|
Plagegeister aller Art und deren Bekämpfung: trojan.reveton (malewarebytes)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.05.2013, 13:02 | #1 |
| trojan.reveton (malewarebytes) hallo, i hatte vor monaten einen " polizei" virus den habe ich manuell gelöscht und mit dem iwas von der registery, weil mein system beim neustart sagt, dass iwelche colololo.dat nicht gestartet werden kann (genaue meldung poste ich gleich) . Rundll: Problem beim starten von C:\PROGRA~3\colololo.dat Das angegebene Modul wurde nicht gefunden jetzt habe ich zufällig malewarebytes laufen lassen, und habe eine trojan.reveton gefunden. habe ihn 2 mal per malewarebytes gelöscht, aber er ist nach 2 mal löschen immernoch da. 1. hat das erst mit dem zweiten iwas zu tun? 2. wie kann ich beides beheben? log von malw.bytes: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.27.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Yevgeniy :: ***-PC [Administrator] 27.05.2013 12:26:36 mbam-log-2013-05-27 (12-26-36).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 524253 Laufzeit: 1 Stunde(n), 7 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 6 C:\Users\Yevgeniy\AppData\Local\Temp\MasEwXuK.exe.part (PUP.FakeFlash.Domaiq) -> Keine Aktion durchgeführt. E:\Downloads\aibolit_XP.rar (Malware.Tool) -> Erfolgreich gelöscht und in Quarantäne gestellt. E:\Downloads\L2EasyFun_Connect_v5.rar (VirTool.Vbcrypt) -> Erfolgreich gelöscht und in Quarantäne gestellt. E:\Programs\aibolit_XP.rar (Malware.Tool) -> Erfolgreich gelöscht und in Quarantäne gestellt. E:\RECYCLER\S-1-5-21-1177238915-362288127-682003330-1003\Dd85\sp3_aktiv\sp3_activ\Antiwpa-3.4.6_for_X64_and_X86.zip (PUP.Wpakill) -> Erfolgreich gelöscht und in Quarantäne gestellt. E:\RECYCLER\S-1-5-21-343818398-308236825-1801674531-1003\De51.6221\Alcohol120_retail_1.9.7.6221.exe (Malware.Packer.GenX) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
27.05.2013, 13:05 | #2 |
/// Helfer-Team | trojan.reveton (malewarebytes)Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
__________________ |
27.05.2013, 15:13 | #3 |
| trojan.reveton (malewarebytes) sry leute, aber der reveton ist iwie weg ( hab 2mal löschen lassen er ging nicht weg doch beim 3ten mal nichts mehr da)
__________________aber das mit colol ist nocht da. sry, dass ich diese logs nicht in meinem 1sten post editiert hab (ka es ging nicht mehr (der knopf war nicht mehr zu sehen)) OTL:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.05.2013 16:07:34 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\X\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 4,10 Gb Available Physical Memory | 68,41% Memory free 11,99 Gb Paging File | 9,82 Gb Available in Paging File | 81,89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 439,35 Gb Total Space | 305,52 Gb Free Space | 69,54% Space Free | Partition Type: NTFS Drive D: | 29,29 Gb Total Space | 9,22 Gb Free Space | 31,46% Space Free | Partition Type: NTFS Drive E: | 203,58 Gb Total Space | 72,28 Gb Free Space | 35,50% Space Free | Partition Type: NTFS Drive F: | 492,06 Gb Total Space | 272,14 Gb Free Space | 55,31% Space Free | Partition Type: NTFS Computer Name: YEVGENIY-PC | User Name: Yevgeniy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-4087376310-340460148-1176917525-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- F:\Cannon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- F:\Cannon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{069073E9-AA1E-4284-BC10-B569C02D5FAC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{701E8A72-EE45-4A12-85F9-BDBBEA38ADBC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{A9146BC4-FC97-4F40-A14F-D947E760B479}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03005217-E281-454B-83D7-72AF5F6DA7B4}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{04B7B6CF-E753-4EDB-856B-C95A4F832BDC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{1384DE7C-2C22-410D-9D06-78236BF821F5}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{13FA70B2-1E13-4DB3-8DCF-B40057E320F6}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{16DEE351-8062-477B-906B-FB95793CF03B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{1823F409-9B3B-41E7-B6DC-73FEF0964B2D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | "{1A673FF9-3258-4F31-8F6D-D5B4CA444660}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{222CF9C9-296D-44D5-BCB1-D927095E4B30}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | "{27B4CB23-537D-4688-9706-6DB76A4C9A08}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | "{35B98482-84AC-43A8-AF47-605313EB5345}" = protocol=17 | dir=in | app=f:\sc2n\starcraft ii public test.exe | "{41CA64E5-A730-4DC6-B142-FEFFF5F0D841}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{423DDF94-9B4C-4EEA-8A5A-B8E8A840EB5F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | "{43F596F1-5010-4190-8A99-7AC9E4FC5C11}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{4508CB01-2EBF-4443-8BBE-DD2ED299D750}" = dir=in | app=c:\program files (x86)\protected search\protectedsearch.exe | "{4A052B64-5F26-452C-8FC9-8381129BAB70}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "{5CB7775D-9B89-4A08-B84A-67763C60B9C1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "{679CE6FA-8F6D-4AB1-907A-79D3A67ACEC5}" = dir=in | app=c:\program files (x86)\protected search\protectedsearch.exe | "{72600B0D-DE69-4638-BBC0-E02CE048C107}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "{76FBBFF9-5288-400B-8E1C-0608A9250836}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{78E08D34-D9D1-459A-9A7E-44CEFD4D361D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{833E3F14-3637-4EFE-8690-58021F48A197}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{8C23A3B2-C97B-41A8-BEDA-216C9BBE25F6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{955C35C3-E2AF-41D9-A927-EAC58FBDFBCA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{96A9EA19-1477-477A-9A4E-BBEF4CA5A9CA}" = protocol=17 | dir=in | app=f:\diablo 3\diablo iii\diablo iii.exe | "{97A24F25-3BB1-45BD-9A86-993458297E72}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{98B564C7-1A36-4BA9-A91F-DBE36645E2D3}" = dir=in | app=f:\darksouls p2d\darksouls.exe | "{99685933-D82D-41E4-B660-017E6C492216}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | "{9CBBC940-100A-43DF-89AC-913C9421946D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{A66CBCF2-4261-493F-9E4E-F01377C34B30}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{B14614F8-67A1-4086-BEFF-6EF8AEFB3BFA}" = protocol=6 | dir=in | app=f:\sc2n\starcraft ii public test.exe | "{B8E81747-90E6-4A91-B511-AA0973D21B09}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{BAF0A65E-FC94-464B-A9ED-0C5F62F749FA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | "{BD50FF93-5B55-4F9E-90AB-911BAD67D96B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | "{C9813AE4-846A-428A-9B3A-D26DC105564A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{C9A9B1DC-6C98-4374-B226-2B5B12B3B981}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{CDB65D69-D6AC-430E-B30B-F0020279D9D0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{CE05130C-90CE-4B33-8F8B-D669616E74AB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{D6E9059C-3329-4937-8C89-56187991DBFE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{DB9F91B7-C674-4EC9-8A6D-D152ACE950B0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{DF144460-E4E3-4C35-8DB4-FF78EA766472}" = protocol=6 | dir=in | app=f:\diablo 3\diablo iii\diablo iii.exe | "{DFF6A620-3D4C-4D29-BAAB-91E44CFC6C2C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{E494BCE7-C341-4811-B47E-5C8A7BD73B8A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{E9EC43B3-5931-4AAD-BC13-0FAC12F491BC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | "{EAE3E425-BF6A-4F1B-9353-83F9E7738D6B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "{EC9E8422-E9ED-47BD-9287-CB70C649C8C6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{F873A6C2-12E9-4880-9AE5-12EB80BA0DB2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "TCP Query User{00CE26EB-6DB9-4FF2-8FD1-DF01ABF1FF92}F:\sc2n\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=f:\sc2n\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | "TCP Query User{0E9FD02B-50EF-4354-8080-913CD50DF2BC}F:\sc2n\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=f:\sc2n\versions\base23260\sc2.exe | "TCP Query User{1101F787-89B7-4043-9F26-A179AA242770}F:\stuff\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=f:\stuff\lolreplay\lolreplay.exe | "TCP Query User{24E0A753-791A-4571-83A9-D9FE7CAC6389}F:\sc2n\starcraft ii.exe" = protocol=6 | dir=in | app=f:\sc2n\starcraft ii.exe | "TCP Query User{3DE1158D-F035-48CD-8041-4DE8297EE009}F:\darksouls p2d\data.exe" = protocol=6 | dir=in | app=f:\darksouls p2d\data.exe | "TCP Query User{3ED2EE7A-3220-41AC-B1E9-D33B19959595}F:\sc2n\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=f:\sc2n\versions\base24944\sc2.exe | "TCP Query User{46616DF3-8D3F-4899-9A08-309E8F0B47C9}F:\sc2n\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=f:\sc2n\versions\base22612\sc2.exe | "TCP Query User{5B16E591-BF73-4796-8A6C-8629DB2AE05C}F:\sc2n\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=f:\sc2n\versions\base21029\sc2.exe | "TCP Query User{710CE963-B3D8-421D-B872-7C1E589E89DB}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "TCP