|
Log-Analyse und Auswertung: Variation von Bundestrojaner gefunden - Durch Systemwiederherstellung gelöscht?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
29.01.2013, 14:06 | #1 |
| Variation von Bundestrojaner gefunden - Durch Systemwiederherstellung gelöscht? Hallo liebes Trojanerboard, ich hab mir vorgestern eine Variation dieses Bundestrojaners eingefangen (oben rechts stand "Bundesamt für Sicherheit und Informationstechnik" oben links "GVU" und ich wurde aufgefordert 100 Euro zu zahlen). Mit der Wiederherstellungs-DVD hab ich eine Systemwiederherstellung vom 24.1 gemacht und konnte meinen PC danach wieder benutzen. Nun hab ich aber gehört das das Ding noch drauf ist und suche deshalb hier nach Hilfe. Mit PCs kenn ich mich übrigends nicht so aus. 1) Defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 12:54 on 29/01/2013 (***) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter OTL logfile created on: 29.01.2013 12:54:16 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,20 Gb Available Physical Memory | 77,50% Memory free 16,00 Gb Paging File | 14,11 Gb Available in Paging File | 88,19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1862,92 Gb Total Space | 1691,73 Gb Free Space | 90,81% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.28 15:00:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe PRC - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe PRC - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.07.18 17:04:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.07.18 17:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.06.20 12:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.02.25 19:51:19 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.09.01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe PRC - [2011.06.17 18:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe PRC - [2011.04.15 10:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.02.07 05:14:24 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe PRC - [2010.10.27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010.09.30 21:26:54 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe PRC - [2010.08.25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010.06.14 10:00:26 | 005,309,056 | ---- | M] ( ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU\EPU.exe PRC - [2010.04.27 09:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009.03.30 14:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe ========== Modules (No Company Name) ========== MOD - [2011.03.21 16:30:20 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.02.07 05:14:24 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe MOD - [2011.02.07 05:14:22 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTMUI.dll MOD - [2011.02.07 05:14:18 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll MOD - [2011.02.07 05:14:16 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTUI.dll MOD - [2011.02.07 05:14:14 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTFC.dll MOD - [2010.07.27 05:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTTSH.dll MOD - [2010.01.08 16:17:24 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\pngio.dll MOD - [2010.01.08 16:17:24 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll MOD - [2009.09.30 04:33:08 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll MOD - [2009.04.22 19:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\ASUSSERVICE.DLL MOD - [2009.02.27 15:38:22 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ========== Services (SafeList) ========== SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV:64bit: - [2012.12.19 20:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.12.19 15:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2013.01.20 17:58:06 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.01.19 12:06:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.10 18:37:51 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.07.18 17:04:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.02.25 19:51:19 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.11.23 14:17:26 | 000,094,992 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2011.09.01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0) SRV - [2011.06.17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService) SRV - [2011.04.15 10:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.08.18 11:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV:64bit: - [2012.12.19 21:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 20:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.11.06 12:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.07.18 17:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.07.18 17:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.07.18 17:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.09.21 10:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.06.23 10:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.04.27 08:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.04.27 08:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.03.19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.02.18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2010.01.27 10:25:42 | 001,584,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.08.23 23:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2009.07.16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2012.04.09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2) DRV - [2012.04.09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV - [2011.11.23 14:17:24 | 000,158,336 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2010.05.27 01:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 EE E3 00 BE F5 CD 01 [binary data] IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE" FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130116 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=2498ed90-d4b1-46aa-b024-81aba1ef5423&apn_ptnrs=%5EABT&apn_sauid=FAEA9189-B55B-4290-A7DA-20761B9B917D&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF - prefs.js..network.proxy.type: 2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012.12.09 15:52:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 12:06:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 12:06:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.30 17:42:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.01.22 22:35:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vym8tsne.default\extensions [2013.01.22 22:35:14 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vym8tsne.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.12.15 11:17:54 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vym8tsne.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2012.11.09 17:22:10 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vym8tsne.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} [2012.09.15 17:00:54 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vym8tsne.default\extensions\ich@maltegoetz.de [2012.08.12 21:23:18 | 000,156,179 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vym8tsne.default\extensions\arpit3@techraga.in.xpi [2012.12.11 17:11:48 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vym8tsne.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.11.23 18:05:19 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vym8tsne.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.03.23 20:42:12 | 000,000,943 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vym8tsne.default\searchplugins\conduit.xml [2013.01.19 12:06:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.19 12:06:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.01.19 12:06:49 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.27 18:45:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.29 19:26:35 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.27 18:45:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.27 18:45:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.27 18:45:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.27 18:45:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [ISW] File not found O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe ( ASUSTeK Computer Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62A5CB83-62D3-4FC2-B87C-19FC67DFEBFA}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.28 15:05:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.01.27 13:02:00 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Abiturmaterialien [2013.01.24 14:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.01.24 14:53:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2013.01.24 14:53:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2013.01.24 14:53:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2013.01.23 11:53:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WindSolutions [2013.01.23 11:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions [2013.01.22 