| |
| |||||||
Log-Analyse und Auswertung: online cyber police trojaner soweit entfernt.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.08.2012, 13:46
| #1 |
| |  online cyber police trojaner soweit entfernt. Hallo, ich hatte den BKA-Trojaner. Habe mich hier informiert, und es mit den angegebenen Software Tipps usw entfernt. Vielen Dank für den Support hier echt Klasse! Wollte jetzt nur kurz mal mein otl log und adwc log posten. Vielleicht schaut jemand kurz drüber ob so alles richtig verlaufen ist bei mir!? Sollte ich alle Viren Trojaner usw aus der Malware-Quarantäne löschen? Vielen Dank für die Hilfe All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! Unable to set value : HKEY_USERS\S-1-5-21-2686764023-490896463-1507359050-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E! Unable to set value : HKU\S-1-5-21-2686764023-490896463-1507359050-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E! 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IntelTBRunOnce not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate not found. File C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe not found. Registry key HKEY_USERS\S-1-5-21-2686764023-490896463-1507359050-1000\Software\Microsoft\Windows\CurrentVersion\Run not found. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop not found. Registry key HKEY_USERS\S-1-5-21-2686764023-490896463-1507359050-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ not found. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! File D:\AUTORUN.INF not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32041104-cfbb-11e0-af78-b870f4837362}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32041104-cfbb-11e0-af78-b870f4837362}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32041104-cfbb-11e0-af78-b870f4837362}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32041104-cfbb-11e0-af78-b870f4837362}\ not found. File move failed. E:\AutoRun.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{921a44bb-872d-11e0-ab35-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{921a44bb-872d-11e0-ab35-806e6f6e6963}\ not found. File C:\ProgramData\00etadpu.pad not found. Unable to delete ADS C:\ProgramData\Temp:5D458568 . File C:\Users\Ole\Documents\cc_20120811_033845.reg not found. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Chris Gohl\Desktop\cmd.bat deleted successfully. C:\Users\Chris Gohl\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator User: All Users User: Chris Gohl ->Temp folder emptied: 421751 bytes ->Temporary Internet Files folder emptied: 255013 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 14190243 bytes ->Flash cache emptied: 5975 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: postgres ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: tropico %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 14,00 mb [EMPTYFLASH] User: Administrator User: All Users User: Chris Gohl ->Flash cache emptied: 0 bytes User: Default User: Default User User: postgres User: Public User: tropico Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.57.0 log created on 08122012_102508 Files\Folders moved on Reboot... File move failed. E:\AutoRun.exe scheduled to be moved on reboot. C:\Users\Chris Gohl\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... [2012.02.23 19:07:18 | 001,594,696 | R--- | M] () E:\AutoRun.exe : MD5=A4E3E2B0A1FE1F89CB8CE918FC60EDD8 File C:\Users\Chris Gohl\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! Registry entries deleted on Reboot... # AdwCleaner v1.800 - Logfile created 08/12/2012 at 14:29:59 # Updated 01/08/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Chris Gohl - CHRISGOHLPC # Running from : C:\Users\Chris Gohl\Desktop\virenbekaepmfung\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\Chris Gohl\AppData\Local\Babylon Folder Found : C:\Users\Chris Gohl\AppData\Roaming\Babylon Folder Found : C:\Users\Chris Gohl\AppData\Roaming\Mozilla\Firefox\Profiles\a5qv1086.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} Folder Found : C:\ProgramData\Babylon Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly Folder Found : C:\Program Files (x86)\DealPly Folder Found : C:\Program Files (x86)\vShare.tv plugin File Found : C:\Users\Chris Gohl\AppData\Roaming\Mozilla\Firefox\Profiles\a5qv1086.default\searchplugins\Startsear.xml File Found : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml ***** [Registry] ***** Key Found : HKCU\Software\Ask.com.tmp Key Found : HKCU\Software\BabylonToolbar Key Found : HKCU\Software\DealPly Key Found : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje Key Found : HKCU\Software\StartSearch Key Found : HKLM\SOFTWARE\Babylon Key Found : HKLM\SOFTWARE\BabylonToolbar Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Found : HKLM\SOFTWARE\Classes\b Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1 Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1 Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1 Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1 Key Found : HKLM\SOFTWARE\DealPly Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly [x64] Key Found : HKCU\Software\Ask.com.tmp [x64] Key Found : HKCU\Software\BabylonToolbar [x64] Key Found : HKCU\Software\DealPly [x64] Key Found : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje [x64] Key Found : HKCU\Software\StartSearch [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE [x64] Key Found : HKLM\SOFTWARE\Classes\b [x64] Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd [x64] Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1 [x64] Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore [x64] Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1 [x64] Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane [x64] Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 [x64] Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1 [x64] Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc [x64] Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1 ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370} Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}] [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} [x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?AF=109958&babsrc=HP_ss&mntrId=e01c78920000000000008c89a52cbb65 -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\Chris Gohl\AppData\Roaming\Mozilla\Firefox\Profiles\a5qv1086.default\prefs.js Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Found : user_pref("browser.search.defaultengine", "Web Search"); Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); Found : user_pref("browser.search.order.1", "Search the web (Babylon)"); Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Found : user_pref("extensions.BabylonToolbar_i.babExt", ""); Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109958"); Found : user_pref("extensions.BabylonToolbar_i.hardId", "e01c78920000000000008c89a52cbb65"); Found : user_pref("extensions.BabylonToolbar_i.id", "e01c78920000000000008c89a52cbb65"); Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15460"); Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Found : user_pref("extensions.BabylonToolbar_i.newTab", true); Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=100478&babsrc=NT_s[...] Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1717:18:57"); Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); ************************* AdwCleaner[R1].txt - [14390 octets] - [12/08/2012 14:29:59] ########## EOF - C:\AdwCleaner[R1].txt - [14519 octets] ########## |
|
13.08.2012, 15:55
| #2 |
| /// Helfer-Team  | online cyber police trojaner soweit entfernt. Warum fuehrst du Fixes aus die nicht fuer deinen PC sind? Willst du dein Windows schrotten? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.2. Schritt Systemscan mit OTL (bebilderte Anleitung)
__________________ |
|
14.08.2012, 18:22
| #3 |
| | online cyber police trojaner soweit entfernt. Hallo,
__________________vielen Dank für die Anwort. Leider bin Ich in dem Thema nicht so fit. Habe das mit den Fixes, das es für jeden PC anders ist zu spät gelesen. Hier mein Malwarebytes Bericht. Besten Dank! Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.14.04 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Chris Gohl :: CHRISGOHLPC [Administrator] Schutz: Deaktiviert 14.08.2012 18:46:57 mbam-log-2012-08-14 (19-17-10).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 398104 Laufzeit: 29 Minute(n), 40 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 3 HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt. Infizierte Dateien: 8 C:\Program Files (x86)\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\terms.lnk.url (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\updater.ini (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. (Ende) Hier mein OTL BerichtOTL Logfile: Code:
ATTFilter OTL logfile created on: 14.08.2012 19:26:47 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Chris Gohl\Desktop\virenbekaepmfung 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 58,21% Memory free 7,49 Gb Paging File | 5,46 Gb Available in Paging File | 72,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,75 Gb Total Space | 389,92 Gb Free Space | 83,72% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 465,65 Gb Free Space | 99,98% Space Free | Partition Type: NTFS Drive E: | 867,26 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: CHRISGOHLPC | User Name: Chris Gohl | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Chris Gohl\Desktop\virenbekaepmfung\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Users\Chris Gohl\AppData\Roaming\BrowserCompanion\tbhcn.exe () PRC - C:\Users\Chris Gohl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group) PRC - C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Users\Chris Gohl\AppData\Roaming\BrowserCompanion\tbhcn.exe () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (pgsql-8.3) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (tixhci) -- C:\Windows\SysNative\drivers\tixhci.sys (Texas Instruments Incorporated) DRV:64bit: - (tihub3) -- C:\Windows\SysNative\drivers\tihub3.sys (Texas Instruments Incorporated) DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (mv91cons) -- C:\Windows\SysNative\drivers\mv91cons.sys (Marvell Semiconductor Inc.) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (VUSB3HUB) -- C:\Windows\SysNative\drivers\ViaHub3.sys (VIA Technologies, Inc.) DRV:64bit: - (xhcdrv) -- C:\Windows\SysNative\drivers\xhcdrv.sys (VIA Technologies, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices) DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices) DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.) DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.) DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc) DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc) DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc) DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.) DRV:64bit: - (FLxHCIc) -- C:\Windows\SysNative\drivers\FLxHCIc.sys (Fresco Logic) DRV:64bit: - (FLxHCIh) -- C:\Windows\SysNative\drivers\FLxHCIh.sys (Fresco Logic) DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\drivers\SiWinAcc.sys (Silicon Image, Inc.) DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\drivers\SiRemFil.sys (Silicon Image, Inc.) DRV:64bit: - (Si3124r5) -- C:\Windows\SysNative\drivers\Si3124r5.sys (Silicon Image, Inc) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (adp3132) -- C:\Windows\SysNative\drivers\adp3132.sys (Adaptec, Inc.) DRV:64bit: - (nvamacpi) -- C:\Windows\SysNative\drivers\nvamacpi.sys (NVIDIA Corporation) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (MtsHID) -- C:\Windows\SysNative\drivers\MtsHID.sys (TechniSat Provide) DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (PciIsaSerial) -- C:\Windows\SysNative\drivers\PciIsaSerial.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (PciPPorts) -- C:\Windows\SysNative\drivers\PciPPorts.sys () DRV:64bit: - (PciSPorts) -- C:\Windows\SysNative\drivers\PciSPorts.sys () DRV:64bit: - (SPorts) -- C:\Windows\SysNative\drivers\SPorts.sys () DRV:64bit: - (PPorts) -- C:\Windows\SysNative\drivers\PPorts.sys () DRV:64bit: - (ISASerial) -- C:\Windows\SysNative\drivers\ISASerial.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (amdide64) -- C:\Windows\SysNative\drivers\amdide64.sys (Advanced Micro Devices) DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{C0803229-B341-47BE-A6C0-04A9AA6F4BED}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2305627889-194127990-4041925611-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchplusnetwork.com/?sp=vit4 IE - HKU\S-1-5-21-2305627889-194127990-4041925611-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2305627889-194127990-4041925611-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2305627889-194127990-4041925611-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 83 09 C0 B5 77 CC 01 [binary data] IE - HKU\S-1-5-21-2305627889-194127990-4041925611-1000\..\SearchScopes,DefaultScope = {4327FABE-3C22-4689-8DBF-D226CF777FE9} IE - HKU\S-1-5-21-2305627889-194127990-4041925611-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms} IE - HKU\S-1-5-21-2305627889-194127990-4041925611-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109958&babsrc=SP_ss&mntrId=e01c78920000000000008c89a52cbb65 IE - HKU\S-1-5-21-2305627889-194127990-4041925611-1000\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms} IE - HKU\S-1-5-21-2305627889-194127990-4041925611-1000\..\SearchScopes\{FEEF2A39-2E1A-4467-874A-7D86993F273B}: "URL" = hxxp://search.softonic.com/INF1205T01/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=867 IE - HKU\S-1-5-21-2305627889-194127990-4041925611-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.softonic.com/?q=" FF - prefs.js..keyword.URL: "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=2&cc=&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Chris Gohl\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 19:51:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.22 12:08:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.17 15:08:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.09.23 21:14:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris Gohl\AppData\Roaming\mozilla\Extensions [2012.08.12 15:00:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris Gohl\AppData\Roaming\mozilla\Firefox\Profiles\a5qv1086.default\extensions [2011.12.06 21:43:31 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Chris Gohl\AppData\Roaming\mozilla\Firefox\Profiles\a5qv1086.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2012.08.12 14:58:42 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Chris Gohl\AppData\Roaming\mozilla\Firefox\Profiles\a5qv1086.default\extensions\bbrs_002@blabbers.com [2012.08.12 15:00:19 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\Chris Gohl\AppData\Roaming\mozilla\Firefox\Profiles\a5qv1086.default\extensions\ffxtlbra@softonic.com [2012.03.20 17:04:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.19 19:51:35 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.17 23:39:48 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.08.31 12:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll [2012.06.08 21:20:58 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.30 17:18:53 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.06.08 21:20:58 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.08 21:20:58 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.08 21:20:58 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.08 21:20:58 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.08 21:20:58 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\bh\Softonic.dll (Softonic.com) O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll (Softonic.com) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll File not found O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2305627889-194127990-4041925611-1000..\Run: [liadkdmducpgfww] C:\ProgramData\liadkdmd.exe File not found O4 - HKU\S-1-5-21-2305627889-194127990-4041925611-1011..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2305627889-194127990-4041925611-1011..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Chris Gohl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Chris Gohl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Chris Gohl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk = C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) O4 - Startup: C:\Users\Chris Gohl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Chris Gohl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\Chris Gohl\AppData\Roaming\BrowserCompanion\tbhcn.exe () O7 - HKU\S-1-5-21-2305627889-194127990-4041925611-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F31A98F-5FDB-4B2D-A81F-AF65F830461D}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.02.23 19:07:18 | 001,594,696 | R--- | M] () - E:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2012.02.23 18:51:58 | 000,000,080 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{74005528-e2ed-11e0-b886-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{74005528-e2ed-11e0-b886-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2012.02.23 19:07:18 | 001,594,696 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.13 21:28:36 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Chris Gohl\Desktop\mbam-setup-1.62.0.1300.exe [2012.08.12 14:58:42 | 000,000,000 | ---D | C] -- C:\Users\Chris Gohl\AppData\Local\Messenger_Plus_Live [2012.08.12 14:58:42 | 000,000,000 | ---D | C] -- C:\Users\Chris Gohl\AppData\Roaming\BrowserCompanion [2012.08.12 14:56:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Softonic [2012.08.12 13:16:17 | 000,000,000 | ---D | C] -- C:\Users\Chris Gohl\Desktop\virenbekaepmfung [2012.08.12 09:50:20 | 000,000,000 | ---D | C] -- C:\Users\Chris Gohl\AppData\Roaming\Malwarebytes [2012.08.12 09:50:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.12 09:50:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.12 09:50:11 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.12 09:50:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.12 09:35:11 | 000,000,000 | ---D | C] -- C:\_OTL [2012.08.12 01:03:16 | 000,000,000 | ---D | C] -- C:\Users\Chris Gohl\AppData\Roaming\Unity [2012.08.11 08:13:12 | 000,000,000 | ---D | C] -- C:\ProgramData\wfebcskpubwjsyn [2012.08.09 09:13:00 | 000,000,000 | ---D | C] -- C:\Users\Chris Gohl\AppData\Local\Macromedia [2012.08.09 09:12:09 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.08 18:00:40 | 000,000,000 | ---D | C] -- C:\Users\Chris Gohl\AppData\Roaming\Party [2012.08.05 21:27:02 | 000,000,000 | ---D | C] -- C:\Users\Chris Gohl\AppData\Roaming\Mozilla-Cache [2012.08.05 21:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PartyPoker [2012.08.05 21:25:45 | 000,000,000 | ---D | C] -- C:\Programs [2012.08.05 02:30:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.07.26 18:39:22 | 000,000,000 | ---D | C] -- C:\Users\Chris Gohl\Desktop\drucken [2012.07.19 17:01:55 | 000,000,000 | ---D | C] -- C:\Users\Chris Gohl\AppData\Local\PokerStars.EU ========== Files - Modified Within 30 Days ========== [2012.08.14 19:26:42 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.14 19:26:42 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.14 19:18:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.14 19:18:43 | 3018,448,896 | -HS- | M] () -- C:\hiberfil.sys [2012.08.13 21:28:49 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Chris Gohl\Desktop\mbam-setup-1.62.0.1300.exe [2012.08.13 10:08:51 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.13 10:08:51 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.13 10:08:51 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.13 10:08:51 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.13 10:08:51 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.12 14:58:42 | 000,002,140 | ---- | M] () -- C:\Users\Chris Gohl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk [2012.08.12 14:58:34 | 000,071,815 | ---- | M] () -- C:\Users\Chris Gohl\Desktop\klwk[1].zip [2012.08.12 14:56:44 | 000,000,407 | ---- | M] () -- C:\user.js [2012.08.12 14:56:34 | 000,071,815 | ---- | M] () -- C:\Users\Chris Gohl\Desktop\klwk.zip [2012.08.11 08:13:12 | 000,000,051 | ---- | M] () -- C:\ProgramData\vryyzpmkislijnf [2012.08.09 10:11:28 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.09 10:11:28 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.06 20:47:04 | 102,539,892 | ---- | M] () -- C:\Users\Chris Gohl\Desktop\E-PUNk@CLIMAX 19.07.2012.mp3 [2012.08.05 21:26:30 | 000,001,695 | ---- | M] () -- C:\Users\Chris Gohl\Desktop\PartyPoker.lnk [2012.08.03 00:43:42 | 000,073,014 | ---- | M] () -- C:\Users\Chris Gohl\Desktop\wallpaper_3.jpg [2012.07.21 13:55:12 | 000,014,414 | ---- | M] () -- C:\Users\Chris Gohl\Desktop\passwörter.odt [2012.07.16 18:15:43 | 000,100,939 | ---- | M] () -- C:\Users\Chris Gohl\Desktop\hiphop.jpg ========== Files Created - No Company Name ========== [2012.08.12 14:58:42 | 000,002,140 | ---- | C] () -- C:\Users\Chris Gohl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk [2012.08.12 14:58:33 | 000,071,815 | ---- | C] () -- C:\Users\Chris Gohl\Desktop\klwk[1].zip [2012.08.12 14:56:33 | 000,071,815 | ---- | C] () -- C:\Users\Chris Gohl\Desktop\klwk.zip [2012.08.11 08:13:07 | 000,000,051 | ---- | C] () -- C:\ProgramData\vryyzpmkislijnf [2012.08.06 20:44:48 | 102,539,892 | ---- | C] () -- C:\Users\Chris Gohl\Desktop\E-PUNk@CLIMAX 19.07.2012.mp3 [2012.08.05 21:26:30 | 000,001,695 | ---- | C] () -- C:\Users\Chris Gohl\Desktop\PartyPoker.lnk [2012.08.03 00:43:40 | 000,073,014 | ---- | C] () -- C:\Users\Chris Gohl\Desktop\wallpaper_3.jpg [2012.07.16 18:15:42 | 000,100,939 | ---- | C] () -- C:\Users\Chris Gohl\Desktop\hiphop.jpg [2012.07.04 17:56:58 | 001,590,370 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.07.03 18:29:24 | 000,004,877 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf [2011.12.06 04:35:10 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2011.12.06 04:35:10 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.12.05 23:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.23 21:28:36 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.09.23 21:28:35 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011.09.23 21:28:34 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.09.23 21:28:34 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.09.23 21:28:34 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.09.19 20:32:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.19 20:02:16 | 001,447,398 | ---- | C] () -- C:\Windows\Restaurant Empire II Uninstaller.exe [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== LOP Check ========== [2011.12.06 21:43:26 | 000,000,000 | ---D | M] -- C:\Users\Chris Gohl\AppData\Roaming\Babylon [2012.08.14 19:29:07 | 000,000,000 | ---D | M] -- C:\Users\Chris Gohl\AppData\Roaming\BrowserCompanion [2012.08.14 19:19:20 | 000,000,000 | ---D | M] -- C:\Users\Chris Gohl\AppData\Roaming\Dropbox [2011.11.27 02:50:52 | 000,000,000 | ---D | M] -- C:\Users\Chris Gohl\AppData\Roaming\Kalypso Media [2012.06.18 00:22:30 | 000,000,000 | ---D | M] -- C:\Users\Chris Gohl\AppData\Roaming\Microgaming [2011.11.27 03:12:17 | 000,000,000 | ---D | M] -- C:\Users\Chris Gohl\AppData\Roaming\OpenOffice.org [2012.06.13 14:32:20 | 000,000,000 | ---D | M] -- C:\Users\Chris Gohl\AppData\Roaming\PacificPoker [2012.08.08 18:00:40 | 000,000,000 | ---D | M] -- C:\Users\Chris Gohl\AppData\Roaming\Party [2011.09.23 21:40:04 | 000,000,000 | ---D | M] -- C:\Users\Chris Gohl\AppData\Roaming\Thunderbird [2012.08.13 17:19:31 | 000,000,000 | ---D | M] -- C:\Users\Chris Gohl\AppData\Roaming\Tropico 4 [2012.08.12 01:03:16 | 000,000,000 | ---D | M] -- C:\Users\Chris Gohl\AppData\Roaming\Unity [2012.06.16 15:01:19 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
|
14.08.2012, 19:14
| #4 |
| /// Helfer-Team | online cyber police trojaner soweit entfernt. Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
MOD - C:\Users\Chris Gohl\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{C0803229-B341-47BE-A6C0-04A9AA6F4BED}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2305627889-194127990-4041925611-1000\..\SearchScopes,DefaultScope = {4327FABE-3C22-4689-8DBF-D226CF777FE9}
IE - HKU\S-1-5-21-2305627889-194127990-4041925611-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/?aff=1&q={searchTerms}
IE - HKU\S-1-5-21-2305627889-194127990-4041925611-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109958&babsrc=SP_ss&mntrId=e01c78920000000000008c89a52cbb65
IE - HKU\S-1-5-21-2305627889-194127990-4041925611-1000\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = http://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
IE - HKU\S-1-5-21-2305627889-194127990-4041925611-1000\..\SearchScopes\{FEEF2A39-2E1A-4467-874A-7D86993F273B}: "URL" = http://search.softonic.com/INF1205T01/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=867
IE - HKU\S-1-5-21-2305627889-194127990-4041925611-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.softonic.com/?q="
FF - prefs.js..keyword.URL: "http://search.softonic.com/INF1205T01/tb_v1?SearchSource=2&cc=&q="
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\bh\Softonic.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll File not found
O4 - HKU\S-1-5-21-2305627889-194127990-4041925611-1000..\Run: [liadkdmducpgfww] C:\ProgramData\liadkdmd.exe File not found
O4 - HKU\S-1-5-21-2305627889-194127990-4041925611-1011..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Chris Gohl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\Chris Gohl\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
O7 - HKU\S-1-5-21-2305627889-194127990-4041925611-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.02.23 19:07:18 | 001,594,696 | R--- | M] () - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2012.02.23 18:51:58 | 000,000,080 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{74005528-e2ed-11e0-b886-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{74005528-e2ed-11e0-b886-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2012.02.23 19:07:18 | 001,594,696 | R--- | M] ()
[2012.08.11 08:13:12 | 000,000,000 | ---D | C] -- C:\ProgramData\wfebcskpubwjsyn
[2012.08.12 14:58:42 | 000,002,140 | ---- | M] () -- C:\Users\Chris Gohl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk
[2012.08.11 08:13:12 | 000,000,051 | ---- | M] () -- C:\ProgramData\vryyzpmkislijnf
[2012.08.12 14:58:42 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Chris Gohl\AppData\Roaming\mozilla\Firefox\Profiles\a5qv1086.default\extensions\bbrs_002@blabbers.com
[2012.08.12 14:58:42 | 000,000,000 | ---D | C] -- C:\Users\Chris Gohl\AppData\Local\Messenger_Plus_Live
[2012.08.12 14:58:42 | 000,000,000 | ---D | C] -- C:\Users\Chris Gohl\AppData\Roaming\BrowserCompanion
[2011.12.06 21:43:26 | 000,000,000 | ---D | M] -- C:\Users\Chris Gohl\AppData\Roaming\Babylon
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
|
15.08.2012, 12:52
| #5 |
| | online cyber police trojaner soweit entfernt. ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0803229-B341-47BE-A6C0-04A9AA6F4BED}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C0803229-B341-47BE-A6C0-04A9AA6F4BED}\ not found. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKEY_USERS\S-1-5-21-2305627889-194127990-4041925611-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-2305627889-194127990-4041925611-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_USERS\S-1-5-21-2305627889-194127990-4041925611-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_USERS\S-1-5-21-2305627889-194127990-4041925611-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4327FABE-3C22-4689-8DBF-D226CF777FE9}\ not found. Registry key HKEY_USERS\S-1-5-21-2305627889-194127990-4041925611-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FEEF2A39-2E1A-4467-874A-7D86993F273B}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEEF2A39-2E1A-4467-874A-7D86993F273B}\ not found. HKU\S-1-5-21-2305627889-194127990-4041925611-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! Prefs.js: "Web Search" removed from browser.search.defaultengine Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1 Prefs.js: true removed from browser.search.useDBForOrder Prefs.js: "hxxp://search.softonic.com/?q=" removed from browser.startup.homepage Prefs.js: "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=2&cc=&q=" removed from keyword.URL Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}\ not found. File C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\bh\Softonic.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}\ not found. File C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found. Registry value HKEY_USERS\S-1-5-21-2305627889-194127990-4041925611-1000\Software\Microsoft\Windows\CurrentVersion\Run\\liadkdmducpgfww not found. Registry key HKEY_USERS\S-1-5-21-2305627889-194127990-4041925611-1011\Software\Microsoft\Windows\CurrentVersion\RunOnce not found. File move failed. C:\Users\Chris Gohl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk scheduled to be moved on reboot. File C:\Users\Chris Gohl\AppData\Roaming\BrowserCompanion\tbhcn.exe not found. Registry value HKEY_USERS\S-1-5-21-2305627889-194127990-4041925611-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! File move failed. E:\AutoRun.exe scheduled to be moved on reboot. File move failed. E:\autorun.inf scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74005528-e2ed-11e0-b886-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74005528-e2ed-11e0-b886-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74005528-e2ed-11e0-b886-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74005528-e2ed-11e0-b886-806e6f6e6963}\ not found. File move failed. E:\AutoRun.exe scheduled to be moved on reboot. C:\ProgramData\wfebcskpubwjsyn folder moved successfully. File C:\Users\Chris Gohl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk not found. C:\ProgramData\vryyzpmkislijnf moved successfully. C:\Users\Chris Gohl\AppData\Roaming\mozilla\Firefox\Profiles\a5qv1086.default\extensions\bbrs_002@blabbers.com\components folder moved successfully. C:\Users\Chris Gohl\AppData\Roaming\mozilla\Firefox\Profiles\a5qv1086.default\extensions\bbrs_002@blabbers.com\chrome\content\cache folder moved successfully. C:\Users\Chris Gohl\AppData\Roaming\mozilla\Firefox\Profiles\a5qv1086.default\extensions\bbrs_002@blabbers.com\chrome\content folder moved successfully. C:\Users\Chris Gohl\AppData\Roaming\mozilla\Firefox\Profiles\a5qv1086.default\extensions\bbrs_002@blabbers.com\chrome folder moved successfully. C:\Users\Chris Gohl\AppData\Roaming\mozilla\Firefox\Profiles\a5qv1086.default\extensions\bbrs_002@blabbers.com folder moved successfully. C:\Users\Chris Gohl\AppData\Local\Messenger_Plus_Live\CacheIcons folder moved successfully. C:\Users\Chris Gohl\AppData\Local\Messenger_Plus_Live folder moved successfully. C:\Users\Chris Gohl\AppData\Roaming\BrowserCompanion folder moved successfully. C:\Users\Chris Gohl\AppData\Roaming\Babylon folder moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Chris Gohl\Desktop\virenbekaepmfung\cmd.bat deleted successfully. C:\Users\Chris Gohl\Desktop\virenbekaepmfung\cmd.txt deleted successfully. OTL by OldTimer - Version 3.2.57.0 log created on 08152012_134914 Files\Folders moved on Reboot... File\Folder C:\Users\Chris Gohl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk not found! File move failed. E:\AutoRun.exe scheduled to be moved on reboot. File move failed. E:\autorun.inf scheduled to be moved on reboot. PendingFileRenameOperations files... File C:\Users\Chris Gohl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk not found! [2012.02.23 19:07:18 | 001,594,696 | R--- | M] () E:\AutoRun.exe : MD5=A4E3E2B0A1FE1F89CB8CE918FC60EDD8 [2012.02.23 18:51:58 | 000,000,080 | R--- | M] () E:\autorun.inf : MD5=1BC651E3291E1EFE1540052ED95ADD7E Registry entries deleted on Reboot... |
|
15.08.2012, 14:42
| #6 |
| /// Helfer-Team | online cyber police trojaner soweit entfernt. Sehr gut!  Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> online cyber police trojaner soweit entfernt. |