Query User{7CC154AB-43A4-4806-B758-ED7E298BD8F3}F:\prototype 2\prototype2.exe" = protocol=6 | dir=in | app=f:\prototype 2\prototype2.exe | "TCP Query User{87E6E07E-7A2F-4177-85D4-6FE418D46F8F}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "TCP Query User{A32C1BFA-0A22-4051-89D1-6FA73C7C1C03}F:\sc2n\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=f:\sc2n\support\blizzarddownloader.exe | "TCP Query User{A3BE8C1A-2120-4CB5-A5C4-A9E242161583}F:\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=f:\diablo iii\diablo iii.exe | "TCP Query User{AAE1D9F9-4CDF-43AB-B25D-03A993A4DAD0}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | "TCP Query User{B0421E40-49C5-47E0-83B9-FF221DE36D90}C:\users\yevgeniy\desktop\t era\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\users\yevgeniy\desktop\t era\tera\tera-launcher.exe | "TCP Query User{ED9198D3-89BD-4B1F-AC52-5FB9D8177DCE}F:\dead space 2\ea games\dead space 2\deadspace2.exe" = protocol=6 | dir=in | app=f:\dead space 2\ea games\dead space 2\deadspace2.exe | "TCP Query User{F2B6AF6A-82CA-4ABB-8067-3CC6DA49DAB1}F:\t era\tera\tera-launcher.exe" = protocol=6 | dir=in | app=f:\t era\tera\tera-launcher.exe | "UDP Query User{03E5EAEF-8293-470A-B482-EA0A56EDBD1F}F:\darksouls p2d\data.exe" = protocol=17 | dir=in | app=f:\darksouls p2d\data.exe | "UDP Query User{0475EAFC-B1F9-479A-A194-FFB78E01B854}F:\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=f:\diablo iii\diablo iii.exe | "UDP Query User{36D9162C-8CDD-4E3E-990B-6ED1943E3FA1}F:\sc2n\starcraft ii.exe" = protocol=17 | dir=in | app=f:\sc2n\starcraft ii.exe | "UDP Query User{3893D542-AEAE-47A8-A511-A4B683FCAB25}F:\sc2n\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=f:\sc2n\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | "UDP Query User{437C2251-97B3-443A-AD92-5FD59B5F7267}F:\stuff\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=f:\stuff\lolreplay\lolreplay.exe | "UDP Query User{47EBDA28-1682-4B46-B8FD-BFB2A88C0E17}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "UDP Query User{49A1CC68-F278-4467-A92D-6A981551F378}F:\t era\tera\tera-launcher.exe" = protocol=17 | dir=in | app=f:\t era\tera\tera-launcher.exe | "UDP Query User{4E2358A8-7936-4316-9908-87B36D640338}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | "UDP Query User{5EBA6F08-4D71-44B7-8FFC-A906CD2DE10B}C:\users\yevgeniy\desktop\t era\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\users\yevgeniy\desktop\t era\tera\tera-launcher.exe | "UDP Query User{7CAF381F-471A-43C5-86A5-14DC279FCCE3}F:\sc2n\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=f:\sc2n\versions\base21029\sc2.exe | "UDP Query User{83764F8E-2A19-47E0-BF8F-AE43A7B4F7B1}F:\sc2n\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=f:\sc2n\versions\base22612\sc2.exe | "UDP Query User{A89F5631-047C-4675-9E38-6E10849FCB9F}F:\sc2n\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=f:\sc2n\versions\base23260\sc2.exe | "UDP Query User{C8413CCE-6E9C-46AA-B329-9BE685B74669}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "UDP Query User{D2DF884B-5E5D-4A7C-8AAA-E0DF93297482}F:\prototype 2\prototype2.exe" = protocol=17 | dir=in | app=f:\prototype 2\prototype2.exe | "UDP Query User{EA44D316-0CF7-40AC-820E-1103FBF2C365}F:\sc2n\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=f:\sc2n\versions\base24944\sc2.exe | "UDP Query User{F0978B8E-2B72-41CD-B6E3-9E43C108BDC2}F:\dead space 2\ea games\dead space 2\deadspace2.exe" = protocol=17 | dir=in | app=f:\dead space 2\ea games\dead space 2\deadspace2.exe | "UDP Query User{F491FD47-7599-4274-9816-9E4752D93AC9}F:\sc2n\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=f:\sc2n\support\blizzarddownloader.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1701BD02-09B9-B25B-8290-C7D6A33C5A75}" = AMD Catalyst Install Manager "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety "{2394E621-62FE-72DF-057F-F51EB4BD2077}" = AMD Accelerated Video Transcoding "{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.572 "{3FF70821-58E6-44DA-B512-095F547F3F18}" = Microsoft Camera Codec Pack "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5B97A291-F6D0-C734-922E-765BF8AF3106}" = AMD Drag and Drop Transcoding "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{7C8B4C37-0C40-2BEA-C6F3-56EAD395BC56}" = ccc-utility64 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8BB347A7-68B5-4E46-9FCC-17F6172BA9E1}" = Share64 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A44E3BC0-77C3-3F36-2034-4F8F578B7D1B}" = AMD Media Foundation Decoders "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B457D49F-00E2-0FF2-4234-C20FC0702E2E}" = AMD Fuel "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "ASRock App Charger_is1" = ASRock App Charger v1.0.4 "CCleaner" = CCleaner "EPSON SX235 Series" = Druckerdeinstallation für EPSON SX235 Series "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Speccy" = Speccy "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR 4.11 (64-Bit) "WNLT" = IB Updater Service [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{AA902C31-B49D-4608-BCCF-2519EB77722D}" = Corel VideoStudio Pro X4 "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0f2d7150-ef69-406d-abd8-3d6627a6031c}" = Free YouTube Download Manager "{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}" = Microsoft Application Compatibility Toolkit 5.6 "{10621ADB-04B8-94B5-0520-E799FBCFE366}" = CCC Help German "{15E63A3E-5FEC-FC64-C09D-757F2753DA10}" = CCC Help Italian "{16F3A269-C49C-3EA8-76B6-3006007CE201}" = CCC Help Portuguese "{1A44135B-3127-9AEE-5686-F64DA4F262CA}" = Catalyst Control Center Graphics Previews Common "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21 "{29EF24BB-EF96-0D83-4142-2488827609B1}" = CCC Help Dutch "{2F2AE1BD-90B2-F4C0-3D32-4653B5B65AB1}" = Catalyst Control Center InstallProxy "{2F56F921-7281-17D7-C628-EDC320DB1AF3}" = CCC Help French "{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5 "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{33126DA3-B1C3-A57F-B8DD-8D10B00698DC}" = AMD VISION Engine Control Center "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3990E632-42C3-4A25-ADFF-1101E3D6DD47}" = VSClassic "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4E4D0FA1-6B85-4824-88FC-051000018201}" = Dark Souls Prepare to Die Edition "{4E4D0FA1-F880-4CCB-999A-501000008200}" = Dark Souls Prepare to Die Edition "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{5070FEB6-D861-648C-95EA-D08B15139677}" = CCC Help Turkish "{507A4C55-8DAF-1607-0B3B-36F975039B2D}" = CCC Help Korean "{56BB049F-DAD3-4D9E-BC83-E4D778EAE0BD}" = CCC Help Norwegian "{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver "{5DE28421-7661-5A77-F667-5FDC46170AD8}" = CCC Help Swedish "{5EA47F98-C7D2-2C53-0316-CF59E197116D}" = CCC Help Finnish "{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A7DF5D8-2DDA-56C0-CC4A-667EC297787D}" = CCC Help Thai "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7A8A86CF-71B4-4517-919F-43E493547346}" = CCC Help Danish "{7D5BFB15-8BC7-2170-144F-7F585FE9FDF1}" = CCC Help Japanese "{7E77E37C-1806-ADFD-C98B-5F1465781D8F}" = CCC Help Chinese Traditional "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{8A0B485A-639F-751F-7CA9-744F15BC54F8}" = CCC Help Czech "{8BFFC140-7C6F-CCB0-B85B-2AE63922C919}" = CCC Help Hungarian "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E4F1F84-B054-5875-ABF4-1246B3CFD48E}" = CCC Help Russian "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93DE6349-A17B-8CA8-181F-6DB7A2E1F1C7}" = Catalyst Control Center Localization All "{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{95140000-0137-0407-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter "{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX "{9641FD7C-CA09-48B7-BD42-91AA8EF12685}" = Mouse Driver "{97E21DF5-574A-67C2-6ECC-0AC11F0ABF3C}" = CCC Help Polish "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA "{A567895C-1D23-48ED-BE83-FB3ED7D30442}" = IPM_VS_Pro "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA902C31-B49D-4608-BCCF-2519EB77722D}" = ICA "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{B0125BEB-6731-43FA-88DA-B64D7BD3AD2D}" = VSPro "{B051D1F8-8A3D-096B-1BC5-15F111F4EE2D}" = CCC Help Greek "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6 "{B56BA529-977E-4276-0325-A94BF57E1B65}" = CCC Help Spanish "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B84ECBE1-6ED5-4E86-B4AB-DF46D342411F}" = Share "{B87FAC24-973D-4A4F-AFC4-555FB95B32DB}" = PureHD "{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C4778408-3268-45CE-AE15-772D1739A1F1}" = VIO "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C6017EEA-9E51-4129-84BA-EFA9520E69D8}" = Common "{CC4C7E9B-4B26-4D8D-8076-40CF708A9FA4}" = Contents "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D07F85DE-22F1-4FB4-B3D1-402FD22C4870}" = DeviceIO "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility "{D52C3F5A-9BC3-45E4-B923-7B5E935D3763}" = Free YouTube Download Manager "{D68897FC-7E8D-4849-819A-726B2489713C}" = ISCOM "{D8D9BCF5-0F5F-4D3F-8427-64B7632F93BE}" = Setup "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DF39232B-EF90-9DE2-DC06-353F5CDFF39A}" = HydraVision "{E04810F9-4BAC-C803-82F1-241041A44897}" = CCC Help English "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{ED2A4AA9-11F8-8338-0B18-CD9C543E876E}" = CCC