15:36:13 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Tobias Saxophon [2013.01.19 12:06:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.17 12:48:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared [2013.01.17 12:48:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2013.01.05 19:16:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.01.05 19:13:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games [2012.12.30 19:47:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ESN [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [2 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.29 12:39:17 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.01.29 12:15:47 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.29 12:15:47 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.29 12:08:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.29 12:08:20 | 2146,820,095 | -HS- | M] () -- C:\hiberfil.sys [2013.01.28 22:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.28 20:51:38 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.01.28 20:51:38 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.01.28 20:50:30 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.01.28 15:06:27 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.28 15:06:27 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.28 15:06:27 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.28 15:06:27 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.28 15:06:27 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.28 15:02:22 | 000,365,568 | ---- | M] () -- C:\Users\***\Desktop\gmer-2.0.18444.exe [2013.01.28 15:00:40 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.01.28 15:00:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.01.28 13:01:40 | 003,189,130 | ---- | M] () -- C:\Users\***\Desktop\Bild.jpg [2013.01.17 12:55:39 | 004,876,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.17 12:48:44 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 10.lnk [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [2 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.29 12:39:17 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.01.28 15:05:22 | 000,365,568 | ---- | C] () -- C:\Users\***\Desktop\gmer-2.0.18444.exe [2013.01.28 15:05:22 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.01.28 13:01:40 | 003,189,130 | ---- | C] () -- C:\Users\***\Desktop\Bild.jpg [2013.01.17 12:53:29 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2013.01.17 12:48:44 | 000,001,912 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 10.lnk [2013.01.17 12:48:44 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 10.lnk [2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.02.15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.01.10 20:27:55 | 000,056,832 | ---- | C] () -- C:\Users\Kuipers\AppData\Roaming\skype.dat [2011.12.30 19:42:32 | 000,002,384 | ---- | C] () -- C:\Windows\Sandboxie.ini [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.02 20:34:40 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Grapher [2011.08.02 20:34:40 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Grand Piano [2011.08.02 20:34:40 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Generic [2011.08.02 20:34:40 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Galaxy Swirl [2011.08.02 20:34:40 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Galactic Static [2011.08.02 20:34:40 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Funk Animals [2011.08.02 20:34:40 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2011.08.02 20:34:40 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2011.08.02 20:34:40 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2011.04.30 18:47:32 | 000,282,296 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.04.30 18:47:28 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2011.04.30 18:47:28 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.04.30 17:56:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.04.30 17:36:50 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.04.30 17:36:50 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011.04.14 16:57:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.binf [2011.04.14 16:41:39 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2011.04.14 16:41:39 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2011.04.14 16:41:37 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2011.04.14 16:41:37 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2011.04.14 16:37:33 | 000,044,434 | ---- | C] () -- C:\Windows\Ascd_log.ini [2011.04.14 16:37:06 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.04.14 16:37:00 | 000,033,683 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-2714413572-685484061-1826461873-1000\$2730c4019128e3f2af1b40bb2ec1861d\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\$Recycle.Bin\S-1-5-18\$2730c4019128e3f2af1b40bb2ec1861d\n. "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.09 15:52:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\APP_NAME_NON_STRING [2011.04.30 17:45:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CheckPoint [2011.11.30 18:37:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011.11.30 20:20:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2011.11.30 20:19:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2012.03.14 18:06:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\e-academy Inc [2013.01.28 14:33:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2012.05.06 08:36:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient [2011.08.02 20:41:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nikon [2012.12.05 16:30:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin [2012.12.09 15:53:59 | 000,000,000 | ---D | M] -- C:\Users\***s\AppData\Roaming\PDF Architect [2012.12.09 15:51:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge [2012.09.10 10:45:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify [2012.06.22 17:10:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2013.01.23 11:53:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WindSolutions ========== Purity Check ========== < End of report > Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net Rootkit scan 2013-01-29 13:34:22 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD204UI rev.1AQ10001 1863,02GB Running: gmer-2.0.18444.exe; Driver: C:\Users\***\AppData\Local\Temp\uftiafoc.sys ---- User code sections - GMER 2.0 ---- .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761e1401 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1648] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761e1419 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761e1431 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000761e144a 2 bytes [1E, 76] .text ... * 9 .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1648] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761e14dd 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761e14f5 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761e150d 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761e1525 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761e153d 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1648] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761e1555 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761e156d 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761e1585 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761e159d 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761e15b5 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761e15cd 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761e16b2 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761e16bd 2 bytes [1E, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1972] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000072a617fa 2 bytes [A6, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1972] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000072a61860 2 bytes [A6, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1972] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000072a61942 2 bytes [A6, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1972] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000072a6194d 2 bytes [A6, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761e1401 2 bytes [1E, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1972] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761e1419 2 bytes [1E, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761e1431 2 bytes [1E, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000761e144a 2 bytes [1E, 76] .