 75]

.text   C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                       0000000075a614bb 2 bytes [A6, 75]

.text   ...                                                                                                                                                                                      * 2

.text   C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                  0000000075a61465 2 bytes [A6, 75]

.text   C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                 0000000075a614bb 2 bytes [A6, 75]

.text   ...                                                                                                                                                                                      * 2

.text   C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[2548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                     0000000075a61465 2 bytes [A6, 75]

.text   C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[2548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                    0000000075a614bb 2 bytes [A6, 75]

.text   ...                                                                                                                                                                                      * 2

.text   C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                       0000000075a61465 2 bytes [A6, 75]

.text   C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                      0000000075a614bb 2 bytes [A6, 75]

.text   ...                                                                                                                                                                                      * 2

.text   C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe[3100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                               0000000075a61465 2 bytes [A6, 75]

.text   C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe[3100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                              0000000075a614bb 2 bytes [A6, 75]

.text   ...                                                                                                                                                                                      * 2
 

---- Threads - GMER 2.1 ----
 

Thread  C:\Windows\SysWOW64\ntdll.dll [1668:1672]                                                                                                                                                0000000000a9ce26

Thread  C:\Windows\SysWOW64\ntdll.dll [1668:3500]                                                                                                                                                000000001000e2eb

Thread  C:\Windows\SysWOW64\ntdll.dll [1668:3584]                                                                                                                                                00000000017b66e0

Thread  C:\Windows\SysWOW64\ntdll.dll [1668:3588]                                                                                                                                                00000000017b66e0

Thread  C:\Windows\SysWOW64\ntdll.dll [1668:3592]                                                                                                                                                00000000017b66e0

Thread  C:\Windows\SysWOW64\ntdll.dll [1668:3596]                                                                                                                                                00000000017b2560

Thread   [1244:2056]                                                                                                                                                                             0000000075022ffc

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5204:5776]                                                                                                                           000007fefc282a7c
 

---- Registry - GMER 2.1 ----
 

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076d49816                                                                                                              

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313ea4886                                                                                                              

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313ea4886@90cf159e1067                                                                                                 0x48 0x42 0x6F 0xA3 ...

Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076d49816 (not active ControlSet)                                                                                          

Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313ea4886 (not active ControlSet)                                                                                          

Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313ea4886@90cf159e1067                                                                                                     0x48 0x42 0x6F 0xA3 ...

Reg     HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Anas\Desktop\Christal\xb4s Twixtor OFX Sony Vegas\Twixtor5.11OFXInstall.exe  1
 

---- EOF - GMER 2.1 ----

--- --- ---

Virustotal

Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.

Klicke auf Durchsuchen
Kopiere nun folgendes in die Suchleiste.

Code:

C:\Windows\is-S8QKV.exe
und klicke auf Öffnen.
Klicke auf Send File.

Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen.

Zitat:

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

klicke auf Reanalyse. Warte bis unter Current status: Finished steht. Kopiere den Link aus deiner Adresszeile und poste ihn hier.

Hallo,

DANKE nochmal für die Hilfe:

Hier ist der Link zum Bericht von virustotal:

https://www.virustotal.com/de/file/d0b9d679c4713fb100205f861cc8c32f54f0f7133093c9f1d244bf71b1ce3379/analysis/1361474381/

Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hallo,
ist der Trojaner jetzt weg und mein PC "clean"?
hier ist der Log von Combofix
Combofix Logfile:

Code:

ComboFix 13-02-22.01 - Anas 22.02.2013  17:35:17.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4014.1206 [GMT 1:00]

ausgeführt von:: c:\users\Anas\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\dsgsdgdsgdsgw.pad

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-01-22 bis 2013-02-22  ))))))))))))))))))))))))))))))

.

.