Help Chinese Standard "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}" = Sound Blaster X-Fi MB "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{F9F5EF72-18CF-4DCF-A721-EC86B94DAC46}" = Splashtop Connect IE "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.66 "ASRock InstantBoot_is1" = ASRock InstantBoot v1.26 "AviSynth" = AviSynth 2.5 "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX "CameraWindowLauncher" = Canon Utilities CameraWindow "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "Canon MOV Decoder" = Canon MOV Decoder "Cockatrice" = Cockatrice "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "DAEMON Tools Lite" = DAEMON Tools Lite "Diablo III" = Diablo III "DPP" = Canon Utilities Digital Photo Professional 3.6 "ENTERPRISE" = Microsoft Office Enterprise 2007 "EOS Utility" = Canon Utilities EOS Utility "EPSON Scanner" = EPSON Scan "Free Video to Sony PSP Converter_is1" = Free Video to Sony PSP Converter version 5.0.17.903 "GeoGebra 4.2" = GeoGebra 4.2 "GFWL_{4E4D0FA1-F880-4CCB-999A-501000008200}" = Dark Souls Prepare to Die Edition "InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5 "InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data "LOLReplay" = LOLReplay "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MyCamera" = Canon Utilities MyCamera "PhotoStitch" = Canon Utilities PhotoStitch "Picture Style Editor" = Canon Utilities Picture Style Editor "Protected Search_is1" = Protected Search 1.1 "RaidCall" = RaidCall "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX "StarCraft II" = StarCraft II "uTorrent" = µTorrent "Wajam" = Wajam "WFTK" = Canon Utilities WFT-E1/E2/E3/E4 Utility "Windows 7 - Codec Pack" = Windows 7 Codec Pack 4.0.2 "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinGimp-2.0_is1" = GIMP 2.6.12 "WinLiveSuite" = Windows Live Essentials "XFastUsb" = XFastUsb "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 03.03.2013 03:30:06 | Computer Name = Yevgeniy-PC | Source = WinMgmt | ID = 10 Description = Error - 04.03.2013 01:45:29 | Computer Name = Yevgeniy-PC | Source = WinMgmt | ID = 10 Description = Error - 04.03.2013 05:27:04 | Computer Name = Yevgeniy-PC | Source = WinMgmt | ID = 10 Description = Error - 04.03.2013 16:33:07 | Computer Name = Yevgeniy-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 19.0.0.4794, Zeitstempel: 0x511ed1c1 Name des fehlerhaften Moduls: xul.dll, Version: 19.0.0.4794, Zeitstempel: 0x511ed0fe Ausnahmecode: 0xc0000005 Fehleroffset: 0x00155858 ID des fehlerhaften Prozesses: 0x210 Startzeit der fehlerhaften Anwendung: 0x01ce18e12b2619b7 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung: b841b633-850a-11e2-bd0c-002522dddf34 Error - 05.03.2013 01:49:05 | Computer Name = Yevgeniy-PC | Source = WinMgmt | ID = 10 Description = Error - 05.03.2013 06:38:46 | Computer Name = Yevgeniy-PC | Source = WinMgmt | ID = 10 Description = Error - 06.03.2013 01:07:12 | Computer Name = Yevgeniy-PC | Source = WinMgmt | ID = 10 Description = Error - 06.03.2013 11:56:39 | Computer Name = Yevgeniy-PC | Source = WinMgmt | ID = 10 Description = Error - 07.03.2013 01:35:44 | Computer Name = Yevgeniy-PC | Source = WinMgmt | ID = 10 Description = Error - 07.03.2013 06:00:46 | Computer Name = Yevgeniy-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 27.05.2013 05:18:27 | Computer Name = Yevgeniy-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: PxHelp20 Error - 27.05.2013 06:22:02 | Computer Name = Yevgeniy-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\PxHelp20.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 27.05.2013 06:22:05 | Computer Name = Yevgeniy-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\PxHelp20.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 27.05.2013 06:22:25 | Computer Name = Yevgeniy-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: PxHelp20 Error - 27.05.2013 08:03:21 | Computer Name = Yevgeniy-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\PxHelp20.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 27.05.2013 08:03:24 | Computer Name = Yevgeniy-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\PxHelp20.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 27.05.2013 08:03:44 | Computer Name = Yevgeniy-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: PxHelp20 Error - 27.05.2013 09:15:38 | Computer Name = Yevgeniy-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\PxHelp20.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 27.05.2013 09:15:40 | Computer Name = Yevgeniy-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\PxHelp20.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 27.05.2013 09:16:00 | Computer Name = Yevgeniy-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: PxHelp20 < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.05.2013 16:07:34 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\X\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 4,10 Gb Available Physical Memory | 68,41% Memory free 11,99 Gb Paging File | 9,82 Gb Available in Paging File | 81,89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 439,35 Gb Total Space | 305,52 Gb Free Space | 69,54% Space Free | Partition Type: NTFS Drive D: | 29,29 Gb Total Space | 9,22 Gb Free Space | 31,46% Space Free | Partition Type: NTFS Drive E: | 203,58 Gb Total Space | 72,28 Gb Free Space | 35,50% Space Free | Partition Type: NTFS Drive F: | 492,06 Gb Total Space | 272,14 Gb Free Space | 55,31% Space Free | Partition Type: NTFS Computer Name: YEVGENIY-PC | User Name: Yevgeniy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Yevgeniy\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Yevgeniy\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001 (Macrovision Europe Ltd.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Web Assistant\ExtensionUpdaterService.exe () PRC - C:\Program Files (x86)\Protected Search\ProtectedSearch.exe (Simplygen) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.) PRC - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs) PRC - C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe (Splashtop Inc.) PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.) PRC - C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe (Splashtop Inc.) PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Mouse Driver\KMProcess.exe (UASSOFT.COM) PRC - C:\Program Files (x86)\Mouse Driver\KMConfig.exe (UASSOFT.COM) PRC - C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe (UASSOFT.COM) PRC - C:\Program Files (x86)\Mouse Driver\StartAutorun.exe (UASSOFT.COM) PRC - C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation) ========== Modules (No Company Name) ========== MOD - C:\Users\Yevgeniy\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0064\~df394b.tmp () MOD - C:\Users\Yevgeniy\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0064\~de6248.tmp () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () MOD - C:\Program Files (x86)\Protected Search\InstallHelper.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\SysWOW64\APOMngr.DLL () MOD - C:\Windows\SysWOW64\CmdRtr.DLL () MOD - C:\Program Files (x86)\Mouse Driver\keydll.dll () MOD - C:\Program Files (x86)\Mouse Driver\MouseHook.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SystemStoreService) -- C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe () SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Web Assistant) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe () SRV - (HiPatchService) -- F:\SmiteFire\HiPatchService.exe (Hi-Rez Studios) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (WajamUpdater) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe (Wajam) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (Sound Blaster X-Fi MB Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (WCUService_STC_IE) -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe (Splashtop Inc.) SRV - (SCBackService) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe (Splashtop Inc.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (KMWDSERVICE) -- C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe (UASSOFT.COM) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (FNETTBOH_305) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS (FNet Co., Ltd.) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (FNETURPX) -- C:\Windows\SysNative\drivers\FNETURPX.SYS (FNet Co., Ltd.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (AsrAppCharger) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV - (AODDriver4.2) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (AODDriver4.0) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (PxHelp20) -- C:\Windows\SysWOW64\drivers\pxhelp20.sys (Sonic Solutions) DRV - (usbhub) -- C:\Windows\SysWOW64\drivers\usbhub.