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[1972] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761e14dd 2 bytes [1E, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761e14f5 2 bytes [1E, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1972] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761e150d 2 bytes [1E, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761e1525 2 bytes [1E, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761e153d 2 bytes [1E, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1972] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761e1555 2 bytes [1E, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761e156d 2 bytes [1E, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761e1585 2 bytes [1E, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1972] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761e159d 2 bytes [1E, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761e15b5 2 bytes [1E, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761e15cd 2 bytes [1E, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761e16b2 2 bytes [1E, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761e16bd 2 bytes [1E, 76] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761e1401 2 bytes [1E, 76] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2312] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761e1419 2 bytes [1E, 76] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761e1431 2 bytes [1E, 76] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000761e144a 2 bytes [1E, 76] .text ... * 9 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2312] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761e14dd 2 bytes [1E, 76] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761e14f5 2 bytes [1E, 76] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2312] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761e150d 2 bytes [1E, 76] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761e1525 2 bytes [1E, 76] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761e153d 2 bytes [1E, 76] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2312] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761e1555 2 bytes [1E, 76] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761e156d 2 bytes [1E, 76] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761e1585 2 bytes [1E, 76] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2312] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761e159d 2 bytes [1E, 76] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761e15b5 2 bytes [1E, 76] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761e15cd 2 bytes [1E, 76] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761e16b2 2 bytes [1E, 76] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761e16bd 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2912] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761e1401 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2912] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761e1419 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761e1431 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000761e144a 2 bytes [1E, 76] .text ... * 9 .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2912] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761e14dd 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2912] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761e14f5 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2912] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761e150d 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2912] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761e1525 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2912] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761e153d 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2912] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761e1555 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2912] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761e156d 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2912] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761e1585 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2912] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761e159d 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2912] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761e15b5 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2912] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761e15cd 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2912] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761e16b2 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2912] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761e16bd 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3124] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761e1401 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3124] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761e1419 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761e1431 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000761e144a 2 bytes [1E, 76] .text ... * 9 .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3124] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761e14dd 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3124] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761e14f5 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3124] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761e150d 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3124] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761e1525 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3124] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761e153d 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3124] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761e1555 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3124] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761e156d 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3124] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761e1585 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3124] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761e159d 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3124] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761e15b5 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3124] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761e15cd 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3124] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761e16b2 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3124] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761e16bd 2 bytes [1E, 76] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761e1401 2 bytes [1E, 76] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3140] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761e1419 2 bytes [1E, 76] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761e1431 2 bytes [1E, 76] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000761e144a 2 bytes [1E, 76] .text ... * 9 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3140] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761e14dd 2 bytes [1E, 76] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761e14f5 2 bytes [1E, 76] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3140] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761e150d 2 bytes [1E, 76] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761e1525 2 bytes [1E, 76] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761e153d 2 bytes [1E, 76] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3140] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761e1555 2 bytes [1E, 76] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761e156d 2 bytes [1E, 76] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761e1585 2 bytes [1E, 76] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3140] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761e159d 2 bytes [1E, 76] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761e15b5 2 bytes [1E, 76] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761e15cd 2 bytes [1E, 76] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761e16b2 2 bytes [1E, 76] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761e16bd 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761e1401 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3280] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761e1419 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761e1431 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000761e144a 2 bytes [1E, 76] .text ... * 9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3280] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761e14dd 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761e14f5 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3280] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761e150d 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761e1525 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761e153d 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3280] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761e1555 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761e156d 