|
16.08.2012, 14:06
| #7 |
| | online cyber police trojaner soweit entfernt. läuft vielen dank!Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.16.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Chris Gohl :: CHRISGOHLPC [Administrator] Schutz: Aktiviert 16.08.2012 13:52:51 mbam-log-2012-08-16 (13-52-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 407640 Laufzeit: 1 Stunde(n), 10 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) # AdwCleaner v1.800 - Logfile created 08/16/2012 at 15:08:16 # Updated 01/08/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Chris Gohl - CHRISGOHLPC # Running from : C:\Users\Chris Gohl\Desktop\virenbekaepmfung\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\Chris Gohl\AppData\Local\Babylon Folder Found : C:\Users\Chris Gohl\AppData\LocalLow\bbrs_002.tb Folder Found : C:\Users\Chris Gohl\AppData\LocalLow\Softonic Folder Found : C:\Users\Chris Gohl\AppData\Roaming\Mozilla\Firefox\Profiles\a5qv1086.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} Folder Found : C:\ProgramData\Babylon Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly Folder Found : C:\Program Files (x86)\DealPly Folder Found : C:\Program Files (x86)\Softonic Folder Found : C:\Program Files (x86)\vShare.tv plugin File Found : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml ***** [Registry] ***** Key Found : HKCU\Software\BabylonToolbar Key Found : HKCU\Software\DealPly Key Found : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje Key Found : HKCU\Software\Softonic Key Found : HKCU\Software\StartSearch Key Found : HKLM\SOFTWARE\Babylon Key Found : HKLM\SOFTWARE\BabylonToolbar Key Found : HKLM\SOFTWARE\BrowserCompanion Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL Key Found : HKLM\SOFTWARE\Classes\b Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1 Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1 Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1 Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1 Key Found : HKLM\SOFTWARE\Classes\S Key Found : HKLM\SOFTWARE\Classes\Softonic.dskBnd Key Found : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1 Key Found : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr Key Found : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1 Key Found : HKLM\SOFTWARE\Classes\SoftonicApp.appCore Key Found : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1 Key Found : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc Key Found : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1 Key Found : HKLM\SOFTWARE\DealPly Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly [x64] Key Found : HKCU\Software\BabylonToolbar [x64] Key Found : HKCU\Software\DealPly [x64] Key Found : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje [x64] Key Found : HKCU\Software\Softonic [x64] Key Found : HKCU\Software\StartSearch [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\b [x64] Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd [x64] Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1 [x64] Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore [x64] Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1 [x64] Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane [x64] Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 [x64] Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1 [x64] Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc [x64] Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1 [x64] Key Found : HKLM\SOFTWARE\Classes\S [x64] Key Found : HKLM\SOFTWARE\Classes\Softonic.dskBnd [x64] Key Found : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1 [x64] Key Found : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr [x64] Key Found : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1 [x64] Key Found : HKLM\SOFTWARE\Classes\SoftonicApp.appCore [x64] Key Found : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1 [x64] Key Found : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc [x64] Key Found : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1 ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F} Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Found : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C} Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Found : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565} Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2} Key Found : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370} Key Found : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496} Key Found : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79} Key Found : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE} Key Found : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D} Key Found : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6} Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Key Found : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6} Key Found : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A} Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Key Found : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9} Key Found : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F} Key Found : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492} Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Key Found : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06} Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Key Found : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3} Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Key Found : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA} Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Key Found : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94} Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchplusnetwork.com/?sp=vit4 [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=15&cc= -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\Chris Gohl\AppData\Roaming\Mozilla\Firefox\Profiles\a5qv1086.default\prefs.js Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Found : user_pref("extensions.BabylonToolbar_i.babExt", ""); Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109958"); Found : user_pref("extensions.BabylonToolbar_i.hardId", "e01c78920000000000008c89a52cbb65"); Found : user_pref("extensions.BabylonToolbar_i.id", "e01c78920000000000008c89a52cbb65"); Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15460"); Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Found : user_pref("extensions.BabylonToolbar_i.newTab", true); Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=100478&babsrc=NT_s[...] Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1717:18:57"); Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Found : user_pref("extensions.Softonic.admin", false); Found : user_pref("extensions.Softonic.aflt", "SD"); Found : user_pref("extensions.Softonic.autoRvrt", "false"); Found : user_pref("extensions.Softonic.cntry", "DE"); Found : user_pref("extensions.Softonic.cv", "cv5"); Found : user_pref("extensions.Softonic.dfltLng", "de"); Found : user_pref("extensions.Softonic.dfltSrch", true); Found : user_pref("extensions.Softonic.dfltlng", "de"); Found : user_pref("extensions.Softonic.dfltsrch", true); Found : user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)"); Found : user_pref("extensions.Softonic.dspOld", ""); Found : user_pref("extensions.Softonic.envrmnt", "production"); Found : user_pref("extensions.Softonic.excTlbr", false); Found : user_pref("extensions.Softonic.hdrMd5", "1D47FA81969630BEC23F88EC0CB8BC20"); Found : user_pref("extensions.Softonic.hmpg", true); Found : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=1[...] Found : user_pref("extensions.Softonic.hpNew", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=13&[...] Found : user_pref("extensions.Softonic.hpOld", ""); Found : user_pref("extensions.Softonic.hrdid", "e01c78920000000000008c89a52cbb65"); Found : user_pref("extensions.Softonic.id", "e01c78920000000000008c89a52cbb65"); Found : user_pref("extensions.Softonic.instlDay", "15564"); Found : user_pref("extensions.Softonic.instlRef", "INF1205T01"); Found : user_pref("extensions.Softonic.instlday", "15564"); Found : user_pref("extensions.Softonic.instlref", "INF1205T01"); Found : user_pref("extensions.Softonic.isdcmntcmplt", "false"); Found : user_pref("extensions.Softonic.keyWordUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSourc[...] Found : user_pref("extensions.Softonic.keywordurl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSourc[...] Found : user_pref("extensions.Softonic.lastVrsnTs", "1.6.7.414:56:44"); Found : user_pref("extensions.Softonic.mntrvrsn", "1.3.0"); Found : user_pref("extensions.Softonic.newTab", true); Found : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource[...] Found : user_pref("extensions.Softonic.newtab", true); Found : user_pref("extensions.Softonic.newtaburl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource[...] Found : user_pref("extensions.Softonic.prdct", "Softonic"); Found : user_pref("extensions.Softonic.propectorlck", 83655689); Found : user_pref("extensions.Softonic.prtkhmpg", 1); Found : user_pref("extensions.Softonic.prtnrId", "softonic"); Found : user_pref("extensions.Softonic.prtnrid", "softonic"); Found : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...] Found : user_pref("extensions.Softonic.savedVrsnTs", "1"); Found : user_pref("extensions.Softonic.sg", "tz"); Found : user_pref("extensions.Softonic.similarsitesstorage-pid2", "981a1cf3e2287e10"); Found : user_pref("extensions.Softonic.smplGrp", "none"); Found : user_pref("extensions.Softonic.smplgrp", "none"); Found : user_pref("extensions.Softonic.srch", ""); Found : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)"); Found : user_pref("extensions.Softonic.srchprvdr", "Search the web (Softonic)"); Found : user_pref("extensions.Softonic.tlbrId", "base"); Found : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSour[...] Found : user_pref("extensions.Softonic.tlbrid", "base"); Found : user_pref("extensions.Softonic.tlbrsrchurl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSour[...] Found : user_pref("extensions.Softonic.vrsn", "1.6.7.4"); Found : user_pref("extensions.Softonic.vrsnTs", "1.6.7.414:56:44"); Found : user_pref("extensions.Softonic.vrsni", "1.6.7.4"); Found : user_pref("extensions.Softonic.vrsnts", "1.6.7.414:56:44"); Found : user_pref("extensions.Softonic_i.dnsErr", true); Found : user_pref("extensions.Softonic_i.hmpg", true); Found : user_pref("extensions.Softonic_i.newTab", true); Found : user_pref("extensions.Softonic_i.smplGrp", "none"); Found : user_pref("extensions.Softonic_i.vrsnTs", "1.6.7.414:56:44"); ************************* AdwCleaner[R1].txt - [14405 octets] - [12/08/2012 14:29:59] AdwCleaner[R2].txt - [24795 octets] - [16/08/2012 01:45:05] AdwCleaner[R3].txt - [24593 octets] - [16/08/2012 15:08:16] ########## EOF - C:\AdwCleaner[R3].txt - [24722 octets] ########## |