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Google IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = Certified-Toolbar Search IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = Certified-Toolbar Search IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = Certified-Toolbar Search IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = Certified-Toolbar Search IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = Certified-Toolbar Search IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.certified-toolbar.com?si=42820&st=bs&tid=3347&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4087376310-340460148-1176917525-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google IE - HKU\S-1-5-21-4087376310-340460148-1176917525-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Google IE - HKU\S-1-5-21-4087376310-340460148-1176917525-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\S-1-5-21-4087376310-340460148-1176917525-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = Certified-Toolbar Search IE - HKU\S-1-5-21-4087376310-340460148-1176917525-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-4087376310-340460148-1176917525-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKU\S-1-5-21-4087376310-340460148-1176917525-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-4087376310-340460148-1176917525-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 1A 73 43 3A 0D CE 01 [binary data] IE - HKU\S-1-5-21-4087376310-340460148-1176917525-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google IE - HKU\S-1-5-21-4087376310-340460148-1176917525-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = Certified-Toolbar Search IE - HKU\S-1-5-21-4087376310-340460148-1176917525-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = Certified-Toolbar Search IE - HKU\S-1-5-21-4087376310-340460148-1176917525-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = Certified-Toolbar Search IE - HKU\S-1-5-21-4087376310-340460148-1176917525-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = Certified-Toolbar Search IE - HKU\S-1-5-21-4087376310-340460148-1176917525-1000\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.) IE - HKU\S-1-5-21-4087376310-340460148-1176917525-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-4087376310-340460148-1176917525-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.certified-toolbar.com?si=42820&st=bs&tid=3347&q={searchTerms} IE - HKU\S-1-5-21-4087376310-340460148-1176917525-1000\..\SearchScopes\{3505C6E3-B874-443a-8BD5-B8E6A3C0E694}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A6976579318&ie=UTF-8&q=&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A6976579318&q={searchTerms} IE - HKU\S-1-5-21-4087376310-340460148-1176917525-1000\..\SearchScopes\{6A9BC2BE-5F38-4c0a-A6B2-9F49A29D977E}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK IE - HKU\S-1-5-21-4087376310-340460148-1176917525-1000\..\SearchScopes\{6AD54489-2D24-4708-9BE2-495DEC2E0D7D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=NCH2&o=APN10013&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ACC&apn_dtid=^YYYYYY^YY^DE&apn_uid=8c991770-1289-4796-a3bf-db1567629d99&apn_sauid=2B7B1C27-9441-471A-920E-13D9207C73BA IE - HKU\S-1-5-21-4087376310-340460148-1176917525-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH IE - HKU\S-1-5-21-4087376310-340460148-1176917525-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..CT3282494.browser.search.defaultthis.engineName: "true" FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.defaultthis.engineName: "NCH_DE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282494&SearchSource=3&q={searchTerms}&CUI=UN25498997302148831" FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: false FF - prefs.js..browser.startup.homepage: "google.com" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..keyword.URL: "hxxp://search.certified-toolbar.com?si=42820&tid=3347&st=bs&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: F:\Cannon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Yevgeniy\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2013.03.01 02:00:30 | 000,000,000 | ---D | M] 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2013.03.01 02:00:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2013.03.01 02:00:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\Web Assistant\Firefox [2013.03.01 02:00:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.24 00:39:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.24 00:39:16 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.26 14:58:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yevgeniy\AppData\Roaming\mozilla\Extensions [2013.05.22 13:14:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yevgeniy\AppData\Roaming\mozilla\Firefox\Profiles\nrxypbj6.default\extensions [2013.05.22 13:14:58 | 000,000,000 | ---D | M] (NCH_DE) -- C:\Users\Yevgeniy\AppData\Roaming\mozilla\Firefox\Profiles\nrxypbj6.default\extensions\{3efefe31-d81e-4bd7-918f-d588cb409f39} [2013.02.21 08:47:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yevgeniy\AppData\Roaming\mozilla\Firefox\Profiles\nrxypbj6.default\extensions\{3efefe31-d81e-4bd7-918f-d588cb409f39}.oldbackup [2013.02.23 12:25:11 | 000,002,412 | ---- | M] () -- C:\Users\Yevgeniy\AppData\Roaming\mozilla\firefox\profiles\nrxypbj6.default\searchplugins\askcom.xml [2013.02.20 20:00:56 | 000,000,971 | ---- | M] () -- C:\Users\Yevgeniy\AppData\Roaming\mozilla\firefox\profiles\nrxypbj6.default\searchplugins\conduit.xml [2013.03.28 22:07:56 | 000,003,265 | ---- | M] () -- C:\Users\Yevgeniy\AppData\Roaming\mozilla\firefox\profiles\nrxypbj6.default\searchplugins\Web Search.xml [2013.05.24 00:39:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.05.24 00:39:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.05.24 00:39:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.24 00:39:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.03.28 22:07:56 | 000,003,265 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml O1 HOSTS File: ([2013.02.17 21:23:49 | 000,001,028 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 lmlicenses.wip4.adobe.com O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll () O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Splashtop Connect VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (Splashtop Inc.) O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd) O4 - HKLM..\Run: [KMCONFIG] C:\Program Files (x86)\Mouse Driver\StartAutorun.exe KMConfig.exe File not found O4 - HKLM..\Run: [RaidCall] F:\raidcall\raidcall.exe (RAIDCALL.COM) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [STCAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe (Splashtop Inc.) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKLM..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.) O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4087376310-340460148-1176917525-1000..\Run: [ASRockXTU] File not found O4 - HKU\S-1-5-21-4087376310-340460148-1176917525-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-4087376310-340460148-1176917525-1000..\Run: [EPSON SX235 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /FU "C:\Users\Yevgeniy\AppData\Local\Temp\E_SE4DF.tmp" /EF "HKCU" File not found O4 - HKU\S-1-5-21-4087376310-340460148-1176917525-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKU\S-1-5-21-4087376310-340460148-1176917525-1000..\Run: [zASRockInstantBoot] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Yevgeniy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Medien-Prüfung.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28A2E74E-2153-41A4-BBCD-63462F36C0E5}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.04.03 12:24:12 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.27 16:06:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Yevgeniy\Desktop\OTL.exe [2013.05.24 00:39:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.15 02:25:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.15 02:25:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.15 02:25:02 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.15 02:25:01 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.15 02:25:01 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.05.15 02:25:01 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.05.15 02:25:01 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.15 02:25:01 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.15 02:25:01 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.15 02:25:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.15 02:25:01 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.05.15 02:25:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.05.15 02:25:00 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.15 02:25:00 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.15 02:25:00 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.05.15 02:05:17 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013.05.15 02:05:17 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013.05.15 02:05:07 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.05.15 02:05:06 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.05.15 02:05:06 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.05.15 02:05:06 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013.05.15 02:05:04 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2013.05.04 16:26:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.05.04 16:26:18 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.05.04 16:26:18 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.05.04 16:26:18 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.27 16:06:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Yevgeniy\Desktop\OTL.exe [2013.05.27 15:23:11 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.27 