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761e1585 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3280] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761e159d 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761e15b5 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761e15cd 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761e16b2 2 bytes [1E, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761e16bd 2 bytes [1E, 76] ---- Threads - GMER 2.0 ---- Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1712:2652] 000000001000e2eb Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1712:3212] 0000000001ab66e0 Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1712:3216] 0000000001ab66e0 Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1712:3220] 0000000001ab66e0 Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1712:3224] 0000000001ab2560 Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [3252:3388] 0000000074508f84 Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [3252:3392] 000000007450925e Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [3252:3396] 0000000074508bd0 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3744:4632] 000007fefbc82a7c Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3744:4448] 00000000697dd068 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3744:4416] 000007fee975cec4 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3744:4792] 000007fee975cec4 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3744:4796] 000007fee975cec4 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3744:4724] 000007fee975cec4 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3744:4760] 000007fee975cec4 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3744:4772] 000007fee975cec4 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3744:4764] 0000000066e6bccc ---- Processes - GMER 2.0 ---- Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1436] 0000000074a30000 Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1712] 0000000076370000 Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [3252] 0000000074760000 Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3352] 000007fef3b60000 Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3744] 000000006a170000 Library ? (*** suspicious ***) @ C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [1208] 0000000074a30000 ---- EOF - GMER 2.0 ---- Danke schonmal im Vorraus . |
29.01.2013, 14:11 | #2 |
/// Helfer-Team | Variation von Bundestrojaner gefunden - Durch Systemwiederherstellung gelöscht?Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Ersetze die *** Sternchen wieder in den Benutzernamen zurück! Code:
ATTFilter :OTL O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) [2012.01.10 20:27:55 | 000,056,832 | ---- | C] () -- C:\Users\Kuipers\AppData\Roaming\skype.dat :Files C:\ProgramData\*.exe C:\ProgramData\*.dll C:\ProgramData\*.tmp C:\ProgramData\TEMP C:\Users\***\*.tmp C:\Users\***\AppData\Local\Temp\*.exe C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup unctf.lnk ipconfig /flushdns /c :Commands [emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ |
29.01.2013, 16:12 | #3 |
| Variation von Bundestrojaner gefunden - Durch Systemwiederherstellung gelöscht? Hi t´john
__________________Hier die gewünschten Logs: 1) OTL Code:
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully. C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully. C:\Users\***\AppData\Roaming\skype.dat moved successfully. ========== FILES ========== File\Folder C:\ProgramData\*.exe not found. File\Folder C:\ProgramData\*.dll not found. File\Folder C:\ProgramData\*.tmp not found. File\Folder C:\ProgramData\TEMP not found. File\Folder C:\Users\***\*.tmp not found. C:\Users\***\AppData\Local\Temp\IminentSetup.exe moved successfully. C:\Users\***\AppData\Local\Temp\InstallFlashPlayer.exe moved successfully. C:\Users\***\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe moved successfully. C:\Users\***\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe moved successfully. C:\Users\***\AppData\Local\Temp\SkypeSetup.exe moved successfully. C:\Users\***\AppData\Local\Temp\sonarinst.exe moved successfully. C:\Users\***\AppData\Local\Temp\tmp2895.exe moved successfully. C:\Users\***\AppData\Local\Temp\tmp6A08.exe moved successfully. C:\Users\***\AppData\Local\Temp\tmp87E4.exe moved successfully. C:\Users\***\AppData\Local\Temp\tmp88CE.exe moved successfully. C:\Users\***\AppData\Local\Temp\tmp9D28.exe moved successfully. C:\Users\***\AppData\Local\Temp\tmpDCA8.exe moved successfully. C:\Users\***\AppData\Local\Temp\tmpEEC1.exe moved successfully. C:\Users\***\AppData\Local\Temp\tmpEFEA.exe moved successfully. C:\Users\***\AppData\Local\Temp\tmpF1EC.exe moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully. File/Folder C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup unctf.lnk not found. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\***\Desktop\cmd.bat deleted successfully. C:\Users\***\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: AppData User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 400707 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: *** ->Temp folder emptied: 449741247 bytes ->Temporary Internet Files folder emptied: 211415961 bytes ->FireFox cache emptied: 72739175 bytes ->Flash cache emptied: 59217 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 82944 bytes %systemroot%\System32 (64bit) .tmp files removed: 8417792 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 315148424 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 119691 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1.009,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01292013_141753 Files\Folders moved on Reboot... C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.29.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Kuipers :: KUIPERS-PC [Administrator] Schutz: Aktiviert 29.01.2013 14:45:46 mbam-log-2013-01-29 (14-45-46).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 409185 Laufzeit: 1 Stunde(n), 4 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\_OTL\MovedFiles\01292013_141753\C_Users\***\AppData\Roaming\skype.dat (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v2.109 - Datei am 29/01/2013 um 16:03:32 erstellt # Aktualisiert am 26/01/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : *** - ***-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\***\Downloads\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vym8tsne.default\searchplugins\Conduit.xml Ordner Gelöscht : C:\Program Files (x86)\Ask.com Ordner Gelöscht : C:\Program Files (x86)\Conduit Ordner Gelöscht : C:\Program Files (x86)\DealPly Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly Ordner Gelöscht : C:\Users\***\AppData\Local\Conduit Ordner Gelöscht : C:\Users\***\AppData\LocalLow\AskToolbar Ordner Gelöscht : C:\Users\***\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vym8tsne.default\Conduit Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vym8tsne.default\ConduitCommon Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vym8tsne.default\CT2613550 Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vym8tsne.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vym8tsne.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} Ordner Gelöscht : C:\Users\***\AppData\Roaming\pdfforge Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\APN Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp Schlüssel Gelöscht : HKCU\Software\DealPly Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gelöscht : HKLM\Software\APN Schlüssel Gelöscht : HKLM\Software\AskToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2613550 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\Software\DealPly Schlüssel Gelöscht : HKLM\Software\Iminent Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v18.0.1 (de) Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vym8tsne.default\prefs.js Gelöscht : user_pref("CT2613550..clientLogIsEnabled", true); Gelöscht : user_pref("CT2613550..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Gelöscht : user_pref("CT2613550..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Gelöscht : user_pref("CT2613550.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Gelöscht : user_pref("CT2613550.