|
17.08.2012, 01:42
| #8 |
| /// Helfer-Team | online cyber police trojaner soweit entfernt. Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
17.08.2012, 08:19
| #9 |
| | online cyber police trojaner soweit entfernt. Ich hatte mir mal alle möglichen Boni geholt von den Pokerseiten. Gibts mit denen Probleme, da kann ich einige löschen!? # AdwCleaner v1.800 - Logfile created 08/17/2012 at 08:12:16 # Updated 01/08/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Chris Gohl - CHRISGOHLPC # Running from : C:\Users\Chris Gohl\Desktop\virenbekaepmfung\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Chris Gohl\AppData\Local\Babylon Folder Deleted : C:\Users\Chris Gohl\AppData\LocalLow\bbrs_002.tb Folder Deleted : C:\Users\Chris Gohl\AppData\LocalLow\Softonic Folder Deleted : C:\Users\Chris Gohl\AppData\Roaming\Mozilla\Firefox\Profiles\a5qv1086.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly Folder Deleted : C:\Program Files (x86)\DealPly Folder Deleted : C:\Program Files (x86)\Softonic Folder Deleted : C:\Program Files (x86)\vShare.tv plugin File Deleted : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml ***** [Registry] ***** Key Deleted : HKCU\Software\BabylonToolbar Key Deleted : HKCU\Software\DealPly Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\StartSearch Key Deleted : HKLM\SOFTWARE\Babylon Key Deleted : HKLM\SOFTWARE\BabylonToolbar Key Deleted : HKLM\SOFTWARE\BrowserCompanion Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL Key Deleted : HKLM\SOFTWARE\Classes\b Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1 Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1 Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1 Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1 Key Deleted : HKLM\SOFTWARE\Classes\S Key Deleted : HKLM\SOFTWARE\Classes\Softonic.dskBnd Key Deleted : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1 Key Deleted : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr Key Deleted : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1 Key Deleted : HKLM\SOFTWARE\Classes\SoftonicApp.appCore Key Deleted : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1 Key Deleted : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc Key Deleted : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1 Key Deleted : HKLM\SOFTWARE\DealPly Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=15&cc= --> hxxp://www.google.com -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\Chris Gohl\AppData\Roaming\Mozilla\Firefox\Profiles\a5qv1086.default\prefs.js C:\Users\Chris Gohl\AppData\Roaming\Mozilla\Firefox\Profiles\a5qv1086.default\user.js ... Deleted ! Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Deleted : user_pref("extensions.BabylonToolbar_i.babExt", ""); Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109958"); Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "e01c78920000000000008c89a52cbb65"); Deleted : user_pref("extensions.BabylonToolbar_i.id", "e01c78920000000000008c89a52cbb65"); Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15460"); Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true); Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=100478&babsrc=NT_s[...] Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1717:18:57"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Deleted : user_pref("extensions.Softonic.admin", false); Deleted : user_pref("extensions.Softonic.aflt", "SD"); Deleted : user_pref("extensions.Softonic.autoRvrt", "false"); Deleted : user_pref("extensions.Softonic.cntry", "DE"); Deleted : user_pref("extensions.Softonic.cv", "cv5"); Deleted : user_pref("extensions.Softonic.dfltLng", "de"); Deleted : user_pref("extensions.Softonic.dfltSrch", true); Deleted : user_pref("extensions.Softonic.dfltlng", "de"); Deleted : user_pref("extensions.Softonic.dfltsrch", true); Deleted : user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)"); Deleted : user_pref("extensions.Softonic.dspOld", ""); Deleted : user_pref("extensions.Softonic.envrmnt", "production"); Deleted : user_pref("extensions.Softonic.excTlbr", false); Deleted : user_pref("extensions.Softonic.hdrMd5", "1D47FA81969630BEC23F88EC0CB8BC20"); Deleted : user_pref("extensions.Softonic.hmpg", true); Deleted : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=1[...] Deleted : user_pref("extensions.Softonic.hpNew", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=13&[...] Deleted : user_pref("extensions.Softonic.hpOld", ""); Deleted : user_pref("extensions.Softonic.hrdid", "e01c78920000000000008c89a52cbb65"); Deleted : user_pref("extensions.Softonic.id", "e01c78920000000000008c89a52cbb65"); Deleted : user_pref("extensions.Softonic.instlDay", "15564"); Deleted : user_pref("extensions.Softonic.instlRef", "INF1205T01"); Deleted : user_pref("extensions.Softonic.instlday", "15564"); Deleted : user_pref("extensions.Softonic.instlref", "INF1205T01"); Deleted : user_pref("extensions.Softonic.isdcmntcmplt", "false"); Deleted : user_pref("extensions.Softonic.keyWordUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSourc[...] Deleted : user_pref("extensions.Softonic.keywordurl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSourc[...] Deleted : user_pref("extensions.Softonic.lastVrsnTs", "1.6.7.414:56:44"); Deleted : user_pref("extensions.Softonic.mntrvrsn", "1.3.0"); Deleted : user_pref("extensions.Softonic.newTab", true); Deleted : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource[...] Deleted : user_pref("extensions.Softonic.newtab", true); Deleted : user_pref("extensions.Softonic.newtaburl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource[...] Deleted : user_pref("extensions.Softonic.prdct", "Softonic"); Deleted : user_pref("extensions.Softonic.propectorlck", 83655689); Deleted : user_pref("extensions.Softonic.prtkhmpg", 1); Deleted : user_pref("extensions.Softonic.prtnrId", "softonic"); Deleted : user_pref("extensions.Softonic.prtnrid", "softonic"); Deleted : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...] Deleted : user_pref("extensions.Softonic.savedVrsnTs", "1"); Deleted : user_pref("extensions.Softonic.sg", "tz"); Deleted : user_pref("extensions.Softonic.similarsitesstorage-pid2", "981a1cf3e2287e10"); Deleted : user_pref("extensions.Softonic.smplGrp", "none"); Deleted : user_pref("extensions.Softonic.smplgrp", "none"); Deleted : user_pref("extensions.Softonic.srch", ""); Deleted : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)"); Deleted : user_pref("extensions.Softonic.srchprvdr", "Search the web (Softonic)"); Deleted : user_pref("extensions.Softonic.tlbrId", "base"); Deleted : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSour[...] Deleted : user_pref("extensions.Softonic.tlbrid", "base"); Deleted : user_pref("extensions.Softonic.tlbrsrchurl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSour[...] Deleted : user_pref("extensions.Softonic.vrsn", "1.6.7.4"); Deleted : user_pref("extensions.Softonic.vrsnTs", "1.6.7.414:56:44"); Deleted : user_pref("extensions.Softonic.vrsni", "1.6.7.4"); Deleted : user_pref("extensions.Softonic.vrsnts", "1.6.7.414:56:44"); Deleted : user_pref("extensions.Softonic_i.dnsErr", true); Deleted : user_pref("extensions.Softonic_i.hmpg", true); Deleted : user_pref("extensions.Softonic_i.newTab", true); Deleted : user_pref("extensions.Softonic_i.smplGrp", "none"); Deleted : user_pref("extensions.Softonic_i.vrsnTs", "1.6.7.414:56:44"); ************************* AdwCleaner[R1].txt - [14405 octets] - [12/08/2012 14:29:59] AdwCleaner[R2].txt - [24795 octets] - [16/08/2012 01:45:05] AdwCleaner[R3].txt - [24532 octets] - [16/08/2012 15:08:16] AdwCleaner[S1].txt - [18980 octets] - [17/08/2012 08:12:16] ########## EOF - C:\AdwCleaner[S1].txt - [19109 octets] ########## Emsisoft Anti-Malware - Version 6.6 Letztes Update: 17.08.2012 08:22:56 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\ Archiv Scan: An ADS Scan: An Scan Beginn: 17.08.2012 08:23:05 c:\program files (x86)\gamespy arcade gefunden: Trace.File.gamespy arcade!E1 c:\program files (x86)\pacificpoker gefunden: Trace.File.pacific poker!E1 c:\poker\titan poker gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\lobby\buttons gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\lobby\dialogs gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\blackjack gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\lobby\sidegames gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\lobby\tables gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\lobby\waitinglist gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\shared gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\shared\buttons gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\shared\history gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\shared\history\cards gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\shared\html gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\shared\html\chat gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\shared\html\chat\emoticons gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\shared\sounds gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\table gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\table\topview gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\table\topview\anim gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\table\topview\buttons gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\table\topview\cards gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\table\topview\chat gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\lobby gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\lobby\login gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\table\topview\chat\chat_bottom gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\table\topview\coins gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\table\topview\dialogs gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\table\topview\history gefunden: Trace.File.titan poker!E1 c:\microgaming gefunden: Trace.File.ruby fortune casino!E1 c:\poker gefunden: Trace.File.club dice poker!E1 c:\program files (x86)\pacificpoker\ gefunden: Trace.File.pacificpoker!E1 c:\program files (x86)\everest poker\data\mp-poker\ gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\ gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\data\startup\ gefunden: Trace.File.everestpoker!E1 c:\users\chris gohl\appdata\roaming\pacificpoker\ gefunden: Trace.File.pacificpoker!E1 c:\program files (x86)\everest poker\data\shared\ gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\data\ gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\data\fonts\ gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\data\mp-lobby\ gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\data\mp-poker\background\ gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\data\shared\shared\ gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\data\shared\shared\bitmaps\ gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\data\shared\shared\sounds\ gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\data\startup\en\ gefunden: Trace.File.everestpoker!E1 c:\poker\poker 770\ gefunden: Trace.File.poker770!E1 c:\poker\poker 770\data\ gefunden: Trace.File.poker770!E1 c:\poker\poker 770\data\baccarat_ln\ gefunden: Trace.File.poker770!E1 c:\poker\poker 770\data\blackjack\ gefunden: Trace.File.poker770!E1 c:\poker\poker 770\data\blackjack_ln\ gefunden: Trace.File.poker770!E1 c:\poker\poker 770\data\lobby\ gefunden: Trace.File.poker770!E1 c:\program files (x86)\everest poker\data\startup\shared\sounds\ gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\data\startup\shared\ gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\data\startup\shared\icons\ gefunden: Trace.File.everestpoker!E1 c:\poker\poker 770\data\sicbo_ln\ gefunden: Trace.File.poker770!E1 c:\poker\poker 770\data\table\ gefunden: Trace.File.poker770!E1 c:\poker\william hill poker\ gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\ gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\poker_caribbean\ gefunden: Trace.File.williamhillpoker!E1 c:\poker\poker 770\data\shared\ gefunden: Trace.File.poker770!E1 c:\poker\william hill poker\data\roulette\ gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\roulette_ln\ gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\poker_holdem\ gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\sicbo_ln\ gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\table\ gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\baccarat_ln\ gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\blackjack\ gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\blackjack_ln\ gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\lobby\ gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\mahjong_paigow_ln\ gefunden: Trace.File.williamhillpoker!E1 c:\poker\poker 770\data\roulette_ln\ gefunden: Trace.File.poker770!E1 c:\poker\mybet poker\data\ gefunden: Trace.File.mybetpoker!E1 c:\poker\poker 770\data\mahjong_paigow_ln\ gefunden: Trace.File.poker770!E1 c:\poker\mybet poker\ gefunden: Trace.File.mybetpoker!E1 c:\poker\william hill poker\data\shared\ gefunden: Trace.File.williamhillpoker!E1 c:\poker\mybet poker\data\poker_holdem\ gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\roulette\ gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\poker_caribbean\ gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\table\ gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\lobby\ gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\lobby\dialogs\ gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\lobby\login\ gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\lobby\buttons\ gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\shared\ gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\lobby\waitinglist\ gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\lobby\sidegames\ gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\lobby\tables\ gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\blackjack\ gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\roulette\zoom\ gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\roulette\sounds\ gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\roulette\buttons\ gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\shared\options\ gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\shared\html\ gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\shared\interface\ gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\shared\5reel\ gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\shared\sounds\ gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\roulette\3d\ gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\shared\fonts\ gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\shared\9line\ gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\shared\buttons\ gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\shared\ui\ gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\shared\history\ gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\table\anim\ gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\table\chat\ gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\table\topview\ gefunden: Trace.File.mybetpoker!E1 c:\program files (x86)\gamespy arcade\install.log gefunden: Trace.File.gamespy arcade!E1 c:\program files (x86)\pacificpoker\processlist.txt gefunden: Trace.File.pacific poker!E1 c:\program files (x86)\pacificpoker\listproc.exe gefunden: Trace.File.pacific poker!E1 c:\program files (x86)\pacificpoker\install.log gefunden: Trace.File.pacific poker!E1 c:\program files (x86)\pacificpoker\pv.exe gefunden: Trace.File.pacific poker!E1 c:\users\chris gohl\appdata\roaming\microsoft\internet explorer\quick launch\partypoker.lnk gefunden: Trace.File.partypoker!E1 c:\users\chris gohl\desktop\partypoker.lnk gefunden: Trace.File.partypoker!E1 c:\users\chris gohl\appdata\roaming\microsoft\internet explorer\quick launch\titan poker.lnk gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\casino.ico gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\cactivex.dll gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\casino.exe gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\casino.hlp gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\cashier.gam gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\blackjack.gam gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\blackjack.dll gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\common.gam gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\loader.gam gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\loader.dll gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\cashier.dll gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\poker_common.gam gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\common.dll gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\poker_common.dll gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\shared\html\cashier_offline.css gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\shared\html\cashier_offline.js gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\shared\html\cashier_offline_functions.js gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\shared\html\chat\chat.html gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\shared\html\chat\colors.html gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\shared\html\chat\edit.html gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\shared\html\chat\emoticons.html gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\table\topview\chat\chat.html gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\directsounddriver.dll gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\poker_lobby.gam gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\fileinfo2.dat gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\gdigraphdriver.dll gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\fileinfo2r.dat gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\ptsetup.lang gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\poker_lobby.dll gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\ptsetup.log gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\replace.exe gefunden: Trace.File.titan poker!E1 c:\poker\titan poker\data\poker_table.dll gefunden: Trace.File.titan poker!E1 c:\program files (x86)\everest poker\gvmain.exe gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\gvnetwork.dll gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\gvsound.dll gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\init.ini gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\log.dat gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\settings.ini gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\casino.exe gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\cstart.exe gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\everest poker.exe gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\gvbase.dll gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\gvcrt.dll gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\gvgfx-dib.dll gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\gvgfx.dll gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\data\mp-lobby\shared.gvt gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\data\shared\shared\bitmaps\check.art gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\data\mp-poker\shared.gvt gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\data\shared\shared\bitmaps\chips.art gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\data\mp-poker\background\default.gvt gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\data\shared\shared\bitmaps\btn_scroll.gvt gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\data\shared\shared\sounds\button.ogg gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\data\shared\shared\sounds\carddeal.ogg gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\data\shared\shared\sounds\cardflip.ogg gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\gvmain.dll gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\data\shared\shared\sounds\chipclick.ogg gefunden: Trace.File.everestpoker!E1 c:\program files (x86)\everest poker\data\startup\en\startup_strings.txt gefunden: Trace.File.everestpoker!E1 c:\poker\poker 770\ptsetup.log gefunden: Trace.File.poker770!E1 c:\program files (x86)\everest poker\data\startup\shared\sounds\alert.ogg gefunden: Trace.File.everestpoker!E1 c:\poker\poker 770\ptsetup.lang gefunden: Trace.File.poker770!E1 c:\program files (x86)\everest poker\data\startup\shared\icons\ep.ico gefunden: Trace.File.everestpoker!E1 c:\poker\poker 770\casino.hlp gefunden: Trace.File.poker770!E1 c:\poker\poker 770\cactivex.dll gefunden: Trace.File.poker770!E1 c:\poker\poker 770\h264dec.dll gefunden: Trace.File.poker770!E1 c:\poker\poker 770\gdigraphdriver.dll gefunden: Trace.File.poker770!E1 c:\poker\poker 770\directsounddriver.dll gefunden: Trace.File.poker770!E1 c:\poker\poker 770\replace.exe gefunden: Trace.File.poker770!E1 c:\poker\poker 770\casino.ico gefunden: Trace.File.poker770!E1 c:\poker\poker 770\casino.exe gefunden: Trace.File.poker770!E1 c:\poker\poker 770\fileinfo2.dat gefunden: Trace.File.poker770!E1 c:\poker\poker 770\nvssd450.dll gefunden: Trace.File.poker770!E1 c:\poker\poker 770\fileinfo2r.dat gefunden: Trace.File.poker770!E1 c:\poker\poker 770\data\live_common.gam gefunden: Trace.File.poker770!E1 c:\poker\poker 770\data\loader.gam gefunden: Trace.File.poker770!E1 c:\poker\poker 770\data\loader.dll gefunden: Trace.File.poker770!E1 c:\poker\poker 770\data\poker_common.gam gefunden: Trace.File.poker770!E1 c:\poker\poker 770\data\poker_common.dll gefunden: Trace.File.poker770!E1 c:\poker\poker 770\data\blackjack.dll gefunden: Trace.File.poker770!E1 c:\poker\poker 770\data\poker_lobby.dll gefunden: Trace.File.poker770!E1 c:\poker\poker 770\data\poker_table.dll gefunden: Trace.File.poker770!E1 c:\poker\poker 770\data\poker_lobby.gam gefunden: Trace.File.poker770!E1 c:\poker\poker 770\data\blackjack.gam gefunden: Trace.File.poker770!E1 c:\poker\poker 770\data\cards.swf gefunden: Trace.File.poker770!E1 c:\poker\poker 770\data\blackjack_video_ln.gam gefunden: Trace.File.poker770!E1 c:\poker\poker 770\data\cashier.dll gefunden: Trace.File.poker770!E1 c:\poker\poker 770\data\blackjackln.dll gefunden: Trace.File.poker770!E1 c:\poker\poker 770\data\cashier.gam gefunden: Trace.File.poker770!E1 c:\poker\william hill poker\ptsetup.log gefunden: Trace.File.williamhillpoker!E1 c:\poker\poker 770\data\common.gam gefunden: Trace.File.poker770!E1 c:\poker\poker 770\data\live_common.dll gefunden: Trace.File.poker770!E1 c:\poker\william hill poker\replace.exe gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\casino.hlp gefunden: Trace.File.williamhillpoker!E1 c:\poker\poker 770\data\common.dll gefunden: Trace.File.poker770!E1 c:\poker\william hill poker\casino.ico gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\directsounddriver.dll gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\fileinfo2.dat gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\cactivex.dll gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\casino.exe gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\fileinfo2r.dat gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\gdigraphdriver.dll gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\nvssd450.dll gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\h264dec.dll gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\ptsetup.lang gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\blackjack_5h.gam gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\cards.swf gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\blackjack.dll gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\blackjack_video_ln.gam gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\cashier.gam gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\cashier.dll gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\common.gam gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\blackjackln.dll gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\live_common.gam gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\live_common.dll gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\loader.gam gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\loader.dll gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\poker_caribbean.gam gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\poker_common.gam gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\poker_holdem.gam gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\common.dll gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\poker_common.dll gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\pokergames.dll gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\poker_lobby.gam gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\poker_lobby.dll gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\roulette_french.gam gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\poker_table.dll gefunden: Trace.File.williamhillpoker!E1 c:\poker\william hill poker\data\roulette.dll gefunden: Trace.File.williamhillpoker!E1 c:\poker\mybet poker\fileinfo2r.dat gefunden: Trace.File.mybetpoker!E1 c:\poker\william hill poker\data\roulette_video_ln.gam gefunden: Trace.File.williamhillpoker!E1 c:\poker\mybet poker\ptsetup.lang gefunden: Trace.File.mybetpoker!E1 c:\poker\william hill poker\data\roulettepro_video_ln.gam gefunden: Trace.File.williamhillpoker!E1 c:\poker\mybet poker\ptsetup.log gefunden: Trace.File.mybetpoker!E1 c:\poker\william hill poker\data\rouletteln.dll gefunden: Trace.File.williamhillpoker!E1 c:\poker\mybet poker\gdigraphdriver.dll gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\directsounddriver.dll gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\casino.hlp gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\replace.exe gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\cactivex.dll gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\casino.ico gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\fileinfo2.dat gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\cashier.gam gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\casino.exe gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\cashier.dll gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\common.gam gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\loader.gam gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\loader.dll gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\poker_caribbean.gam gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\poker_common.gam gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\poker_holdem.gam gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\poker_common.dll gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\common.dll gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\poker_lobby.gam gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\pokergames.dll gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\roulette.dll gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\roulette_french.gam gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\blackjack.gam gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\blackjack\texture.jpg gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\poker_lobby.dll gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\poker_table.dll gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\blackjack.dll gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\lobby\back.jpg gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\lobby\div_line.png gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\lobby\ipoker.jpg gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\lobby\ipoker-alpha.jpg gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\lobby\key.png gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\lobby\loading_info.jpg gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\lobby\padlock.png gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\lobby\playtech.png gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\lobby\quickseat_back.png gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\lobby\treeview_down.bmp gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\lobby\treeview_minus.bmp gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\lobby\treeview_plus.bmp gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\lobby\treeview_right.bmp gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\lobby\asian_view_stakes_back.png gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\lobby\attributes_icons.png gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\poker_caribbean\texture.jpg gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\poker_holdem\texture.jpg gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\roulette\ball.png gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\roulette\marker.png gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\roulette\texture.jpg gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\shared\black100x100.png gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\shared\loading.png gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\shared\loading_anim.png gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\table\empty.jpg gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\table\empty-alpha.jpg gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\table\hilo_arrow.png gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\table\pin.png gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\table\player_rank.png gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\table\plnote_scroll_indicator.jpg gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\table\plnote_scrollbuttons.jpg gefunden: Trace.File.mybetpoker!E1 c:\poker\mybet poker\data\table\plnote_scrollbuttons-alpha.jpg gefunden: Trace.File.mybetpoker!E1 Key: hkey_current_user\software\cain\settings gefunden: Trace.Registry.cain!E1 Value: hkey_current_user\software\pacificpoker\poker\init --> ip gefunden: Trace.Registry.pacific poker!E1 Value: hkey_current_user\software\pacificpoker\poker\init --> reconnection_not_response gefunden: Trace.Registry.pacific poker!E1 Value: hkey_current_user\software\pacificpoker\poker\init --> reconnection_timeout gefunden: Trace.Registry.pacific poker!E1 Value: hkey_current_user\software\pacificpoker\poker\init --> serial gefunden: Trace.Registry.pacific poker!E1 Value: hkey_current_user\software\pacificpoker\poker\init --> ip1 gefunden: Trace.Registry.pacific poker!E1 Value: hkey_current_user\software\pacificpoker\poker\sdl --> curr_ver gefunden: Trace.Registry.pacific poker!E1 Value: hkey_current_user\software\pacificpoker\poker\sdl --> s_ip gefunden: Trace.Registry.pacific poker!E1 Value: hkey_current_user\software\pacificpoker\poker\init --> test_data gefunden: Trace.Registry.pacific poker!E1 Value: hkey_current_user\software\pacificpoker\poker\sdl --> upd_ver gefunden: Trace.Registry.pacific poker!E1 Value: hkey_current_user\software\pacificpoker\poker\sdl --> upg_date gefunden: Trace.Registry.pacific poker!E1 Value: hkey_current_user\software\pacificpoker\poker\sdl --> upd_flag gefunden: Trace.Registry.pacific poker!E1 Value: hkey_current_user\software\pacificpoker\poker\init --> mediapath gefunden: Trace.Registry.pacific poker!E1 Value: hkey_current_user\software\pokerinstaller --> url_casino_2 gefunden: Trace.Registry.pacific poker!E1 Value: hkey_current_user\software\pokerinstaller --> fullpath gefunden: Trace.Registry.pacific poker!E1 Value: hkey_current_user\software\pokerinstaller --> installer_guid gefunden: Trace.Registry.pacific poker!E1 Value: hkey_current_user\software\pacificpoker\poker\init --> reconnection_elapse gefunden: Trace.Registry.pacific poker!E1 Value: hkey_current_user\software\partygaming\partypoker --> 4 gefunden: Trace.Registry.partypoker!E1 Value: hkey_current_user\software\partygaming\partypoker --> 5 gefunden: Trace.Registry.partypoker!E1 Value: hkey_current_user\software\partygaming\partypoker --> 2 gefunden: Trace.Registry.partypoker!E1 Value: hkey_current_user\software\partygaming\partypoker --> 7 gefunden: Trace.Registry.partypoker!E1 Value: hkey_current_user\software\partygaming\partypoker --> 9 gefunden: Trace.Registry.partypoker!E1 Value: hkey_current_user\software\partygaming\partypoker --> adslastknownstate gefunden: Trace.Registry.partypoker!E1 Value: hkey_current_user\software\partygaming\partypoker --> 1 gefunden: Trace.Registry.partypoker!E1 Value: hkey_current_user\software\partygaming\partypoker --> 10 gefunden: Trace.Registry.partypoker!E1 Value: hkey_current_user\software\partygaming\partypoker --> id gefunden: Trace.Registry.partypoker!E1 Value: hkey_current_user\software\partygaming\partypoker --> initialport gefunden: Trace.Registry.partypoker!E1 Value: hkey_current_user\software\partygaming\partypoker --> sl gefunden: Trace.Registry.partypoker!E1 Value: hkey_current_user\software\partygaming\partypoker --> apppath gefunden: Trace.Registry.partypoker!E1 Value: hkey_current_user\software\partygaming\partypoker --> installstate gefunden: Trace.Registry.partypoker!E1 Value: hkey_current_user\software\partygaming --> cfdialogshown gefunden: Trace.Registry.partypoker!E1 Value: hkey_current_user\software\partygaming --> freshinstall gefunden: Trace.Registry.partypoker!E1 Value: hkey_current_user\software\partygaming\partypoker --> usecount gefunden: Trace.Registry.partypoker!E1 Value: hkey_current_user\software\partygaming\partypoker --> 6 gefunden: Trace.Registry.partypoker!E1 Value: hkey_current_user\software\partygaming\partypoker --> tabletype gefunden: Trace.Registry.partypoker!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> displayicon gefunden: Trace.Registry.partypoker!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> displayname gefunden: Trace.Registry.partypoker!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> installlocation gefunden: Trace.Registry.partypoker!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> publisher gefunden: Trace.Registry.partypoker!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> uninstallstring gefunden: Trace.Registry.partypoker!E1 Value: hkey_current_user\software\titan poker --> global_login_hint gefunden: Trace.Registry.titan poker!E1 Value: hkey_current_user\software\titan poker --> options_dealervoices gefunden: Trace.Registry.titan poker!E1 Value: hkey_current_user\software\titan poker --> options_music gefunden: Trace.Registry.titan poker!E1 Value: hkey_current_user\software\titan poker --> options_poker_avatar_num gefunden: Trace.Registry.titan poker!E1 Value: hkey_current_user\software\titan poker --> options-fullscreen gefunden: Trace.Registry.titan poker!E1 Value: hkey_current_user\software\titan poker --> options_sounds gefunden: Trace.Registry.titan poker!E1 Value: hkey_current_user\software\titan poker --> options_xlslots gefunden: Trace.Registry.titan poker!E1 Value: hkey_current_user\software\titan poker --> poker_nickname gefunden: Trace.Registry.titan poker!E1 Value: hkey_current_user\software\titan poker --> ptdevm gefunden: Trace.Registry.titan poker!E1 Value: hkey_current_user\software\titan poker --> selected_node gefunden: Trace.Registry.titan poker!E1 Value: hkey_current_user\software\titan poker --> options_poker_showsidegames gefunden: Trace.Registry.titan poker!E1 Value: hkey_current_user\software\titan poker --> username gefunden: Trace.Registry.titan poker!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\titan poker --> displayname gefunden: Trace.Registry.titan poker!E1 Value: hkey_current_user\software\titan poker --> tribeca_playernotes gefunden: Trace.Registry.titan poker!E1 Value: hkey_local_machine\software\titan poker --> account gefunden: Trace.Registry.titan poker!E1 Value: hkey_local_machine\software\titan poker --> advertisercode gefunden: Trace.Registry.titan poker!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\titan poker --> uninstallstring gefunden: Trace.Registry.titan poker!E1 Value: hkey_local_machine\software\titan poker --> creferer gefunden: Trace.Registry.titan poker!E1 Value: hkey_local_machine\software\titan poker --> homedir gefunden: Trace.Registry.titan poker!E1 Value: hkey_local_machine\software\titan poker --> banner gefunden: Trace.Registry.titan poker!E1 Value: hkey_current_user\software\titan poker --> options-volume gefunden: Trace.Registry.titan poker!E1 Value: hkey_current_user\software\titan poker --> poker_login_type gefunden: Trace.Registry.titan poker!E1 Value: hkey_local_machine\software\titan poker --> profile gefunden: Trace.Registry.titan poker!E1 Value: hkey_local_machine\software\titan poker --> referer gefunden: Trace.Registry.titan poker!E1 Value: hkey_local_machine\software\titan poker --> safemode gefunden: Trace.Registry.titan poker!E1 Value: hkey_local_machine\software\titan poker --> uninstall gefunden: Trace.Registry.titan poker!E1 Value: hkey_local_machine\software\titan poker --> uninstall_lang gefunden: Trace.Registry.titan poker!E1 Key: hkey_current_user\software\pacificpoker gefunden: Trace.Registry.pacificpoker!E1 Key: hkey_current_user\software\pacificpoker\casinopoker gefunden: Trace.Registry.pacificpoker!E1 Key: hkey_current_user\software\pacificpoker\poker gefunden: Trace.Registry.pacificpoker!E1 Key: hkey_current_user\software\pacificpoker\poker\init gefunden: Trace.Registry.pacificpoker!E1 Key: hkey_current_user\software\pacificpoker\casinopoker\casino\sdl gefunden: Trace.Registry.pacificpoker!E1 Key: hkey_current_user\software\pacificpoker\casinopoker\casino gefunden: Trace.Registry.pacificpoker!E1 Key: hkey_current_user\software\pacificpoker\casinopoker\casino\init gefunden: Trace.Registry.pacificpoker!E1 Key: hkey_current_user\software\pacificpoker\poker\sdl gefunden: Trace.Registry.pacificpoker!E1 Key: hkey_current_user\software\pokerinstaller gefunden: Trace.Registry.pacificpoker!E1 Key: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\everest poker gefunden: Trace.Registry.everestpoker!E1 Key: hkey_current_user\software\grand virtual gefunden: Trace.Registry.everestpoker!E1 Key: hkey_current_user\software\mgs\thumper\casino gefunden: Trace.Registry.casinoaction!E1 Key: hkey_current_user\software\microgaming gefunden: Trace.Registry.casinoaction!E1 Key: hkey_current_user\software\microgaming\thumper gefunden: Trace.Registry.casinoaction!E1 Key: hkey_current_user\software\microgaming\thumper\casino gefunden: Trace.Registry.casinoaction!E1 Key: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\william hill poker gefunden: Trace.Registry.williamhillpoker!E1 Key: hkey_local_machine\software\william hill poker gefunden: Trace.Registry.williamhillpoker!E1 Key: hkey_current_user\software\william hill poker gefunden: Trace.Registry.williamhillpoker!E1 Key: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\mybet poker gefunden: Trace.Registry.mybetpoker!E1 Key: hkey_local_machine\software\mybet poker gefunden: Trace.Registry.mybetpoker!E1 Key: hkey_current_user\software\mybet poker gefunden: Trace.Registry.mybetpoker!E1 Key: hkey_current_user\software\mybet poker\columnsets gefunden: Trace.Registry.mybetpoker!E1 C:\Poker\Poker 770\_SetupCasino_238a31_de.exe gefunden: Riskware.Casino!E2 Gescannt 653030 Gefunden 394 Scan Ende: 17.08.2012 09:15:38 Scan Zeit: 0:52:33 |
|
17.08.2012, 15:27
| #10 |
| /// Helfer-Team | online cyber police trojaner soweit entfernt. Sehr gut! Lasse die Funde loeschen, dann: Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
17.08.2012, 22:08
| #11 |
| | online cyber police trojaner soweit entfernt. ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=fdcbb264c1a6864a8153a39f63bb2cb4 # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-08-17 03:59:19 # local_time=2012-08-17 05:59:19 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 12195120 12195120 0 0 # compatibility_mode=5893 16776573 100 94 13599 96848935 0 0 # compatibility_mode=8192 67108863 100 0 157 157 0 0 # scanned=1128 # found=0 # cleaned=0 # scan_time=73 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=fdcbb264c1a6864a8153a39f63bb2cb4 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-08-17 09:05:37 # local_time=2012-08-17 11:05:37 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 12211196 12211196 0 0 # compatibility_mode=5893 16776573 100 94 29675 96865011 0 0 # compatibility_mode=8192 67108863 100 0 16233 16233 0 0 # scanned=155388 # found=4 # cleaned=4 # scan_time=2375 C:\Users\Chris Gohl\AppData\Local\Temp\FreeTwitTube-S-Setup_Suite1.exe Win32/Adware.Yontoo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Chris Gohl\AppData\Local\Temp\softonic_ggl_1.6.7.4.exe Win32/Toolbar.Funmoods application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\08152012_132827\C_Users\Chris Gohl\AppData\Roaming\BrowserCompanion\tbhcn.exe Win32/BrowserCompanion application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\08152012_134914\C_ProgramData\wfebcskpubwjsyn\main.html HTML/Ransom.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C |
|
18.08.2012, 14:55
| #12 |
| /// Helfer-Team | online cyber police trojaner soweit entfernt. Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck |
|
18.08.2012, 23:02
| #13 |
| | online cyber police trojaner soweit entfernt. Unity Player Unity Player 2.6.1f3 Unknown plugin Research Plugin Icon Windows Live™ Photo Gallery NPWLPG Unknown plugin Research Plugin Icon Silverlight Plug-In 4.1.10329.0 Outdated Version Update Plugin Icon Adobe Acrobat Adobe PDF Plug-In For Firefox and Netscape 10.1.4 10.1.4.38 Up to Date Plugin Icon Shockwave Flash Shockwave Flash 11.3 r300 11.3.300.271 Up to Date Plugin Icon Java Deployment Toolkit 7.0.60.24 NPRuntime Script Plug-in Library for Java(TM) Deploy 1.7.0.6 Up to Date Plugin Icon Java(TM) Platform SE 7 U6 Next Generation Java Plug-in 10.6.2 for Mozilla browsers 1.7.0.6 Up to Date |
|
19.08.2012, 16:52
| #14 |
| /// Helfer-Team | online cyber police trojaner soweit entfernt. Sehr gut! damit bist Du sauber und entlassen!  adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html PC wird immer langsamer - was tun? |
|
19.08.2012, 18:21
| #15 |
| | online cyber police trojaner soweit entfernt. Super, ich danke dir vielmals! Super Seite super Support! Beste Grüße Chris |
|
| Themen zu online cyber police trojaner soweit entfernt. |
| adwcleaner, autorun.inf, browser, cdrom, explorer, firefox, google, helper, home, internet, internet explorer, java, log, löschen, microsoft, moved, newtab, online, search the web, setup, software, system, system32, temp, tipps, trojaner, viren, windows, winlogon |
Linear-Darstellung