15:23:10 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.27 15:22:59 | 008,448,236 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.27 15:22:59 | 002,894,678 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.27 15:22:59 | 002,549,770 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.27 15:22:59 | 002,280,672 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.27 15:22:59 | 000,005,222 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.27 15:15:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.27 15:15:39 | 533,434,367 | -HS- | M] () -- C:\hiberfil.sys [2013.05.15 11:41:49 | 000,128,644 | ---- | M] () -- C:\Users\Yevgeniy\.recently-used.xbel [2013.05.15 07:49:31 | 005,059,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.04 02:02:32 | 000,001,029 | ---- | M] () -- C:\Users\Yevgeniy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.15 11:41:49 | 000,128,644 | ---- | C] () -- C:\Users\Yevgeniy\.recently-used.xbel [2013.05.04 02:02:32 | 000,001,029 | ---- | C] () -- C:\Users\Yevgeniy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk [2013.04.13 19:49:39 | 000,000,005 | ---- | C] () -- C:\Users\Yevgeniy\AppData\Roaming\mbam.context.scan [2013.03.30 01:21:51 | 000,007,605 | ---- | C] () -- C:\Users\Yevgeniy\AppData\Local\Resmon.ResmonCfg [2013.03.28 22:07:59 | 000,016,384 | ---- | C] () -- C:\Windows\Launcher.exe [2012.11.02 13:49:51 | 000,003,654 | ---- | C] () -- C:\Windows\SysWow64\drivers\Sonyhcp.dll [2012.05.17 15:27:16 | 000,004,758 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.05.02 15:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.04.11 09:02:10 | 000,046,080 | ---- | C] () -- C:\Users\Yevgeniy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.26 14:53:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.03.26 14:11:53 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini [2012.03.26 14:11:53 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini [2012.03.26 14:11:53 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini [2012.03.26 14:11:42 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012.03.26 14:11:42 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012.03.22 06:06:26 | 000,033,540 | ---- | C] () -- C:\Windows\SysWow64\dischandler.exe [2012.03.13 20:06:30 | 004,417,024 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll [2012.03.10 15:55:16 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll [2012.03.10 15:55:10 | 006,454,984 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-54.dll [2012.03.10 15:55:10 | 001,146,161 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-54.dll [2012.03.10 15:55:10 | 000,371,592 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll [2012.03.10 15:55:10 | 000,206,473 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll [2012.03.10 15:55:10 | 000,142,473 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-2.dll [2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.02.26 18:47:02 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012.02.26 18:46:18 | 000,260,608 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll [2012.02.26 18:46:00 | 000,158,720 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll [2012.02.26 18:46:00 | 000,099,840 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll [2012.02.26 18:45:58 | 001,525,248 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll [2012.02.26 18:45:58 | 000,146,944 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll [2012.02.26 18:45:56 | 000,212,480 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll [2012.02.26 18:45:56 | 000,115,200 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll [2012.02.26 18:45:54 | 000,328,704 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll [2012.02.26 18:45:54 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll [2011.12.07 21:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.09.08 16:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll [2011.09.08 16:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll [2011.09.08 16:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll [2011.09.08 16:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll [2011.09.08 16:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe [2011.09.08 16:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\SysWow64\ts.dll [2011.09.08 16:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe [2011.09.08 16:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe [2011.09.08 15:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll [2011.09.08 15:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll [2011.05.30 15:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.24 11:27:50 | 000,000,000 | ---D | M] -- C:\Users\Yevgeniy\AppData\Roaming\Anvsoft [2013.03.28 16:20:14 | 000,000,000 | ---D | M] -- C:\Users\Yevgeniy\AppData\Roaming\Canon [2013.03.26 10:51:28 | 000,000,000 | ---D | M] -- C:\Users\Yevgeniy\AppData\Roaming\DAEMON Tools Lite [2012.04.23 19:08:34 | 000,000,000 | ---D | M] -- C:\Users\Yevgeniy\AppData\Roaming\DAEMON Tools Pro [2012.12.11 00:01:36 | 000,000,000 | ---D | M] -- C:\Users\Yevgeniy\AppData\Roaming\DarknessII [2012.05.17 10:48:21 | 000,000,000 | ---D | M] -- C:\Users\Yevgeniy\AppData\Roaming\DeviceVm [2012.09.16 02:18:53 | 000,000,000 | ---D | M] -- C:\Users\Yevgeniy\AppData\Roaming\DVDVideoSoft [2012.06.26 19:58:37 | 000,000,000 | ---D | M] -- C:\Users\Yevgeniy\AppData\Roaming\GlarySoft [2013.05.15 11:41:49 | 000,000,000 | ---D | M] -- C:\Users\Yevgeniy\AppData\Roaming\gtk-2.0 [2012.10.19 15:13:20 | 000,000,000 | ---D | M] -- C:\Users\Yevgeniy\AppData\Roaming\Imaxel [2012.10.22 19:41:00 | 000,000,000 | ---D | M] -- C:\Users\Yevgeniy\AppData\Roaming\IrfanView [2012.03.26 16:05:32 | 000,000,000 | ---D | M] -- C:\Users\Yevgeniy\AppData\Roaming\LolClient [2012.05.24 10:51:48 | 000,000,000 | ---D | M] -- C:\Users\Yevgeniy\AppData\Roaming\LolClient2 [2012.03.26 15:16:40 | 000,000,000 | ---D | M] -- C:\Users\Yevgeniy\AppData\Roaming\Origin [2013.04.01 22:02:22 | 000,000,000 | ---D | M] -- C:\Users\Yevgeniy\AppData\Roaming\raidcall [2012.05.17 10:48:47 | 000,000,000 | ---D | M] -- C:\Users\Yevgeniy\AppData\Roaming\Splashtop [2013.05.11 01:22:23 | 000,000,000 | ---D | M] -- C:\Users\Yevgeniy\AppData\Roaming\TS3Client [2013.03.07 15:17:42 | 000,000,000 | ---D | M] -- C:\Users\Yevgeniy\AppData\Roaming\Ulead Systems [2013.03.26 10:51:20 | 000,000,000 | ---D | M] -- C:\Users\Yevgeniy\AppData\Roaming\uTorrent [2012.05.25 21:59:56 | 000,000,000 | ---D | M] -- C:\Users\Yevgeniy\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > |
27.05.2013, 15:29 | #4 |
/// Helfer-Team | trojan.reveton (malewarebytes) Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL MOD - C:\Users\Yevgeniy\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0064\~df394b.tmp () MOD - C:\Users\Yevgeniy\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0064\~de6248.tmp () SRV - (SystemStoreService) -- C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe () [2013.05.04 02:02:32 | 000,001,029 | ---- | M] () -- C:\Users\Yevgeniy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk :Files C:\ProgramData\*.exe C:\ProgramData\*.dll C:\ProgramData\*.tmp C:\ProgramData\TEMP C:\Users\Yevgeniy\*.tmp C:\Users\Yevgeniy\AppData\*.dll C:\Users\Yevgeniy\AppData\*.exe C:\Users\Yevgeniy\AppData\Local\Temp\*.exe C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache ipconfig /flushdns /c :Commands [emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
27.05.2013, 16:15 | #5 |
| trojan.reveton (malewarebytes) All processes killed ========== OTL ========== Service SystemStoreService stopped successfully! Service SystemStoreService deleted successfully! C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe moved successfully. C:\Users\Yevgeniy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk moved successfully. ========== FILES ========== File\Folder C:\ProgramData\*.exe not found. File\Folder C:\ProgramData\*.dll not found. File\Folder C:\ProgramData\*.tmp not found. File\Folder C:\ProgramData\TEMP not found. File\Folder C:\Users\Yevgeniy\*.tmp not found. File\Folder C:\Users\Yevgeniy\AppData\*.dll not found. File\Folder C:\Users\Yevgeniy\AppData\*.exe not found. C:\Users\Yevgeniy\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\security folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully. C:\Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Yevgeniy\Desktop\cmd.bat deleted successfully. C:\Users\Yevgeniy\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Yevgeniy ->Temp folder emptied: 81328348 bytes ->Temporary Internet Files folder emptied: 35185278 bytes ->FireFox cache emptied: 531935374 bytes ->Flash cache emptied: 39604 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 1618992 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 24642301 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 6555536 bytes RecycleBin emptied: 131316892 bytes Total Files Cleaned = 775,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 05272013_170014 Files\Folders moved on Reboot... C:\Users\Yevgeniy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... zu mbar.exe das programm sagt mir ich brauche kein cleanup. (schritt3 habe ich no nicht gemacht, warte auf antwort) |
27.05.2013, 17:40 | #6 |
/// Helfer-Team | trojan.reveton (malewarebytes) Weitermachen.