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Gelöscht : user_pref("CT2613550.AppTrackingLastCheckTime", "Mon Oct 31 2011 21:52:37 GMT+0100"); Gelöscht : user_pref("CT2613550.CT2613550", "CT2613550"); Gelöscht : user_pref("CT2613550.CurrentServerDate", "15-11-2011"); Gelöscht : user_pref("CT2613550.DialogsAlignMode", "LTR"); Gelöscht : user_pref("CT2613550.DialogsGetterLastCheckTime", "Mon Nov 14 2011 15:18:23 GMT+0100"); Gelöscht : user_pref("CT2613550.DownloadReferralCookieData", ""); Gelöscht : user_pref("CT2613550.EMailNotifierPollDate", "Sat Apr 30 2011 19:22:05 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedLastCount3082739963941193807", 411); Gelöscht : user_pref("CT2613550.FeedPollDate7861255190875796966", "Sat Apr 30 2011 18:52:08 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate7861255191286404846", "Sat Apr 30 2011 18:52:08 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate7861255191690696803", "Sat Apr 30 2011 18:52:07 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate7861255191830767423", "Sat Apr 30 2011 18:52:08 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate7861255192204641884", "Sat Apr 30 2011 18:52:07 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate7861255192330261614", "Sat Apr 30 2011 18:52:07 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate7861255192609293799", "Sat Apr 30 2011 18:52:08 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate7861255192844976705", "Sat Apr 30 2011 18:52:07 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate7861255193025486845", "Sat Apr 30 2011 18:52:08 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate7861255193127848905", "Sat Apr 30 2011 18:52:07 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate7861255193189289837", "Sat Apr 30 2011 18:52:07 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate7861255193256322449", "Sat Apr 30 2011 18:52:07 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate7861255193310202497", "Sat Apr 30 2011 18:52:07 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate7861255193760634970", "Sat Apr 30 2011 18:52:08 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate7861255193813312257", "Sat Apr 30 2011 18:52:08 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate7861255194862513855", "Sat Apr 30 2011 18:52:07 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate7861255194875474195", "Sat Apr 30 2011 18:52:07 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedTTL7861255190875796966", 5); Gelöscht : user_pref("CT2613550.FeedTTL7861255191286404846", 2); Gelöscht : user_pref("CT2613550.FeedTTL7861255191830767423", 30); Gelöscht : user_pref("CT2613550.FeedTTL7861255192844976705", 5); Gelöscht : user_pref("CT2613550.FeedTTL7861255193256322449", 5); Gelöscht : user_pref("CT2613550.FeedTTL7861255193310202497", 2); Gelöscht : user_pref("CT2613550.FirstServerDate", "30-4-2011"); Gelöscht : user_pref("CT2613550.FirstTime", true); Gelöscht : user_pref("CT2613550.FirstTimeFF3", true); Gelöscht : user_pref("CT2613550.FixPageNotFoundErrors", false); Gelöscht : user_pref("CT2613550.GroupingServerCheckInterval", 1440); Gelöscht : user_pref("CT2613550.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Gelöscht : user_pref("CT2613550.HasUserGlobalKeys", true); Gelöscht : user_pref("CT2613550.HomePageProtectorEnabled", false); Gelöscht : user_pref("CT2613550.Initialize", true); Gelöscht : user_pref("CT2613550.InitializeCommonPrefs", true); Gelöscht : user_pref("CT2613550.InstallationAndCookieDataSentCount", 3); Gelöscht : user_pref("CT2613550.InstallationType", "UnknownIntegration"); Gelöscht : user_pref("CT2613550.InstalledDate", "Sat Apr 30 2011 18:53:36 GMT+0200"); Gelöscht : user_pref("CT2613550.InvalidateCache", false); Gelöscht : user_pref("CT2613550.IsAlertDBUpdated", true); Gelöscht : user_pref("CT2613550.IsGrouping", false); Gelöscht : user_pref("CT2613550.IsMulticommunity", false); Gelöscht : user_pref("CT2613550.IsOpenThankYouPage", true); Gelöscht : user_pref("CT2613550.IsOpenUninstallPage", true); Gelöscht : user_pref("CT2613550.LanguagePackLastCheckTime", "Mon Nov 14 2011 22:43:39 GMT+0100"); Gelöscht : user_pref("CT2613550.LanguagePackReloadIntervalMM", 1440); Gelöscht : user_pref("CT2613550.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Gelöscht : user_pref("CT2613550.LastLogin_3.3.3.2", "Fri Jun 24 2011 13:52:06 GMT+0200"); Gelöscht : user_pref("CT2613550.LastLogin_3.5.0.12", "Mon Aug 15 2011 11:19:56 GMT+0200"); Gelöscht : user_pref("CT2613550.LastLogin_3.6.0.10", "Tue Sep 27 2011 15:53:29 GMT+0200"); Gelöscht : user_pref("CT2613550.LastLogin_3.7.0.6", "Mon Nov 07 2011 22:56:47 GMT+0100"); Gelöscht : user_pref("CT2613550.LastLogin_3.8.0.8", "Tue Nov 15 2011 16:40:58 GMT+0100"); Gelöscht : user_pref("CT2613550.LatestVersion", "3.8.0.8"); Gelöscht : user_pref("CT2613550.Locale", "de-de"); Gelöscht : user_pref("CT2613550.MCDetectTooltipHeight", "83"); Gelöscht : user_pref("CT2613550.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Gelöscht : user_pref("CT2613550.MCDetectTooltipWidth", "295"); Gelöscht : user_pref("CT2613550.MyStuffEnabledAtInstallation", true); Gelöscht : user_pref("CT2613550.RadioIsPodcast", false); Gelöscht : user_pref("CT2613550.RadioLastCheckTime", "Sat Apr 30 2011 18:53:40 GMT+0200"); Gelöscht : user_pref("CT2613550.RadioLastUpdateIPServer", "3"); Gelöscht : user_pref("CT2613550.RadioLastUpdateServer", "0"); Gelöscht : user_pref("CT2613550.RadioMediaID", "8546"); Gelöscht : user_pref("CT2613550.RadioMediaType", "Media Player"); Gelöscht : user_pref("CT2613550.RadioMenuSelectedID", "EBRadioMenu_CT26135508546"); Gelöscht : user_pref("CT2613550.RadioStationName", "Radio%208"); Gelöscht : user_pref("CT2613550.RadioStationURL", "hxxp://stream.radio8.de:8000/live.m3u"); Gelöscht : user_pref("CT2613550.SHRINK_TOOLBAR", 1); Gelöscht : user_pref("CT2613550.SavedHomepage", "chrome://branding/locale/browserconfig.properties"); Gelöscht : user_pref("CT2613550.SearchBoxWidth", 150); Gelöscht : user_pref("CT2613550.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties"); Gelöscht : user_pref("CT2613550.SearchFromAddressBarIsInit", true); Gelöscht : user_pref("CT2613550.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT261[...] Gelöscht : user_pref("CT2613550.SearchInNewTabEnabled", true); Gelöscht : user_pref("CT2613550.SearchInNewTabIntervalMM", 1440); Gelöscht : user_pref("CT2613550.SearchInNewTabLastCheckTime", "Mon Nov 14 2011 22:43:38 GMT+0100"); Gelöscht : user_pref("CT2613550.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Gelöscht : user_pref("CT2613550.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...] Gelöscht : user_pref("CT2613550.SearchProtectorEnabled", false); Gelöscht : user_pref("CT2613550.SearchProtectorToolbarDisabled", false); Gelöscht : user_pref("CT2613550.ServiceMapLastCheckTime", "Mon Nov 14 2011 22:43:39 GMT+0100"); Gelöscht : user_pref("CT2613550.SettingsLastCheckTime", "Tue Nov 15 2011 16:40:57 GMT+0100"); Gelöscht : user_pref("CT2613550.SettingsLastUpdate", "1319568605"); Gelöscht : user_pref("CT2613550.ThirdPartyComponentsInterval", 504); Gelöscht : user_pref("CT2613550.ThirdPartyComponentsLastCheck", "Mon Nov 14 2011 22:43:38 GMT+0100"); Gelöscht : user_pref("CT2613550.ThirdPartyComponentsLastUpdate", "1255344657"); Gelöscht : user_pref("CT2613550.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2613550"); Gelöscht : user_pref("CT2613550.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Gelöscht : user_pref("CT2613550.UserID", "UN30853408390478876"); Gelöscht : user_pref("CT2613550.ValidationData_Search", 2); Gelöscht : user_pref("CT2613550.ValidationData_Toolbar", 2); Gelöscht : user_pref("CT2613550.WeatherNetwork", ""); Gelöscht : user_pref("CT2613550.WeatherPollDate", "Tue Nov 15 2011 16:40:58 GMT+0100"); Gelöscht : user_pref("CT2613550.WeatherUnit", "C"); Gelöscht : user_pref("CT2613550.alertChannelId", "1006347"); Gelöscht : user_pref("CT2613550.approveUntrustedApps", true); Gelöscht : user_pref("CT2613550.components.1000034", false); Gelöscht : user_pref("CT2613550.components.1000082", false); Gelöscht : user_pref("CT2613550.components.1000234", true); Gelöscht : user_pref("CT2613550.components.129171076489169448", false); Gelöscht : user_pref("CT2613550.components.3082739963941193807", false); Gelöscht : user_pref("CT2613550.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Gelöscht : user_pref("CT2613550.globalFirstTimeInfoLastCheckTime", "Tue Nov 15 2011 16:40:58 GMT+0100"); Gelöscht : user_pref("CT2613550.homepageProtectorEnableByLogin", true); Gelöscht : user_pref("CT2613550.initDone", true); Gelöscht : user_pref("CT2613550.isAppTrackingManagerOn", true); Gelöscht : user_pref("CT2613550.myStuffEnabled", true); Gelöscht : user_pref("CT2613550.myStuffPublihserMinWidth", 400); Gelöscht : user_pref("CT2613550.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Gelöscht : user_pref("CT2613550.myStuffServiceIntervalMM", 1440); Gelöscht : user_pref("CT2613550.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Gelöscht : user_pref("CT2613550.oldAppsList", "129171076488700693,129171076488856944,111,129171076488856945,129[...] Gelöscht : user_pref("CT2613550.revertSettingsEnabled", true); Gelöscht : user_pref("CT2613550.searchProtectorDialogDelayInSec", 10); Gelöscht : user_pref("CT2613550.searchProtectorEnableByLogin", true); Gelöscht : user_pref("CT2613550.testingCtid", ""); Gelöscht : user_pref("CT2613550.toolbarAppMetaDataLastCheckTime", "Mon Nov 14 2011 22:43:39 GMT+0100"); Gelöscht : user_pref("CT2613550.toolbarContextMenuLastCheckTime", "Mon Nov 07 2011 15:27:53 GMT+0100"); Gelöscht : user_pref("CT2613550.usagesFlag", 2); Gelöscht : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2613550"); Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1006347/1002062/DE", "\"0\"[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2613550", [...