2013-02-22 16:40 . 2013-02-22 16:40        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-02-19 23:26 . 2013-02-19 23:26        710504        ----a-w-        c:\windows\is-S8QKV.exe

2013-02-18 06:28 . 2013-02-18 22:17        --------        d-----w-        c:\users\Anas\AppData\Roaming\Skype

2013-02-18 06:28 . 2013-02-18 06:28        --------        d-----w-        c:\program files (x86)\Common Files\Skype

2013-02-18 06:28 . 2013-02-18 06:28        --------        d-----r-        c:\program files (x86)\Skype

2013-02-18 06:28 . 2013-02-18 06:28        --------        d-----w-        c:\programdata\Skype

2013-02-17 17:50 . 2013-02-17 17:50        --------        d-----w-        c:\program files (x86)\LibreCAD

2013-02-16 13:49 . 2013-02-16 13:49        --------        d-----w-        c:\program files (x86)\Red Dot Forever

2013-02-16 13:13 . 2013-02-16 14:06        --------        d-----w-        c:\users\Anas\AppData\Roaming\Audacity

2013-02-16 13:13 . 2013-02-16 13:13        --------        d-----w-        c:\program files (x86)\Audacity

2013-02-13 02:02 . 2013-01-09 01:10        996352        ----a-w-        c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 02:02 . 2013-01-08 22:01        768000        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-12 23:17 . 2013-01-05 05:53        5553512        ----a-w-        c:\windows\system32\ntoskrnl.exe

2013-02-12 23:17 . 2013-01-05 05:00        3967848        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2013-02-12 23:17 . 2013-01-05 05:00        3913064        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2013-02-12 23:16 . 2013-01-04 03:26        3153408        ----a-w-        c:\windows\system32\win32k.sys

2013-02-12 23:16 . 2013-01-04 05:46        215040        ----a-w-        c:\windows\system32\winsrv.dll

2013-02-12 23:16 . 2013-01-04 04:51        5120        ----a-w-        c:\windows\SysWow64\wow32.dll

2013-02-12 23:16 . 2013-01-04 02:47        25600        ----a-w-        c:\windows\SysWow64\setup16.exe

2013-02-12 23:16 . 2013-01-04 02:47        7680        ----a-w-        c:\windows\SysWow64\instnm.exe

2013-02-12 23:16 . 2013-01-04 02:47        2048        ----a-w-        c:\windows\SysWow64\user.exe

2013-02-12 23:16 . 2013-01-04 02:47        14336        ----a-w-        c:\windows\SysWow64\ntvdm64.dll

2013-02-12 23:16 . 2013-01-03 06:00        1913192        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2013-02-12 23:16 . 2013-01-03 06:00        288088        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS

2013-02-12 20:51 . 2013-02-12 20:51        42184        ----a-w-        c:\windows\system32\drivers\hssdrv6.sys

2013-02-11 20:59 . 2013-02-11 20:59        86384        ----a-w-        c:\windows\system32\drivers\hola_net.sys

2013-02-11 20:59 . 2013-02-11 20:59        86128        ----a-w-        c:\windows\system32\drivers\hola_mon_drv.sys

2013-02-11 20:59 . 2013-02-11 20:59        565488        ----a-w-        c:\windows\system32\drivers\hola_drv.sys

2013-02-11 20:59 . 2013-02-11 21:00        --------        d-----w-        c:\program files\Hola

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-13 02:06 . 2012-12-24 07:28        70004024        ----a-w-        c:\windows\system32\MRT.exe

2013-02-09 22:25 . 2012-08-14 12:52        74096        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-09 22:25 . 2012-08-14 12:52        697712        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2013-01-12 02:30 . 2013-01-21 05:54        95648        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-01-10 19:44 . 2013-01-10 19:44        42184        ----a-w-        c:\windows\system32\drivers\taphss6.sys

2013-01-04 04:43 . 2013-02-12 23:16        44032        ----a-w-        c:\windows\apppatch\acwow64.dll

2012-12-24 07:24 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll

2012-12-24 07:24 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll

2012-12-16 17:11 . 2012-12-21 12:10        46080        ----a-w-        c:\windows\system32\atmlib.dll

2012-12-16 14:45 . 2012-12-21 12:10        367616        ----a-w-        c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-21 12:10        295424        ----a-w-        c:\windows\SysWow64\atmfd.dll

2012-12-16 14:13 . 2012-12-21 12:10        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll

2012-12-14 15:49 . 2012-08-14 13:28        24176        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-12-07 13:20 . 2013-01-09 01:34        441856        ----a-w-        c:\windows\system32\Wpc.dll

2012-12-07 13:15 . 2013-01-09 01:34        2746368        ----a-w-        c:\windows\system32\gameux.dll

2012-12-07 12:26 . 2013-01-09 01:34        308736        ----a-w-        c:\windows\SysWow64\Wpc.dll