__________________ --> trojan.reveton (malewarebytes) |
27.05.2013, 18:06 | #7 |
| trojan.reveton (malewarebytes) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.301 - Datei am 27/05/2013 um 19:04:23 erstellt # Aktualisiert am 16/05/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Yevgeniy - YEVGENIY-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Yevgeniy\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** Gestoppt & Gelöscht : WajamUpdater Gestoppt & Gelöscht : Web Assistant ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\END Datei Gelöscht : C:\user.js Datei Gelöscht : C:\Users\Yevgeniy\AppData\Roaming\Mozilla\Firefox\Profiles\nrxypbj6.default\searchplugins\Askcom.xml Datei Gelöscht : C:\Users\Yevgeniy\AppData\Roaming\Mozilla\Firefox\Profiles\nrxypbj6.default\searchplugins\Conduit.xml Datei Gelöscht : C:\Users\Yevgeniy\AppData\Roaming\Mozilla\Firefox\Profiles\nrxypbj6.default\searchplugins\Web Search.xml Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB Ordner Gelöscht : C:\Program Files (x86)\Protected Search Ordner Gelöscht : C:\Program Files (x86)\Wajam Ordner Gelöscht : C:\Program Files (x86)\Yontoo Ordner Gelöscht : C:\Program Files\Web Assistant Ordner Gelöscht : C:\ProgramData\DeviceVM Ordner Gelöscht : C:\ProgramData\Tarma Installer Ordner Gelöscht : C:\Users\Yevgeniy\AppData\Local\Wajam Ordner Gelöscht : C:\Users\Yevgeniy\AppData\LocalLow\simplytech Ordner Gelöscht : C:\Users\Yevgeniy\AppData\Roaming\DeviceVM Ordner Gelöscht : C:\Users\Yevgeniy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Ordner Gelöscht : C:\Users\Yevgeniy\AppData\Roaming\Mozilla\Firefox\Profiles\nrxypbj6.default\CT3282494 Ordner Gelöscht : C:\Users\Yevgeniy\AppData\Roaming\Mozilla\Firefox\Profiles\nrxypbj6.default\extensions\{3efefe31-d81e-4bd7-918f-d588cb409f39} Ordner Gelöscht : C:\Users\Yevgeniy\AppData\Roaming\Mozilla\Firefox\Profiles\nrxypbj6.default\Smartbar Ordner Gelöscht : C:\Windows\SysWOW64\WNLT ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\IM Schlüssel Gelöscht : HKCU\Software\Iminent Schlüssel Gelöscht : HKCU\Software\ImInstaller Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Schlüssel Gelöscht : HKCU\Software\ProtectedSearch Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\Wajam Schlüssel Gelöscht : HKCU\Software\WNLT Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamBHO Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamDownloader Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1 Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\Software\Iminent Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Schlüssel Gelöscht : HKLM\Software\Wajam Schlüssel Gelöscht : HKLM\Software\Web Assistant Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0E5680D1-BF44-4929-94AF-FD30D784AD1D} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Protected Search_is1 Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}] Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}] Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16483 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=42820&st=home&tid=3347 --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=42820&st=home&tid=3347 --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=42820&st=home&tid=3347 --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=42820&tid=3347&st=bs&q= --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=42820&tid=3347&st=bs&q= --> hxxp://www.google.com Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=42820&st=home&tid=3347 --> hxxp://www.google.com Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=42820&st=home&tid=3347 --> hxxp://www.google.com Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=42820&tid=3347&st=bs&q= --> hxxp://www.google.com Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=42820&tid=3347&st=bs&q= --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - (Default)] = hxxp://search.certified-toolbar.com?si=42820&st=bs&tid=3347&q=%s --> hxxp://www.google.com Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - (Default)] = hxxp://search.certified-toolbar.com?si=42820&st=bs&tid=3347&q=%s --> hxxp://www.google.com Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=42820&st=home&tid=3347 --> hxxp://www.google.com -\\ Mozilla Firefox v21.0 (de) Datei : C:\Users\Yevgeniy\AppData\Roaming\Mozilla\Firefox\Profiles\nrxypbj6.default\prefs.js C:\Users\Yevgeniy\AppData\Roaming\Mozilla\Firefox\Profiles\nrxypbj6.default\user.js ... Gelöscht ! Gelöscht : user_pref("CT3282494.1000082.isPlayDisplay", "true"); Gelöscht : user_pref("CT3282494.1000082.state", "{\"state\":\"stopped\",\"text\":\"GermanyFM...\",\"description[...] Gelöscht : user_pref("CT3282494.1000234.TWC_TMP_city", "NUREMBERG"); Gelöscht : user_pref("CT3282494.1000234.TWC_TMP_country", "DE"); Gelöscht : user_pref("CT3282494.1000234.TWC_country", "GERMANY"); Gelöscht : user_pref("CT3282494.1000234.TWC_locId", "GMBY0250"); Gelöscht : user_pref("CT3282494.1000234.TWC_location", "Nuremberg, Germany"); Gelöscht : user_pref("CT3282494.1000234.TWC_region", "DE"); Gelöscht : user_pref("CT3282494.1000234.TWC_temp_dis", "c"); Gelöscht : user_pref("CT3282494.1000234.TWC_wind_dis", "kmh"); Gelöscht : user_pref("CT3282494.1000234.weatherData", "{\"icon\":\"27.png\",\"temperature\":\"-2°C\",\"temperat[...] Gelöscht : user_pref("CT3282494.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); Gelöscht : user_pref("CT3282494.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...] Gelöscht : user_pref("CT3282494.FF19Solved", "true"); Gelöscht : user_pref("CT3282494.FirstTime", "true"); Gelöscht : user_pref("CT3282494.FirstTimeFF3", "true"); Gelöscht : user_pref("CT3282494.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT328[...] Gelöscht : user_pref("CT3282494.UserID", "UN25498997302148831"); Gelöscht : user_pref("CT3282494.XING_APP_MARKETPLACE_APP_LANG.enc", "ZW4="); Gelöscht : user_pref("CT3282494.XING_APP_MARKETPLACE_GADGET_HEIGHT_NORMAL.enc", "NTY5"); Gelöscht : user_pref("CT3282494.XING_APP_MARKETPLACE_GADGET_HEIGHT_SHORT.enc", "NDE1"); Gelöscht : user_pref("CT3282494.XING_APP_MARKETPLACE_GADGET_WIDTH.enc", "MzUz"); Gelöscht : user_pref("CT3282494.addressBarTakeOverEnabledInHidden", "true"); Gelöscht : user_pref("CT3282494.autoDisableScopes", 14); Gelöscht : user_pref("CT3282494.browser.search.defaultthis.engineName", "true"); Gelöscht : user_pref("CT3282494.defaultSearch", "true"); Gelöscht : user_pref("CT3282494.embeddedsData", "[{\"appId\":\"130038710348127873\",\"apiPermissions\":{\"cross[...] Gelöscht : user_pref("CT3282494.enableAlerts", "always"); Gelöscht : user_pref("CT3282494.enableFix404ByUser", "TRUE"); Gelöscht : user_pref("CT3282494.enableSearchFromAddressBar", "true"); Gelöscht : user_pref("CT3282494.firstTimeDialogOpened", "true"); Gelöscht : user_pref("CT3282494.fixPageNotFoundError", "true"); Gelöscht : user_pref("CT3282494.fixPageNotFoundErrorByUser", "true"); Gelöscht : user_pref("CT3282494.fixPageNotFoundErrorInHidden", "true"); Gelöscht : user_pref("CT3282494.fixUrls", true); Gelöscht : user_pref("CT3282494.installDate", "20/2/2013 19:00:55"); Gelöscht : user_pref("CT3282494.installId", "conduitinstaller.exe"); Gelöscht : user_pref("CT3282494.installType", "conduitnsisintegration"); Gelöscht : user_pref("CT3282494.isCheckedStartAsHidden", true); Gelöscht : user_pref("CT3282494.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); Gelöscht : user_pref("CT3282494.isFirstTimeToolbarLoading", "false"); Gelöscht : user_pref("CT3282494.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); Gelöscht : user_pref("CT3282494.keyword", "true"); Gelöscht : user_pref("CT3282494.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...] Gelöscht : user_pref("CT3282494.lastVersion", "10.14.65.43"); Gelöscht : user_pref("CT3282494.mam_gk_installer_preapproved.enc", "ZmFsc2U="); Gelöscht : user_pref("CT3282494.migrateAppsAndComponents", true); Gelöscht : user_pref("CT3282494.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...] Gelöscht : user_pref("CT3282494.openThankYouPage", "false"); Gelöscht : user_pref("CT3282494.openUninstallPage", "true"); Gelöscht : user_pref("CT3282494.revertSettingsEnabled", "true"); Gelöscht : user_pref("CT3282494.search.searchAppId", "130038710348127873"); Gelöscht : user_pref("CT3282494.search.searchCount", "0"); Gelöscht : user_pref("CT3282494.searchFromAddressBarEnabledByUser", "true"); Gelöscht : user_pref("CT3282494.searchInNewTabEnabledByUser", "true"); Gelöscht : user_pref("CT3282494.searchInNewTabEnabledInHidden", "true"); Gelöscht : user_pref("CT3282494.