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2613550",[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2613550&octid=[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2613550/CT2613550[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/50/261/CT2613550/Images/6340849712463612[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...] Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\***\\AppData\\Roaming\\Mozilla\[...] Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.0.8"); Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", ""); Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2613550"); Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2613550"); Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Apr 30 2011 18:52:07 GMT+02[...] Gelöscht : user_pref("CommunityToolbar.alert.alertEnabled", true); Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jun 24 2011 13:52:14 GMT+0200"); Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Gelöscht : user_pref("CommunityToolbar.alert.locale", "en"); Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jun 24 2011 13:52:06 GMT+0200"); Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559"); Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false); Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Gelöscht : user_pref("CommunityToolbar.alert.userId", "571d385e-299a-4817-ba0e-dabb7ed194fc"); Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Apr 30 2011 18:52:08 GMT+0200"); Gelöscht : user_pref("CommunityToolbar.globalUserId", "1f6ca35b-2258-4e2c-80d2-9bac65f11ee5"); Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2613550"); Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Nov 15 2011 16:40:5[...] Gelöscht : user_pref("CommunityToolbar.notifications.alertEnabled", true); Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Nov 14 2011 22:43:47 GMT+010[...] Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en"); Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Nov 14 2011 22:43:39 GMT+0100"); Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Gelöscht : user_pref("CommunityToolbar.notifications.userId", "096f022d-6a13-4034-b317-4c9380a665c7"); Gelöscht : user_pref("browser.search.defaultengine", "Ask.com"); Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com"); Gelöscht : user_pref("browser.search.defaultthis.engineName", "ZoneAlarm-Sicherheit Customized Web Search"); Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&Sea[...] Gelöscht : user_pref("browser.search.order.1", "Ask.com"); Gelöscht : user_pref("browser.startup.homepage", "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale[...] Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", ""); Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&loc[...] ************************* AdwCleaner[S1].txt - [23208 octets] - [29/01/2013 16:03:32] ########## EOF - C:\AdwCleaner[S1].txt - [23269 octets] ########## |
29.01.2013, 19:05 | #4 |
/// Helfer-Team | Variation von Bundestrojaner gefunden - Durch Systemwiederherstellung gelöscht? Sehr gut! Wie laeuft der Rechner? Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
29.01.2013, 21:17 | #5 |
| Variation von Bundestrojaner gefunden - Durch Systemwiederherstellung gelöscht? Hier der scan-log 1) Code:
ATTFilter Emsisoft Anti-Malware - Version 7.0 Letztes Update: 29.01.2013 20:01:06 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\ Riskware-Erkennung: Aus Archiv Scan: An ADS Scan: An Dateitypen-Filter: Aus Erweitertes Caching: An Direkter Festplattenzugriff: Aus Scan Beginn: 29.01.2013 20:01:37 C:\ProgramData\Avira\AntiVir Desktop\INFECTED\54f5dc9d.qua -> (Quarantine-8) gefunden: Trojan.Sirefef.OF (B) C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5751dbc6.qua -> (Quarantine-8) gefunden: Trojan.Sirefef.OF (B) Gescannt 513406 Gefunden 2 Scan Ende: 29.01.2013 21:13:13 Scan Zeit: 1:11:36 C:\ProgramData\Avira\AntiVir Desktop\INFECTED\54f5dc9d.qua -> (Quarantine-8) Quarantäne Trojan.Sirefef.OF (B) C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5751dbc6.qua -> (Quarantine-8) Quarantäne Trojan.Sirefef.OF (B) Quarantäne 2 |
30.01.2013, 00:43 | #6 |
/// Helfer-Team | Variation von Bundestrojaner gefunden - Durch Systemwiederherstellung gelöscht? Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
__________________ --> Variation von Bundestrojaner gefunden - Durch Systemwiederherstellung gelöscht? |
30.01.2013, 20:28 | #7 |
| Variation von Bundestrojaner gefunden - Durch Systemwiederherstellung gelöscht? Hier der gewünschte Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6889 # api_version=3.0.2 # EOSSerial=1d44860c458412438aa73166b72c0b14 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-01-30 07:15:58 # local_time=2013-01-30 08:15:58 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 97 87466 224996648 80223 0 # compatibility_mode=5893 16776574 66 94 13140932 111203208 0 0 # scanned=215083 # found=0 # cleaned=0 # scan_time=5739 |
30.01.2013, 20:36 | #8 | |
/// Helfer-Team | Variation von Bundestrojaner gefunden - Durch Systemwiederherstellung gelöscht?Zitat:
Ich sag bescheind, wenn wir fertig sind Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers danach: Downloade Dir bitte SecurityCheck und:
|
02.02.2013, 19:41 | #9 |
| Variation von Bundestrojaner gefunden - Durch Systemwiederherstellung gelöscht? Hi John, hier deine gewünschten Logfiles: Ich habe das Rootkit Programm 3x laufen lassen, da beim zweiten Mal noch etwas gefunden wurde und ich mir ganz sicher sein wollte, dass alles sauber ist. Daher hier die 3 Logs in der zeitlichen Reihenfolge: Log1 Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1017 www.malwarebytes.org Database version: v2013.02.02.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: ***-PC [administrator] 02.02.2013 19:12:10 mbar-log-2013-02-02 (19-12-10).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 29885 Time elapsed: 6 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 3 HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-21-2714413572-685484061-1826461873-1000\$2730c4019128e3f2af1b40bb2ec1861d\n.) Good: (shell32.dll) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\INPROCSERVER32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-18\$2730c4019128e3f2af1b40bb2ec1861d\n.) Good: (fastprox.dll) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\INPROCSERVER32| (Hijack.Trojan.Siredef.C) -> Bad: (C:\$Recycle.Bin\S-1-5-18\$2730c4019128e3f2af1b40bb2ec1861d\n.) Good: (%systemroot%\system32\wbem\fastprox.dll) -> Delete on reboot. Folders Detected: 6 c:\$RECYCLE.BIN\S-1-5-18\$2730c4019128e3f2af1b40bb2ec1861d\U (Trojan.Siredef.C) -> Delete on reboot. c:\$RECYCLE.BIN\S-1-5-21-2714413572-685484061-1826461873-1000\$2730c4019128e3f2af1b40bb2ec1861d\U (Trojan.Siredef.C) -> Delete on reboot. c:\$RECYCLE.BIN\S-1-5-18\$2730c4019128e3f2af1b40bb2ec1861d\L (Trojan.Siredef.C) -> Delete on reboot. c:\$RECYCLE.BIN\S-1-5-21-2714413572-685484061-1826461873-1000\$2730c4019128e3f2af1b40bb2ec1861d\L (Trojan.Siredef.C) -> Delete on reboot. c:\$RECYCLE.BIN\S-1-5-18\$2730c4019128e3f2af1b40bb2ec1861d (Trojan.Siredef.C) -> Delete on reboot. c:\$RECYCLE.BIN\S-1-5-21-2714413572-685484061-1826461873-1000\$2730c4019128e3f2af1b40bb2ec1861d (Trojan.Siredef.C) -> Delete on reboot. Files Detected: 2 c:\$RECYCLE.BIN\S-1-5-18\$2730c4019128e3f2af1b40bb2ec1861d\@ (Trojan.Siredef.C) -> Delete on reboot. c:\$RECYCLE.BIN\S-1-5-21-2714413572-685484061-1826461873-1000\$2730c4019128e3f2af1b40bb2ec1861d\@ (Trojan.Siredef.C) -> Delete on reboot. (end) Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1017 www.malwarebytes.org Database version: v2013.02.02.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: ***-PC [administrator] 02.02.2013 19:25:55 mbar-log-2013-02-02 (19-25-55).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 29836 Time elapsed: 7 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9} (Hijack.Trojan.Siredef.C) -> Delete on reboot. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1017 www.malwarebytes.org Database version: v2013.02.02.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: ***-PC [administrator] 02.02.2013 19:33:14 mbar-log-2013-02-02 (19-33-14).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 29837 Time elapsed: 6 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Code:
ATTFilter Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x64 Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 Wise Registry Cleaner 5.9.4 Java 7 Update 9 Java version out of Date! Adobe Flash Player 11.5.502.146 Adobe Reader 10.1.5 Adobe Reader out of Date! Mozilla Firefox (18.0.1) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
03.02.2013, 22:13 | #10 |