2012-12-07 12:20 . 2013-01-09 01:34        2576384        ----a-w-        c:\windows\SysWow64\gameux.dll

2012-12-07 11:20 . 2013-01-09 01:34        30720        ----a-w-        c:\windows\system32\usk.rs

2012-12-07 11:20 . 2013-01-09 01:34        43520        ----a-w-        c:\windows\system32\csrr.rs

2012-12-07 11:20 . 2013-01-09 01:34        23552        ----a-w-        c:\windows\system32\oflc.rs

2012-12-07 11:20 . 2013-01-09 01:34        45568        ----a-w-        c:\windows\system32\oflc-nz.rs

2012-12-07 11:20 . 2013-01-09 01:34        44544        ----a-w-        c:\windows\system32\pegibbfc.rs

2012-12-07 11:20 . 2013-01-09 01:34        20480        ----a-w-        c:\windows\system32\pegi-fi.rs

2012-12-07 11:20 . 2013-01-09 01:34        20480        ----a-w-        c:\windows\system32\pegi-pt.rs

2012-12-07 11:19 . 2013-01-09 01:34        20480        ----a-w-        c:\windows\system32\pegi.rs

2012-12-07 11:19 . 2013-01-09 01:34        46592        ----a-w-        c:\windows\system32\fpb.rs

2012-12-07 11:19 . 2013-01-09 01:34        40960        ----a-w-        c:\windows\system32\cob-au.rs

2012-12-07 11:19 . 2013-01-09 01:34        21504        ----a-w-        c:\windows\system32\grb.rs

2012-12-07 11:19 . 2013-01-09 01:34        15360        ----a-w-        c:\windows\system32\djctq.rs

2012-12-07 11:19 . 2013-01-09 01:34        55296        ----a-w-        c:\windows\system32\cero.rs

2012-12-07 11:19 . 2013-01-09 01:34        51712        ----a-w-        c:\windows\system32\esrb.rs

2012-12-07 10:46 . 2013-01-09 01:34        43520        ----a-w-        c:\windows\SysWow64\csrr.rs

2012-12-07 10:46 . 2013-01-09 01:34        30720        ----a-w-        c:\windows\SysWow64\usk.rs

2012-12-07 10:46 . 2013-01-09 01:34        45568        ----a-w-        c:\windows\SysWow64\oflc-nz.rs

2012-12-07 10:46 . 2013-01-09 01:34        44544        ----a-w-        c:\windows\SysWow64\pegibbfc.rs

2012-12-07 10:46 . 2013-01-09 01:34        20480        ----a-w-        c:\windows\SysWow64\pegi-pt.rs

2012-12-07 10:46 . 2013-01-09 01:34        23552        ----a-w-        c:\windows\SysWow64\oflc.rs

2012-12-07 10:46 . 2013-01-09 01:34        20480        ----a-w-        c:\windows\SysWow64\pegi-fi.rs

2012-12-07 10:46 . 2013-01-09 01:34        46592        ----a-w-        c:\windows\SysWow64\fpb.rs

2012-12-07 10:46 . 2013-01-09 01:34        20480        ----a-w-        c:\windows\SysWow64\pegi.rs

2012-12-07 10:46 . 2013-01-09 01:34        21504        ----a-w-        c:\windows\SysWow64\grb.rs

2012-12-07 10:46 . 2013-01-09 01:34        40960        ----a-w-        c:\windows\SysWow64\cob-au.rs

2012-12-07 10:46 . 2013-01-09 01:34        15360        ----a-w-        c:\windows\SysWow64\djctq.rs

2012-12-07 10:46 . 2013-01-09 01:34        55296        ----a-w-        c:\windows\SysWow64\cero.rs

2012-12-07 10:46 . 2013-01-09 01:34        51712        ----a-w-        c:\windows\SysWow64\esrb.rs

2012-11-30 05:45 . 2013-01-09 01:34        362496        ----a-w-        c:\windows\system32\wow64win.dll

2012-11-30 05:45 . 2013-01-09 01:34        243200        ----a-w-        c:\windows\system32\wow64.dll

2012-11-30 05:45 . 2013-01-09 01:34        13312        ----a-w-        c:\windows\system32\wow64cpu.dll