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); Gelöscht : user_pref("CT3282494.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...] Gelöscht : user_pref("CT3282494.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...] Gelöscht : user_pref("CT3282494.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...] Gelöscht : user_pref("CT3282494.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...] Gelöscht : user_pref("CT3282494.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...] Gelöscht : user_pref("CT3282494.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...] Gelöscht : user_pref("CT3282494.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1361383261450"); Gelöscht : user_pref("CT3282494.serviceLayer_services_appsMetadata_lastUpdate", "1361383261463"); Gelöscht : user_pref("CT3282494.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1361383261081"); Gelöscht : user_pref("CT3282494.serviceLayer_services_location_lastUpdate", "1361383259663"); Gelöscht : user_pref("CT3282494.serviceLayer_services_login_10.14.65.43_lastUpdate", "1361383261549"); Gelöscht : user_pref("CT3282494.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1361383261112"); Gelöscht : user_pref("CT3282494.serviceLayer_services_searchAPI_lastUpdate", "1361383259818"); Gelöscht : user_pref("CT3282494.serviceLayer_services_serviceMap_lastUpdate", "1361383259246"); Gelöscht : user_pref("CT3282494.serviceLayer_services_setupAPI_lastUpdate", "1361383261447"); Gelöscht : user_pref("CT3282494.serviceLayer_services_toolbarContextMenu_lastUpdate", "1361383260878"); Gelöscht : user_pref("CT3282494.serviceLayer_services_toolbarSettings_lastUpdate", "1361383259667"); Gelöscht : user_pref("CT3282494.serviceLayer_services_translation_lastUpdate", "1361383261469"); Gelöscht : user_pref("CT3282494.settingsINI", true); Gelöscht : user_pref("CT3282494.shouldFirstTimeDialog", "false"); Gelöscht : user_pref("CT3282494.smartbar.CTID", "CT3282494"); Gelöscht : user_pref("CT3282494.smartbar.Uninstall", "0"); Gelöscht : user_pref("CT3282494.smartbar.homepage", "true"); Gelöscht : user_pref("CT3282494.smartbar.toolbarName", "NCH_DE "); Gelöscht : user_pref("CT3282494.startPage", "true"); Gelöscht : user_pref("CT3282494.toolbarBornServerTime", "20-2-2013"); Gelöscht : user_pref("CT3282494.toolbarCurrentServerTime", "20-2-2013"); Gelöscht : user_pref("CT3282494.toolbarDisabled", "true"); Gelöscht : user_pref("CT3282494.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U="); Gelöscht : user_pref("CT3282494_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...] Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3282494&SearchSource=1[...] Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "NCH_DE Customized Web Search"); Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282494[...] Gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", ""); Gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT3282494"); Gelöscht : user_pref("browser.search.defaultengine", "Web Search"); Gelöscht : user_pref("browser.search.defaultenginename", "Web Search"); Gelöscht : user_pref("browser.search.defaultthis.engineName", "NCH_DE Customized Web Search"); Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282494&Sea[...] Gelöscht : user_pref("browser.search.order.1", "Web Search"); Gelöscht : user_pref("extensions.incredibar.actvtyRptTime", "1344720296579"); Gelöscht : user_pref("extensions.incredibar.admin", false); Gelöscht : user_pref("extensions.incredibar.aflt", "orgnl"); Gelöscht : user_pref("extensions.incredibar.afterInstallRpt", "sent"); Gelöscht : user_pref("extensions.incredibar.cntry", "DE"); Gelöscht : user_pref("extensions.incredibar.dfltLng", "DE"); Gelöscht : user_pref("extensions.incredibar.dfltSrch", false); Gelöscht : user_pref("extensions.incredibar.dfltlng", "DE"); Gelöscht : user_pref("extensions.incredibar.dfltsrch", "false"); Gelöscht : user_pref("extensions.incredibar.did", "10662"); Gelöscht : user_pref("extensions.incredibar.envrmnt", "production"); Gelöscht : user_pref("extensions.incredibar.excTlbr", false); Gelöscht : user_pref("extensions.incredibar.hdrMd5", "FAE22D877DD8D1B290032FD3259C7AD3"); Gelöscht : user_pref("extensions.incredibar.hmpg", false); Gelöscht : user_pref("extensions.incredibar.hrdid", "eaf3c74e000000000000002522dddf34"); Gelöscht : user_pref("extensions.incredibar.id", "eaf3c74e000000000000002522dddf34"); Gelöscht : user_pref("extensions.incredibar.installerproductid", "26"); Gelöscht : user_pref("extensions.incredibar.instlDay", "15563"); Gelöscht : user_pref("extensions.incredibar.instlRef", ""); Gelöscht : user_pref("extensions.incredibar.instlday", "15563"); Gelöscht : user_pref("extensions.incredibar.instlref", ""); Gelöscht : user_pref("extensions.incredibar.isDcmntCmplt", false); Gelöscht : user_pref("extensions.incredibar.isdcmntcmplt", "false"); Gelöscht : user_pref("extensions.incredibar.keywordurl", ""); Gelöscht : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1423:24:48"); Gelöscht : user_pref("extensions.incredibar.mntrvrsn", "1.2.0"); Gelöscht : user_pref("extensions.incredibar.newTab", false); Gelöscht : user_pref("extensions.incredibar.newtab", "false"); Gelöscht : user_pref("extensions.incredibar.newtaburl", ""); Gelöscht : user_pref("extensions.incredibar.noFFXTlbr", false); Gelöscht : user_pref("extensions.incredibar.ppd", ""); Gelöscht : user_pref("extensions.incredibar.prdct", "incredibar"); Gelöscht : user_pref("extensions.incredibar.productid", "26"); Gelöscht : user_pref("extensions.incredibar.prtnrId", "Incredibar"); Gelöscht : user_pref("extensions.incredibar.prtnrid", "Incredibar"); Gelöscht : user_pref("extensions.incredibar.sg", "none"); Gelöscht : user_pref("extensions.incredibar.smplGrp", "none"); Gelöscht : user_pref("extensions.incredibar.smplgrp", "none"); Gelöscht : user_pref("extensions.incredibar.srch", ""); Gelöscht : user_pref("extensions.incredibar.srchprvdr", ""); Gelöscht : user_pref("extensions.incredibar.tlbrId", "base"); Gelöscht : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=1eyotJR6Tmf&loc=IB_[...] Gelöscht : user_pref("extensions.incredibar.tlbrid", "base"); Gelöscht : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=1eyotJR6Tmf&loc=IB_[...] Gelöscht : user_pref("extensions.incredibar.upn2", "1eyotJR6Tmf"); Gelöscht : user_pref("extensions.incredibar.upn2n", "1036328349074063359"); Gelöscht : user_pref("extensions.incredibar.vrsn", "1.5.11.14"); Gelöscht : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1423:24:48"); Gelöscht : user_pref("extensions.incredibar.vrsni", "1.5.11.14"); Gelöscht : user_pref("extensions.incredibar.vrsnts", "1.5.11.1423:24:48"); Gelöscht : user_pref("extensions.incredibar_i.aflt", "orgnl"); Gelöscht : user_pref("extensions.incredibar_i.dfltLng", ""); Gelöscht : user_pref("extensions.incredibar_i.did", "10662"); Gelöscht : user_pref("extensions.incredibar_i.excTlbr", false); Gelöscht : user_pref("extensions.incredibar_i.id", "eaf3c74e000000000000002522dddf34"); Gelöscht : user_pref("extensions.incredibar_i.installerproductid", "26"); Gelöscht : user_pref("extensions.incredibar_i.instlDay", "15563"); Gelöscht : user_pref("extensions.incredibar_i.instlRef", ""); Gelöscht : user_pref("extensions.incredibar_i.ms_url_id", ""); Gelöscht : user_pref("extensions.incredibar_i.newTab", false); Gelöscht : user_pref("extensions.incredibar_i.ppd", ""); Gelöscht : user_pref("extensions.incredibar_i.prdct", "incredibar"); Gelöscht : user_pref("extensions.incredibar_i.productid", "26"); Gelöscht : user_pref("extensions.incredibar_i.prtnrId", "Incredibar"); Gelöscht : user_pref("extensions.incredibar_i.smplGrp", "none"); Gelöscht : user_pref("extensions.incredibar_i.tlbrId", "base"); Gelöscht : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=1eyotJR6Tmf&loc=I[...] Gelöscht : user_pref("extensions.incredibar_i.upn2", "1eyotJR6Tmf"); Gelöscht : user_pref("extensions.incredibar_i.upn2n", "1036328349074063359"); Gelöscht : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14"); Gelöscht : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1423:24:48"); Gelöscht : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14"); Gelöscht : user_pref("extentions.y2layers.defaultEnableAppsList", "ezLooker,pagerage,buzzdock,toprelatedtopics,[...] Gelöscht : user_pref("extentions.y2layers.installId", "68df4766-d9b3-4533-a8d6-01dd55528f14"); Gelöscht : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=42820&tid=3347&st=bs&q="); Gelöscht : user_pref("smartBar.searchInNewTabOwner", "CT3282494"); Gelöscht : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3282494&SearchSource=13[...] Gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...] Gelöscht : user_pref("smartbar.originalHomepage", "hxxp://www.google.com/"); Gelöscht : user_pref("smartbar.originalSearchAddressUrl", ""); Gelöscht : user_pref("smartbar.originalSearchEngine", ""); Gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...] ************************* AdwCleaner[S1].txt - [36248 octets] - [27/05/2013 19:04:23] ########## EOF - C:\AdwCleaner[S1].txt - [36309 octets] ########## das clolol is weg |