/// Helfer-Team | Variation von Bundestrojaner gefunden - Durch Systemwiederherstellung gelöscht? Malware mit Combofix beseitigen Lade Combofix von einem der folgenden Download-Spiegel herunter: BleepingComputer.com - ForoSpyware.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Beachte die ausführliche Original-Anleitung. Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
Vorbereitung und wichtige Hinweise
Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen! |
05.02.2013, 16:51 | #11 |
| Variation von Bundestrojaner gefunden - Durch Systemwiederherstellung gelöscht? Hmm. Die Combofix - Datei ist leer, ich hab sie auf den Desktop verschoben dort, war sie leer, driekt nach dem Combofix wurde was angezeigt. Aber sofort daraufhin hat der PC sich selbstständig neugestartet, sodass ich sie nicht mehr speichern konnte. Habe danach unter C:/combofix (Ein Ordner) irgendeine 3XE gestartet (dachte das wäre vielleicht die .txt Datei) ist aber nichts passiert, außer ein kurzes Fensteraufploppen. Hier jedoch die Log von der Qoobox: Code:
ATTFilter Update for Microsoft Office 2007 (KB2508958) Adobe After Effects CS5 Adobe AIR Adobe Community Help Adobe Download Assistant Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Media Player Adobe Photoshop Elements 10 Adobe Reader XI (11.0.01) - Deutsch Age of Empires III Age of Empires III - The Asian Dynasties Age of Empires III - The WarChiefs AMD VISION Engine Control Center Apple Application Support Apple Software Update ArcSoft Panorama Maker 5 Avira Free Antivirus Battlefield 3™ Battlefield: Bad Company™ 2 Battlelog Web Plugins Brother MFL-Pro Suite DCP-130C Call of Duty: Black Ops Call of Duty: Black Ops - Multiplayer Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Company of Heroes Company of Heroes - FAKEMSI DVDStyler v2.3.4 Elements 10 Organizer EPU ESN Sonar EVEREST Home Edition v2.20 Fraps Free Video Dub version 1.8.12.718 Free YouTube Download version 3.0.18.1123 GameRanger Google Earth HydraVision IrfanView (remove only) League of Legends Malwarebytes Anti-Malware Version 1.70.0.1100 McAfee Security Scan Plus Microsoft Age of Empires II Microsoft Age of Empires II: The Conquerors Expansion Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (German) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Live Add-in 1.5 Microsoft Office OneNote MUI (German) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (German) 2007 Microsoft Office Word MUI (German) 2007 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Mozilla Firefox 18.0.1 (x86 de) Mozilla Maintenance Service MSI Afterburner 2.1.0 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nikon File Uploader 2 Nikon Message Center 2 Origin Pando Media Booster PDF Architect PDFCreator Picture Control Utility PSE10 STI Installer PunkBuster Services QuickTime Realtek Ethernet Controller Driver For Windows 7 Realtek High Definition Audio Driver Renesas Electronics USB 3.0 Host Controller Driver Secure Download Manager Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Skype Click to Call Skype™ 6.1 StarCraft II Steam TeamViewer 6 The Elder Scrolls V: Skyrim UnderCoverXP 1.23 Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition VC 9.0 Runtime ViewNX 2 VLC media player 1.1.9 Wise Registry Cleaner 5.9.4 |
05.02.2013, 20:01 | #12 |
/// Helfer-Team | Variation von Bundestrojaner gefunden - Durch Systemwiederherstellung gelöscht? Suche nach dieser Datei: C:\ComboFix.txt |
09.02.2013, 15:55 | #13 |
| Variation von Bundestrojaner gefunden - Durch Systemwiederherstellung gelöscht? Hmm... ich kann die Datei nicht finden, es existiert nur ein Ordner namens ComboFix. Und die ehemalige .txt Datei ComboFix war ohnehin leer (leeres Textdokument) und ist jetzt nicht mehr auffindbar. |
09.02.2013, 17:00 | #14 |
/// Helfer-Team | Variation von Bundestrojaner gefunden - Durch Systemwiederherstellung gelöscht? OK, Combofix loeschen, neu runterladen und ausfuehren! |
11.02.2013, 17:31 | #15 |
| Variation von Bundestrojaner gefunden - Durch Systemwiederherstellung gelöscht? Jetzt hat es geklappt, hier die Log-Datei: Code:
ATTFilter ComboFix 13-02-07.02 - *** 11.02.2013 17:20:20.2.6 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8191.6512 [GMT 1:00] ausgeführt von:: c:\users\***\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . ((((((((((((((((((((((( Dateien erstellt von 2013-01-11 bis 2013-02-11 )))))))))))))))))))))))))))))) . . 2074-05-18 15:44 . 2008-03-21 12:46 607296 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll 2013-02-11 16:24 . 2013-02-11 16:24 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-02 21:39 . 2013-02-02 21:39 -------- d-----w- c:\users\***\AppData\Roaming\GameRanger 2013-02-02 21:39 . 2012-12-28 20:42 372224 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires II\age2_x1\Fix.exe 2013-02-02 21:39 . 2012-12-26 13:46 2969600 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires II\age2_x1\age2_x2.exe 2013-02-02 21:39 . 2011-12-15 12:41 740420 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires II\Games\Forgotten Empires\Data\language_x1_p1.dll 2013-02-02 21:39 . 2012-12-13 21:57 90513 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires II\age2_x1\miniupnpc.dll 2013-02-02 21:39 . 2012-07-13 19:13 778752 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires II\age2_x1\Xwndmode.dll 2013-02-02 18:56 . 2013-02-02 18:55 963488 ----a-w- c:\windows\system32\deployJava1.dll 2013-02-02 18:56 . 2013-02-02 18:55 310688 ----a-w- c:\windows\system32\javaws.exe 2013-02-02 18:56 . 2013-02-02 18:55 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-02-02 18:56 . 2013-02-02 18:55 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-02-02 18:56 . 2013-02-02 18:55 188832 ----a-w- c:\windows\system32\javaw.exe 2013-02-02 18:56 . 2013-02-02 18:55 188320 ----a-w- c:\windows\system32\java.exe 2013-02-02 18:55 . 2013-02-02 18:55 -------- d-----w- c:\program files\Java 2013-01-29 20:22 . 2013-01-29 20:22 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-01-29 18:58 . 2013-01-30 12:30 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware 2013-01-29 13:42 . 2013-01-29 13:42 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes 2013-01-29 13:42 . 2013-01-29 13:42 -------- d-----w- c:\programdata\Malwarebytes 2013-01-29 13:42 . 2013-01-29 13:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-01-29 13:42 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-29 13:17 . 2013-01-29 13:17 -------- d-----w- C:\_OTL 2013-01-24 13:54 . 2013-01-24 13:54 -------- d-----w- c:\programdata\ATI 2013-01-24 13:53 . 2013-01-24 13:53 -------- d-----w- c:\program files (x86)\AMD AVT 2013-01-24 13:53 . 2013-01-24 13:53 -------- d-----w- c:\program files (x86)\AMD APP 2013-01-23 10:53 . 2013-01-23 10:53 -------- d-----w- c:\users\***\AppData\Roaming\WindSolutions 2013-01-23 10:37 . 2013-01-23 10:37 -------- d-----w- c:\programdata\WindSolutions 2013-01-17 11:48 . 2009-10-20 02:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2013-01-17 11:48 . 2010-03-19 02:00 55856 ------w- c:\windows\system32\drivers\PxHlpa64.sys 2013-01-17 11:48 . 2009-10-20 02:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys 2013-01-17 11:48 . 2013-01-17 11:48 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared 2013-01-17 11:48 . 2013-01-17 11:48 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-11 10:56 . 2012-04-10 15:59 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-11 10:56 . 2011-05-15 09:16 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-08 18:53 . 2011-04-30 20:07 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2013-02-08 18:53 . 2011-04-30 17:47 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2013-02-08 18:52 . 2011-04-30 17:47 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2013-01-09 21:19 . 2011-05-19 12:32 67599240 ----a-w- c:\windows\system32\MRT.exe 2012-12-19 20:50 . 2012-12-19 20:50 5630200 ----a-w- c:\windows\SysWow64\atiumdag.dll 2012-12-19 20:48 . 2012-12-19 20:48 11278336 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-12-19 20:29 . 2012-12-19 20:29 23461376 ----a-w- c:\windows\system32\atio6axx.dll 2012-12-19 20:22 . 2012-12-19 20:22 70144 ----a-w- c:\windows\system32\coinst_9.012.dll 2012-12-19 20:19 . 2012-12-19 20:19 163840 ----a-w- c:\windows\system32\atiapfxx.exe 2012-12-19 20:18 . 2012-12-19 20:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2012-12-19 20:18 . 2012-12-19 20:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2012-12-19 20:17 . 2012-12-19 20:17 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2012-12-19 20:17 . 2012-12-19 20:17 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2012-12-19 20:17 . 2012-12-19 20:17 16082944 ----a-w- c:\windows\system32\aticaldd64.dll 2012-12-19 20:13 . 2012-12-19 20:13 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll 2012-12-19 20:12 . 2012-12-19 20:12 18982400 ----a-w- c:\windows\SysWow64\atioglxx.dll 2012-12-19 20:09 . 2012-12-19 20:09 960512 ----a-w- c:\windows\SysWow64\aticfx32.dll 2012-12-19 20:08 . 2010-09-29 01:54 1151488 ----a-w- c:\windows\system32\aticfx64.dll 2012-12-19 20:06 . 