2012-11-30 05:43 . 2013-01-09 01:34        16384        ----a-w-        c:\windows\system32\ntvdm64.dll

2012-11-30 05:41 . 2013-01-09 01:34        424448        ----a-w-        c:\windows\system32\KernelBase.dll

2012-11-30 05:41 . 2013-01-09 01:34        1161216        ----a-w-        c:\windows\system32\kernel32.dll

2012-11-30 05:38 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        6144        ---ha-w-        c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        5120        ---ha-w-        c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-11-30 04:53 . 2013-01-09 01:34        274944        ----a-w-        c:\windows\SysWow64\KernelBase.dll

2012-11-30 04:45 . 2013-01-09 01:34        4608        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        5120        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]

2013-02-12 19:39        233288        ----a-w-        c:\program files (x86)\Hotspot Shield\HssIE\HssIE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32        129272        ----a-w-        c:\users\Anas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32        129272        ----a-w-        c:\users\Anas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32        129272        ----a-w-        c:\users\Anas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify"="c:\users\Anas\AppData\Roaming\Spotify\Spotify.exe" [2012-10-28 7880664]

"Spotify Web Helper"="c:\users\Anas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-28 1199576]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-02-14 1597864]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]

"MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2012-08-14 26624]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-14 512360]

"InnoSetupRegFile.0000000001"="c:\windows\is-S8QKV.exe" [2013-02-19 710504]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2009-11-30 17:20        98304        ----a-w-        c:\windows\System32\VESWinlogon.dll

.

R1 hola_net;Hola Fast Internet Adapter;c:\windows\system32\DRIVERS\hola_net.sys [2013-02-11 86384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-30 362992]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-07 161384]

R2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]

R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-30 313840]

R3 SampleCollector;Intel(R) Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2009-09-16 167424]

R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2012-06-04 27336]

R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2012-06-04 71680]

R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-15 120104]

R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-15 70952]

R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-15 427304]

R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-15 75048]

R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-15 91432]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-01 361840]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-02-19 115568]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-18 1255736]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-07-18 27760]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-14 283200]

S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2013-02-12 42184]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-07-18 86224]

S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2013-02-13 536360]

S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2013-02-13 389928]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]

S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-11-06 93696]

S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-09-15 75776]

S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-14 642416]

S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-19 529776]

S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2009-11-25 821760]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]

S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-27 151040]

S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]

S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-01-10 42184]

S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]

S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [2012-10-26 1286784]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - KXLIYPOC

*Deregistered* - kxliypoc

.

Inhalt des "geplante Tasks" Ordners

.

2013-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 22:25]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32        162552        ----a-w-        c:\users\Anas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32        162552        ----a-w-        c:\users\Anas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32        162552        ----a-w-        c:\users\Anas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32        162552        ----a-w-        c:\users\Anas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-07 9636896]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2012-08-14 171520]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 16397416]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8e219849-c80e-4ad0-b7c7-df6543a56cd1&affid=111585&searchtype=hp&babsrc=lnkry_nt

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyServer = http=127.0.0.1:8555

uInternet Settings,ProxyOverride = <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896

uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8e219849-c80e-4ad0-b7c7-df6543a56cd1&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Free YouTube Download - c:\users\Anas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm

IE: Free YouTube to MP3 Converter - c:\users\Anas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{46404E14-D2C3-472A-B130-FF70D7B0BC92}: NameServer = 8.8.8.8

FF - ProfilePath - c:\users\Anas\AppData\Roaming\Mozilla\Firefox\Profiles\exvch0v7.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/

FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8e219849-c80e-4ad0-b7c7-df6543a56cd1&affid=111585&searchtype=ds&babsrc=lnkry&q=

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

SafeBoot-mcmscsvc

SafeBoot-MCODS

HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe

AddRemove-SLABCOMM&10C4&EA60 - c:\program files (x86)\Silabs\MCU\DriverUninstall\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2013-02-22  17:42:51

ComboFix-quarantined-files.txt  2013-02-22 16:42

.

Vor Suchlauf: 13 Verzeichnis(se), 295.002.652.672 Bytes frei

Nach Suchlauf: 16 Verzeichnis(se), 295.533.133.824 Bytes frei

.