27.05.2013, 18:15 | #8 |
/// Helfer-Team | trojan.reveton (malewarebytes) Sehr gut! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). danach: ESET Online Scanner
danach: Downloade Dir bitte SecurityCheck und:
|
27.05.2013, 22:04 | #9 |
| trojan.reveton (malewarebytes) ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=ff3c9f15fd316040afc52fe57152a9be # engine=13931 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-05-27 08:12:32 # local_time=2013-05-27 10:12:32 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776573 100 94 10978 121315402 0 0 # scanned=329893 # found=8 # cleaned=0 # scan_time=7939 sh=B971870B86DB88581AB741E9E5DB9E1B54393A89 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OHO trojan" ac=I fn="C:\_OTL\MovedFiles\05272013_170014\C_Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\36a12781-3825d9e5" sh=8A834D569919BEB608E596D567A66E025BEF2E83 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\_OTL\MovedFiles\05272013_170014\C_Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\208b456-44d8d2ca" sh=E55DBDAC30C0EEB44B29427A1F658355EA3B4663 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\_OTL\MovedFiles\05272013_170014\C_Users\Yevgeniy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\260b9c6a-311a2a43" sh=EB4893776BAB18BE6504BAEF14EB4BCA7F6EAFC1 ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\_OTL\MovedFiles\05272013_170014\C_Users\Yevgeniy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk" sh=60B7C6410386C8456E9B0D2F4D7DD8A18BB60B56 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.OpenStream.NBV trojan" ac=I fn="D:\Documents and Settings\????\Application Data\Sun\Java\Deployment\cache\6.0\21\cb95f55-4b87319e" sh=1D53368303C8F4D85D51C64A7106B04719604CAB ft=0 fh=0000000000000000 vn="JS/Kryptik.CH trojan" ac=I fn="D:\Documents and Settings\????\Local Settings\Application Data\Mozilla\Firefox\Profiles\40dsvrt4.default\Cache\1\F7\FD27Bd01" sh=805700F7ABAA1CEDDA5E1888666CB119616FF35E ft=0 fh=0000000000000000 vn="JS/Kryptik.CH trojan" ac=I fn="D:\Documents and Settings\????\Local Settings\Application Data\Mozilla\Firefox\Profiles\40dsvrt4.default\Cache\7\86\87EB7d01" sh=42195103AB684FFA5DBFD60E21484AD46B21EC20 ft=0 fh=0000000000000000 vn="Win32/Induc virus" ac=I fn="E:\RECYCLER\S-1-5-21-1177238915-362288127-682003330-1003\Dd92.zip" aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software Run date: 2013-05-27 19:44:18 ----------------------------- 19:44:18.934 OS Version: Windows x64 6.1.7601 Service Pack 1 19:44:18.934 Number of processors: 6 586 0xA00 19:44:18.935 ComputerName: YEVGENIY-PC UserName: Yevgeniy 19:44:19.453 Initialize success 19:45:37.885 AVAST engine defs: 13052700 19:45:48.948 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-7 19:45:48.949 Disk 0 Vendor: Hitachi_HDP725025GLA380 GM2OA5CA Size: 238475MB BusType: 3 19:45:48.951 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-6 19:45:48.952 Disk 1 Vendor: WDC_WD1002FAEX-00Y9A0 05.01D05 Size: 953869MB BusType: 3 19:45:49.035 Disk 1 MBR read successfully 19:45:49.037 Disk 1 MBR scan 19:45:49.040 Disk 1 Windows 7 default MBR code 19:45:49.042 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 449899 MB offset 206848 19:45:49.057 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 503867 MB offset 921600000 19:45:49.075 Disk 1 scanning C:\Windows\system32\drivers 19:45:54.427 Service scanning 19:46:05.919 Modules scanning 19:46:05.924 Disk 1 trace - called modules: 19:46:05.935 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 19:46:05.939 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8006272790] 19:46:05.942 3 CLASSPNP.SYS[fffff8800103b43f] -> nt!IofCallDriver -> [0xfffffa800610c9b0] 19:46:05.946 5 ACPI.sys[fffff88000ee27a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-6[0xfffffa80061e9060] 19:46:07.370 AVAST engine scan C:\Windows 19:46:08.795 AVAST engine scan C:\Windows\system32 19:48:07.212 AVAST engine scan C:\Windows\system32\drivers 19:48:13.588 AVAST engine scan C:\Users\Yevgeniy 19:52:03.597 AVAST engine scan C:\ProgramData 19:55:35.139 Scan finished successfully 19:57:47.478 Disk 1 MBR has been saved successfully to "C:\Users\Yevgeniy\Desktop\MBR.dat" 19:57:47.482 The log file has been saved successfully to "C:\Users\Yevgeniy\Desktop\aswMBR.txt" Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 21 Adobe Flash Player 11.6.602.180 Adobe Reader 10.1.6 Adobe Reader out of Date! Mozilla Firefox (21.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
28.05.2013, 10:26 | #10 |
/// Helfer-Team | trojan.reveton (malewarebytes) Lass die Funde von ESET loeschen. Aktualisiere:
Sehr gut! damit bist Du sauber und entlassen! adwCleaner entfernen
Tool-Bereinigung Die Reihenfolge ist hier entscheidend.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
28.05.2013, 12:02 | #11 |
| trojan.reveton (malewarebytes) Tool-Bereinigung Die Reihenfolge ist hier entscheidend. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten) Windowstaste + R > Combofix /Uninstall (eingeben) > OK Alternative: Combofix.exe in uninstall.exe umbenennen und starten Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop: Schließe alle offenen Programme. Starte die delfix.exe mit einem Doppelklick. Setze vor jede Funktion ein Häkchen. Klicke auf Start. Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen. sry das verstehe ich nicht ganz, ( sry kenne kein combofix oder defogger) und das mit sicherheitszonen, ich benutze firefox und mit systemwiederherstellung, zum aktivieren soll ich im vorletztem bild die 1ste option wählen? (hxxp://www.systemwiederherstellung-deaktivieren.de/windows-7.html) Geändert von JeffdJeff (28.05.2013 um 12:16 Uhr) |
28.05.2013, 17:01 | #12 |
/// Helfer-Team | trojan.reveton (malewarebytes) Hast du delfix ausgefuehrt? Sicherheitszonen im IE einstellen! (ja, trotzdem, weil IE Systembestandteil ist) |
28.05.2013, 19:58 | #13 |
| trojan.reveton (malewarebytes) # DelFix v10.2 - Datei am 28/05/2013 um 20:57:33 erstellt # Aktualisiert am 02/04/2013 von Xplode # Benutzer : Yevgeniy - YEVGENIY-PC # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) ~ Aktiviere die Benutzerkontensteuerung ... OK ~ Entferne die Bereinigungsprogramme ... Gelöscht : C:\_OTL Gelöscht : C:\Users\Yevgeniy\Desktop\mbar Gelöscht : C:\Users\Yevgeniy\Desktop\aswMBR.exe Gelöscht : C:\Users\Yevgeniy\Desktop\aswMBR.txt Gelöscht : C:\Users\Yevgeniy\Desktop\esetsmartinstaller_enu.exe Gelöscht : C:\Users\Yevgeniy\Desktop\Extras.Txt Gelöscht : C:\Users\Yevgeniy\Desktop\MBR.dat Gelöscht : C:\Users\Yevgeniy\Desktop\OTL.Txt Gelöscht : C:\Users\Yevgeniy\Desktop\OTL.exe Gelöscht : C:\Users\Yevgeniy\Desktop\SecurityCheck(1).exe Gelöscht : HKLM\SOFTWARE\OldTimer Tools Gelöscht : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR ~ Erstelle ein Backup der Registrierungsdatenbank ... OK ~ Lösche die Wiederherstellungspunkte ... Ein neuer Wiederherstellungspunkt wurde erstellt ! ~ Stelle die Systemeinstellungen wieder her ... OK ########## - EOF - ########## |
29.05.2013, 11:34 | #14 |
/// Helfer-Team | trojan.reveton (malewarebytes) passt, wuensche eine virenfreie Zeit |
30.05.2013, 00:37 | #15 |
| trojan.reveton (malewarebytes) ich danke dir!!! |
Themen zu trojan.reveton (malewarebytes) |
administrator, aktion, anti-malware, appdata, autostart, erfolgreich, explorer, gestartet, java/exploit.agent.oho, java/trojandownloader.openstream.nbv, js/kryptik.ch, löschen, malware.packer.genx, malware.tool, meldung, neustart, pup.fakeflash.domaiq, pup.wpakill, quarantäne, service, speicher, version, virtool.vbcrypt, win32/reveton.m, zufällig |