2012-12-19 20:06 6681088 ----a-w- c:\windows\SysWow64\atidxx32.dll 2012-12-19 19:59 . 2012-12-19 19:59 5087744 ----a-w- c:\windows\system32\atiumd6a.dll 2012-12-19 19:57 . 2012-12-19 19:57 442368 ----a-w- c:\windows\system32\atidemgy.dll 2012-12-19 19:56 . 2012-12-19 19:56 550912 ----a-w- c:\windows\system32\atieclxx.exe 2012-12-19 19:56 . 2012-12-19 19:56 240640 ----a-w- c:\windows\system32\atiesrxx.exe 2012-12-19 19:54 . 2012-12-19 19:54 120320 ----a-w- c:\windows\system32\atitmm64.dll 2012-12-19 19:54 . 2012-12-19 19:54 21504 ----a-w- c:\windows\system32\atimuixx.dll 2012-12-19 19:54 . 2012-12-19 19:54 59392 ----a-w- c:\windows\system32\atiedu64.dll 2012-12-19 19:54 . 2012-12-19 19:54 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2012-12-19 19:49 . 2010-09-29 01:37 7370752 ----a-w- c:\windows\system32\atidxx64.dll 2012-12-19 19:44 . 2012-12-19 19:44 4162048 ----a-w- c:\windows\SysWow64\atiumdva.dll 2012-12-19 19:44 . 2012-12-19 19:44 6786560 ----a-w- c:\windows\system32\atiumd64.dll 2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\atimpc64.dll 2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\amdpcom64.dll 2012-12-19 19:33 . 2012-12-19 19:33 619008 ----a-w- c:\windows\system32\atiadlxx.dll 2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll 2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2012-12-19 19:33 . 2012-12-19 19:33 421888 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2012-12-19 19:33 . 2012-12-19 19:33 17920 ----a-w- c:\windows\system32\atig6pxx.dll 2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-12-19 19:33 . 2012-12-19 19:33 41984 ----a-w- c:\windows\system32\atig6txx.dll 2012-12-19 19:33 . 2012-12-19 19:33 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll 2012-12-19 19:32 . 2012-12-19 19:32 552960 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-12-19 19:31 . 2010-09-29 01:14 130048 ----a-w- c:\windows\system32\atiuxp64.dll 2012-12-19 19:31 . 2012-12-19 19:31 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2012-12-19 19:31 . 2012-12-19 19:31 104448 ----a-w- c:\windows\system32\atiu9p64.dll 2012-12-19 19:30 . 2011-07-28 20:53 83968 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2012-12-19 19:30 . 2012-12-19 19:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-12-19 14:45 . 2012-12-19 14:45 222720 ----a-w- c:\windows\system32\clinfo.exe 2012-12-19 14:44 . 2012-12-19 14:44 76288 ----a-w- c:\windows\system32\OpenVideo64.dll 2012-12-19 14:44 . 2012-12-19 14:44 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2012-12-19 14:44 . 2012-12-19 14:44 64000 ----a-w- c:\windows\system32\OVDecode64.dll 2012-12-19 14:44 . 2012-12-19 14:44 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll 2012-12-19 14:44 . 2012-12-19 14:44 34518016 ----a-w- c:\windows\system32\amdocl64.dll 2012-12-19 14:38 . 2012-12-19 14:38 28732928 ----a-w- c:\windows\SysWow64\amdocl.dll 2012-12-19 14:34 . 2012-12-19 14:34 54784 ----a-w- c:\windows\system32\OpenCL.dll 2012-12-19 14:34 . 2012-12-19 14:34 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll 2012-12-16 17:11 . 2012-12-21 17:54 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-21 17:54 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-21 17:54 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-21 17:54 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-07 13:20 . 2013-01-09 16:38 441856 ----a-w- c:\windows\system32\Wpc.dll 2012-12-07 13:15 . 2013-01-09 16:38 2746368 ----a-w- c:\windows\system32\gameux.dll 2012-12-07 12:26 . 2013-01-09 16:38 308736 ----a-w- c:\windows\SysWow64\Wpc.dll 2012-12-07 12:20 . 2013-01-09 16:38 2576384 ----a-w- c:\windows\SysWow64\gameux.dll 2012-12-07 11:20 . 2013-01-09 16:38 30720 ----a-w- c:\windows\system32\usk.rs 2012-12-07 11:20 . 2013-01-09 16:38 43520 ----a-w- c:\windows\system32\csrr.rs 2012-12-07 11:20 . 2013-01-09 16:37 23552 ----a-w- c:\windows\system32\oflc.rs 2012-12-07 11:20 . 2013-01-09 16:38 45568 ----a-w- c:\windows\system32\oflc-nz.rs 2012-12-07 11:20 . 2013-01-09 16:38 44544 ----a-w- c:\windows\system32\pegibbfc.rs 2012-12-07 11:20 . 2013-01-09 16:37 20480 ----a-w- c:\windows\system32\pegi-fi.rs 2012-12-07 11:20 . 2013-01-09 16:38 20480 ----a-w- c:\windows\system32\pegi-pt.rs 2012-12-07 11:19 . 2013-01-09 16:38 20480 ----a-w- c:\windows\system32\pegi.rs 2012-12-07 11:19 . 2013-01-09 16:38 46592 ----a-w- c:\windows\system32\fpb.rs 2012-12-07 11:19 . 2013-01-09 16:38 40960 ----a-w- c:\windows\system32\cob-au.rs 2012-12-07 11:19 . 2013-01-09 16:38 21504 ----a-w- c:\windows\system32\grb.rs 2012-12-07 11:19 . 2013-01-09 16:38 15360 ----a-w- c:\windows\system32\djctq.rs 2012-12-07 11:19 . 2013-01-09 16:37 55296 ----a-w- c:\windows\system32\cero.rs 2012-12-07 11:19 . 2013-01-09 16:37 51712 ----a-w- c:\windows\system32\esrb.rs 2012-12-07 10:46 . 2013-01-09 16:38 43520 ----a-w- c:\windows\SysWow64\csrr.rs 2012-12-07 10:46 . 2013-01-09 16:38 30720 ----a-w- c:\windows\SysWow64\usk.rs 2012-12-07 10:46 . 2013-01-09 16:38 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs 2012-12-07 10:46 . 2013-01-09 16:38 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs 2012-12-07 10:46 . 2013-01-09 16:38 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs 2012-12-07 10:46 . 2013-01-09 16:37 23552 ----a-w- c:\windows\SysWow64\oflc.rs 2012-12-07 10:46 . 2013-01-09 16:37 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs 2012-12-07 10:46 . 2013-01-09 16:38 46592 ----a-w- c:\windows\SysWow64\fpb.rs 2012-12-07 10:46 . 2013-01-09 16:38 20480 ----a-w- c:\windows\SysWow64\pegi.rs 2012-12-07 10:46 . 2013-01-09 16:38 21504 ----a-w- c:\windows\SysWow64\grb.rs 2012-12-07 10:46 . 2013-01-09 16:38 40960 ----a-w- c:\windows\SysWow64\cob-au.rs 2012-12-07 10:46 . 2013-01-09 16:38 15360 ----a-w- c:\windows\SysWow64\djctq.rs 2012-12-07 10:46 . 2013-01-09 16:37 55296 ----a-w- c:\windows\SysWow64\cero.rs 2012-12-07 10:46 . 2013-01-09 16:37 51712 ----a-w- c:\windows\SysWow64\esrb.rs 2012-11-30 05:45 . 2013-01-09 16:37 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-11-30 05:45 . 2013-01-09 16:37 243200 ----a-w- c:\windows\system32\wow64.dll 2012-11-30 05:45 . 2013-01-09 16:37 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2012-11-30 05:45 . 2013-01-09 16:37 215040 ----a-w- c:\windows\system32\winsrv.dll 2012-11-30 05:43 . 2013-01-09 16:37 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2012-11-30 05:41 . 2013-01-09 16:37 424448 ----a-w- c:\windows\system32\KernelBase.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-11-23 652048] "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-09-30 393216] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-06-14 5309056] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288] "BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168] "ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736] "Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x] R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216] R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-07-18 27760] S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-07-18 86224] S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-07-18 465360] S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe [2012-11-22 1522312] S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe [2012-11-22 905864] S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680] . . Inhalt des "geplante Tasks" Ordners . 2013-02-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 10:56] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768] "ISW"="" [BU] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Free YouTube Download - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vym8tsne.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: network.proxy.type - 2 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . URLSearchHooks-{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - (no file) WebBrowser-{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - (no file) AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-2714413572-685484061-1826461873-1000\Software\SecuROM\License information*] "datasecu"=hex:06,cc,ee,96,e6,09,21,ac,19,88,c8,c8,7e,9d,4b,e1,50,c9,20,70,ac, 4f,9a,23,b7,ca,91,39,28,89,37,63,3f,f5,4c,aa,54,b2,f3,a7,b6,1c,85,95,37,72,\ "rkeysecu"=hex:70,49,b2,8c,ed,6e,b5,71,b8,de,28,04,75,85,e0,1b . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-02-11 17:26:51 ComboFix-quarantined-files.txt 2013-02-11 16:26 . Vor Suchlauf: 15 Verzeichnis(se), 1.814.680.707.072 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 1.814.257.246.208 Bytes frei . - - End Of File - - AEF015DA11BDD6D417304CF44DD2594E |
Themen zu Variation von Bundestrojaner gefunden - Durch Systemwiederherstellung gelöscht? |
adobe, antivir, autorun, avira, avira searchfree toolbar, bho, bonjour, ccc.exe, converter, dealply, down, firefox, flash player, galaxy, home, launch, logfile, mom.exe, mozilla, object, plug-in, realtek, recycle.bin, registry, scan, security, senden, sicherheit, software, trojan.sirefef.of, usb, windows |