- - End Of File - - 7D8BE04AE90BD69F2A09808DA60E9707

--- --- ---

Zitat:

uInternet Settings,ProxyServer = http=127.0.0.1:8555
uInternet Settings,ProxyOverride = <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896

Hast du diese Proxy-Daten eingegeben?

nein, wo hätte ich die denn eingeben sollen?

Schritt 1: CF-Script

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:

BleepingComputer.com - ForoSpyware.com

und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:

DDS::

uStart Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8e219849-c80e-4ad0-b7c7-df6543a56cd1&affid=111585&searchtype=hp&babsrc=lnkry_nt

uInternet Settings,ProxyServer = http=127.0.0.1:8555

uInternet Settings,ProxyOverride = <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896

uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8e219849-c80e-4ad0-b7c7-df6543a56cd1&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}

FIREFOX::

FF - ProfilePath - c:\users\Anas\AppData\Roaming\Mozilla\Firefox\Profiles\exvch0v7.default\

FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8e219849-c80e-4ad0-b7c7-df6543a56cd1&affid=111585&searchtype=ds&babsrc=lnkry&q=

.

CLEARJAVACACHE::

Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:

Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!
Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
Dies kann dazu führen, dass ComboFix sich aufhängt.
Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
Mache nichts am PC solange ComboFix läuft.

http://i266.photobucket.com/albums/i.../CFScriptB.gif

In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schritt 2: MBAM

Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen

COMBOFIX.TXT:

Combofix Logfile:

Code:

ComboFix 13-02-13.02 - Anas 27.02.2013  18:07:06.2.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4014.2176 [GMT 1:00]

ausgeführt von:: c:\users\Anas\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\users\Anas\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-01-27 bis 2013-02-27  ))))))))))))))))))))))))))))))

.

.

2013-02-27 17:11 . 2013-02-27 17:11        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-02-26 23:12 . 2013-02-26 23:12        76232        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1ED3009-1900-4777-AF50-ED573E8BC9BF}\offreg.dll

2013-02-26 11:56 . 2013-02-19 02:57        9162192        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1ED3009-1900-4777-AF50-ED573E8BC9BF}\mpengine.dll

2013-02-25 15:53 . 2013-02-25 15:53        95648        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-02-23 10:45 . 2013-01-17 00:28        273840        ------w-        c:\windows\system32\MpSigStub.exe

2013-02-19 23:26 . 2013-02-19 23:26        710504        ----a-w-        c:\windows\is-S8QKV.exe

2013-02-18 06:28 . 2013-02-18 22:17        --------        d-----w-        c:\users\Anas\AppData\Roaming\Skype

2013-02-18 06:28 . 2013-02-18 06:28        --------        d-----w-        c:\program files (x86)\Common Files\Skype

2013-02-18 06:28 . 2013-02-18 06:28        --------        d-----r-        c:\program files (x86)\Skype

2013-02-18 06:28 . 2013-02-18 06:28        --------        d-----w-        c:\programdata\Skype

2013-02-17 17:50 . 2013-02-17 17:50        --------        d-----w-        c:\program files (x86)\LibreCAD

2013-02-16 13:49 . 2013-02-16 13:49        --------        d-----w-        c:\program files (x86)\Red Dot Forever

2013-02-16 13:13 . 2013-02-16 14:06        --------        d-----w-        c:\users\Anas\AppData\Roaming\Audacity

2013-02-16 13:13 . 2013-02-16 13:13        --------        d-----w-        c:\program files (x86)\Audacity

2013-02-15 22:31 . 2013-02-15 22:31        186432        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

2013-02-13 02:02 . 2013-01-09 01:10        996352        ----a-w-        c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 02:02 . 2013-01-08 22:01        768000        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-12 23:17 . 2013-01-05 05:53        5553512        ----a-w-        c:\windows\system32\ntoskrnl.exe

2013-02-12 23:17 . 2013-01-05 05:00        3967848        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2013-02-12 23:17 . 2013-01-05 05:00        3913064        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2013-02-12 23:16 . 2013-01-04 03:26        3153408        ----a-w-        c:\windows\system32\win32k.sys

2013-02-12 23:16 . 2013-01-04 05:46        215040        ----a-w-        c:\windows\system32\winsrv.dll

2013-02-12 23:16 . 2013-01-04 04:51        5120        ----a-w-        c:\windows\SysWow64\wow32.dll

2013-02-12 23:16 . 2013-01-04 02:47        25600        ----a-w-        c:\windows\SysWow64\setup16.exe

2013-02-12 23:16 . 2013-01-04 02:47        7680        ----a-w-        c:\windows\SysWow64\instnm.exe

2013-02-12 23:16 . 2013-01-04 02:47        2048        ----a-w-        c:\windows\SysWow64\user.exe

2013-02-12 23:16 . 2013-01-04 02:47        14336        ----a-w-        c:\windows\SysWow64\ntvdm64.dll

2013-02-12 23:16 . 2013-01-03 06:00        1913192        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2013-02-12 23:16 . 2013-01-03 06:00        288088        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS

2013-02-12 20:51 . 2013-02-12 20:51        42184        ----a-w-        c:\windows\system32\drivers\hssdrv6.sys

2013-02-11 20:59 . 2013-02-11 20:59        86384        ----a-w-        c:\windows\system32\drivers\hola_net.sys

2013-02-11 20:59 . 2013-02-11 20:59        86128        ----a-w-        c:\windows\system32\drivers\hola_mon_drv.sys

2013-02-11 20:59 . 2013-02-11 20:59        565488        ----a-w-        c:\windows\system32\drivers\hola_drv.sys

2013-02-11 20:59 . 2013-02-11 21:00        --------        d-----w-        c:\program files\Hola

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-26 23:25 . 2012-08-14 12:52        71024        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-26 23:25 . 2012-08-14 12:52        691568        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2013-02-25 15:53 . 2012-08-14 12:17        861088        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll

2013-02-25 15:53 . 2012-08-14 12:17        782240        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2013-02-13 02:06 . 2012-12-24 07:28        70004024        ----a-w-        c:\windows\system32\MRT.exe

2013-01-10 19:44 . 2013-01-10 19:44        42184        ----a-w-        c:\windows\system32\drivers\taphss6.sys

2013-01-04 04:43 . 2013-02-12 23:16        44032        ----a-w-        c:\windows\apppatch\acwow64.dll

2012-12-24 07:24 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll

2012-12-24 07:24 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll

2012-12-16 17:11 . 2012-12-21 12:10        46080        ----a-w-        c:\windows\system32\atmlib.dll

2012-12-16 14:45 . 2012-12-21 12:10        367616        ----a-w-        c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-21 12:10        295424        ----a-w-        c:\windows\SysWow64\atmfd.dll

2012-12-16 14:13 . 2012-12-21 12:10        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll

2012-12-14 15:49 . 2012-08-14 13:28        24176        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-12-07 13:20 . 2013-01-09 01:34        441856        ----a-w-        c:\windows\system32\Wpc.dll

2012-12-07 13:15 . 2013-01-09 01:34        2746368        ----a-w-        c:\windows\system32\gameux.dll

2012-12-07 12:26 . 2013-01-09 01:34        308736        ----a-w-        c:\windows\SysWow64\Wpc.dll

2012-12-07 12:20 . 2013-01-09 01:34        2576384        ----a-w-        c:\windows\SysWow64\gameux.dll

2012-12-07 11:20 . 2013-01-09 01:34        30720        ----a-w-        c:\windows\system32\usk.rs

2012-12-07 11:20 . 2013-01-09 01:34        43520        ----a-w-        c:\windows\system32\csrr.rs

2012-12-07 11:20 . 2013-01-09 01:34        23552        ----a-w-        c:\windows\system32\oflc.rs

2012-12-07 11:20 . 2013-01-09 01:34        45568        ----a-w-        c:\windows\system32\oflc-nz.rs

2012-12-07 11:20 . 2013-01-09 01:34        44544        ----a-w-        c:\windows\system32\pegibbfc.rs

2012-12-07 11:20 . 2013-01-09 01:34        20480        ----a-w-        c:\windows\system32\pegi-fi.rs

2012-12-07 11:20 . 2013-01-09 01:34        20480        ----a-w-        c:\windows\system32\pegi-pt.rs

2012-12-07 11:19 . 2013-01-09 01:34        20480        ----a-w-        c:\windows\system32\pegi.rs

2012-12-07 11:19 . 2013-01-09 01:34        46592        ----a-w-        c:\windows\system32\fpb.rs

2012-12-07 11:19 . 2013-01-09 01:34        40960        ----a-w-        c:\windows\system32\cob-au.rs

2012-12-07 11:19 . 2013-01-09 01:34        21504        ----a-w-        c:\windows\system32\grb.rs

2012-12-07 11:19 . 2013-01-09 01:34        15360        ----a-w-        c:\windows\system32\djctq.rs

2012-12-07 11:19 . 2013-01-09 01:34        55296        ----a-w-        c:\windows\system32\cero.rs

2012-12-07 11:19 . 2013-01-09 01:34        51712        ----a-w-        c:\windows\system32\esrb.rs

2012-12-07 10:46 . 2013-01-09 01:34        43520        ----a-w-        c:\windows\SysWow64\csrr.rs

2012-12-07 10:46 . 2013-01-09 01:34        30720        ----a-w-        c:\windows\SysWow64\usk.rs

2012-12-07 10:46 . 2013-01-09 01:34        45568        ----a-w-        c:\windows\SysWow64\oflc-nz.rs

2012-12-07 10:46 . 2013-01-09 01:34        44544        ----a-w-        c:\windows\SysWow64\pegibbfc.rs

2012-12-07 10:46 . 2013-01-09 01:34        20480        ----a-w-        c:\windows\SysWow64\pegi-pt.rs

2012-12-07 10:46 . 2013-01-09 01:34        23552        ----a-w-        c:\windows\SysWow64\oflc.rs

2012-12-07 10:46 . 2013-01-09 01:34        20480        ----a-w-        c:\windows\SysWow64\pegi-fi.rs

2012-12-07 10:46 . 2013-01-09 01:34        46592        ----a-w-        c:\windows\SysWow64\fpb.rs

2012-12-07 10:46 . 2013-01-09 01:34        20480        ----a-w-        c:\windows\SysWow64\pegi.rs

2012-12-07 10:46 . 2013-01-09 01:34        21504        ----a-w-        c:\windows\SysWow64\grb.rs

2012-12-07 10:46 . 2013-01-09 01:34        40960        ----a-w-        c:\windows\SysWow64\cob-au.rs

2012-12-07 10:46 . 2013-01-09 01:34        15360        ----a-w-        c:\windows\SysWow64\djctq.rs

2012-12-07 10:46 . 2013-01-09 01:34        55296        ----a-w-        c:\windows\SysWow64\cero.rs

2012-12-07 10:46 . 2013-01-09 01:34        51712        ----a-w-        c:\windows\SysWow64\esrb.rs

2012-11-30 05:45 . 2013-01-09 01:34        362496        ----a-w-        c:\windows\system32\wow64win.dll

2012-11-30 05:45 . 2013-01-09 01:34        243200        ----a-w-        c:\windows\system32\wow64.dll

2012-11-30 05:45 . 2013-01-09 01:34        13312        ----a-w-        c:\windows\system32\wow64cpu.dll

2012-11-30 05:43 . 2013-01-09 01:34        16384        ----a-w-        c:\windows\system32\ntvdm64.dll

2012-11-30 05:41 . 2013-01-09 01:34        424448        ----a-w-        c:\windows\system32\KernelBase.dll

2012-11-30 05:41 . 2013-01-09 01:34        1161216        ----a-w-        c:\windows\system32\kernel32.dll

2012-11-30 05:38 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        6144        ---ha-w-        c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        5120        ---ha-w-        c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-11-30 04:53 . 2013-01-09 01:34        274944        ----a-w-        c:\windows\SysWow64\KernelBase.dll

2012-11-30 04:45 . 2013-01-09 01:34        4608        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        5120        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 01:34        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]

2013-02-12 19:39        233288        ----a-w-        c:\program files (x86)\Hotspot Shield\HssIE\HssIE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32        129272        ----a-w-        c:\users\Anas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32        129272        ----a-w-        c:\users\Anas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32        129272        ----a-w-        c:\users\Anas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify"="c:\users\Anas\AppData\Roaming\Spotify\Spotify.exe" [2012-10-28 7880664]

"Spotify Web Helper"="c:\users\Anas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-28 1199576]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-02-14 1597864]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]

"MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2012-08-14 26624]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jaureg.exe" [2012-07-03 232368]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-14 512360]

"InnoSetupRegFile.0000000001"="c:\windows\is-S8QKV.exe" [2013-02-19 710504]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2009-11-30 17:20        98304        ----a-w-        c:\windows\System32\VESWinlogon.dll

.

R1 hola_net;Hola Fast Internet Adapter;c:\windows\system32\DRIVERS\hola_net.sys [2013-02-11 86384]

R2 AviraUpgradeService;Avira Upgrade Service;c:\windows\TEMP\AVSETUP_51289767\avupgsvc.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-30 362992]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-07 161384]

R2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]

R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-30 313840]

R3 SampleCollector;Intel(R) Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2009-09-16 167424]

R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2012-06-04 27336]

R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2012-06-04 71680]

R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-15 120104]

R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-15 70952]

R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-15 427304]

R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-15 75048]

R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-15 91432]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-01 361840]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-02-19 115568]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-18 1255736]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-14 283200]

S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2013-02-12 42184]

S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2013-02-13 536360]

S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2013-02-13 389928]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]

S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-11-06 93696]

S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-09-15 75776]

S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-14 642416]

S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-19 529776]

S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2009-11-25 821760]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]

S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-27 151040]

S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]

S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-01-10 42184]

S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]

S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [2012-10-26 1286784]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216]

S4 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - KXLIYPOC

*Deregistered* - kxliypoc

.

Inhalt des "geplante Tasks" Ordners

.

2013-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 23:25]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32        162552        ----a-w-        c:\users\Anas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32        162552        ----a-w-        c:\users\Anas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32        162552        ----a-w-        c:\users\Anas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32        162552        ----a-w-        c:\users\Anas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-07 9636896]

"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2012-08-14 171520]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 16397416]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8e219849-c80e-4ad0-b7c7-df6543a56cd1&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Free YouTube Download - c:\users\Anas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm

IE: Free YouTube to MP3 Converter - c:\users\Anas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{46404E14-D2C3-472A-B130-FF70D7B0BC92}: NameServer = 8.8.8.8

FF - ProfilePath - c:\users\Anas\AppData\Roaming\Mozilla\Firefox\Profiles\exvch0v7.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKLM-Run-AVSetupPending - c:\windows\TEMP\AVSETUP_51289767\SetupPending.exe

AddRemove-SLABCOMM&10C4&EA60 - c:\program files (x86)\Silabs\MCU\DriverUninstall\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2013-02-27  18:13:13

ComboFix-quarantined-files.txt  2013-02-27 17:13

ComboFix2.txt  2013-02-22 16:42

.

Vor Suchlauf: 15 Verzeichnis(se), 295.133.982.720 Bytes frei

Nach Suchlauf: 16 Verzeichnis(se), 295.234.732.032 Bytes frei

.

- - End Of File - - C7F0976B5E817F7198F4B526B0EE0FA0

--- --- ---

MBAM sagte mir:

Malwarebytes Anti-Malware 1.70.0.1100
Malwarebytes : Free anti-malware download

Datenbank Version: v2013.02.27.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Anas :: ANAS-VAIO [Administrator]

27.02.2013 18:23:28
mbam-log-2013-02-27 (18-23-28).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 211359
Laufzeit: 2 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Sieht ganz gut aus - kontrollieren wir alles nochmal! :)

Schritt 1: MBAM vollständig

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen. (Hinweis: Alle Festplatten anhaken!)
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 2: ESET

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hallo,

also mit MBAM hab ich das alles nochmal so gemacht:

Malwarebytes Anti-Malware (Test) 1.70.0.1100
Malwarebytes : Free anti-malware download

Datenbank Version: v2013.02.28.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Anas :: ANAS-VAIO [Administrator]

Schutz: Aktiviert

28.02.2013 17:05:54
mbam-log-2013-02-28 (17-05-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 381347
Laufzeit: 52 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Aber beim ESET Online Scanner gab es keinen Button. Nachdem EINMAL (!) Start gedrückt habe, hat der direkt Aktualisiert etc. und auch sofort angefangen zu scannen. Anschließend zeigte der mir zum Schluss nur einmal an, dass er nichts gefunden hat. Da stand dann so etwas wie: "Keine infizierte Dateien" oder ähnliches. Aber der einzige Button, denn ich da drücken konnte war "Finish". Vielleicht haben die das Programm aktualisiert?

SecurityCheck

Downloade Dir bitte SecurityCheck von einem der folgenden Links:
LINK1 LINK2

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.