| |
| |||||||
Log-Analyse und Auswertung: Online-Banking-Trojaner!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.06.2013, 08:51
| #1 |
| |  Online-Banking-Trojaner! [SIZE="6"][I][B]Hallo, Ich habe mir einen trojaner eingefangen. Der möchte meine ganze Tanliste abfragen wenn ich bei der Targo Bank online gehe! Mal ist er da mal nicht! Hab mit dem Support telefoniert und die haben den Account gesperrt! Nun bitte ich um eure Hilfe das Problem wieder in den Griff zu bekommen. OTL!OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.06.2013 07:21:23 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Colonel_Rupert\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 54,29% Memory free 8,20 Gb Paging File | 6,04 Gb Available in Paging File | 73,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 327,54 Gb Total Space | 159,87 Gb Free Space | 48,81% Space Free | Partition Type: NTFS Drive E: | 592,25 Gb Total Space | 321,72 Gb Free Space | 54,32% Space Free | Partition Type: NTFS Computer Name: COLONEL_RUPE-PC | User Name: Colonel_Rupert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.19 07:20:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Colonel_Rupert\Desktop\OTL.exe PRC - [2013.05.29 07:26:33 | 000,082,896 | ---- | M] (Google Inc.) -- C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.02.01 21:37:46 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.11.30 23:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.08.08 09:32:03 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.06.27 13:01:14 | 000,096,768 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe PRC - [2012.05.08 11:59:57 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.05.08 11:59:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 11:59:57 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.09.23 15:09:09 | 000,226,304 | ---- | M] (Daniel Pistelli) -- C:\Users\Colonel_Rupert\AppData\Roaming\Dyduw\anuku.exe PRC - [2010.05.20 16:26:30 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe PRC - [2009.06.22 15:21:58 | 000,304,592 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGService.exe PRC - [2009.06.17 12:28:08 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe PRC - [2009.02.19 14:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) -- C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe ========== Modules (No Company Name) ========== MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV - [2013.06.12 09:17:20 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.06.03 16:34:46 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.02.01 21:37:46 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.12.03 17:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.11.30 23:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.06.27 13:01:14 | 000,096,768 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver) SRV - [2012.05.08 11:59:57 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.05.08 11:59:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 11:59:57 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.05.20 16:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.22 15:21:58 | 000,304,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\XSManager\WTGService.exe -- (WTGService) SRV - [2009.06.17 12:28:08 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service) SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.19 14:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) [Auto | Running] -- C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) SRV - [2008.11.25 11:45:40 | 000,153,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2006.12.14 18:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM) DRV:64bit: - [2012.05.08 11:59:57 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 11:59:57 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2010.08.16 18:52:11 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\cmnsusbser.sys -- (cmnsusbser) DRV:64bit: - [2010.05.20 16:26:30 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VX3000.sys -- (VX3000) DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.06.25 23:22:16 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt) DRV:64bit: - [2009.06.25 23:22:15 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt) DRV - [2008.10.31 16:19:36 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\cmnsusbser.sys -- (cmnsusbser) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE} IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC_de IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=dGOsuRyJLr1IcT5IBQHvrI_AED8?q={searchTerms} IE - HKCU\..\SearchScopes\{7ABF4DDD-5912-4A65-9784-10CCCDDDC5C8}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com Search" FF - prefs.js..browser.search.defaultenginename: "Ask.com Search" FF - prefs.js..browser.search.defaultthis.engineName: "Eazel-DE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2096149&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com Search" FF - prefs.js..browser.search.selectedEngine: "Ask.com Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}:2.5.6.0 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.15.26.45268 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.20.9397 FF - prefs.js..extensions.enabledItems: fmconverter@gmail.com:1.0.0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Colonel_Rupert\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Colonel_Rupert\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.29 18:19:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.07.13 18:10:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.27 07:27:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.18 19:25:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.29 18:19:53 | 000,000,000 | ---D | M] [2009.04.28 17:52:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colonel_Rupert\AppData\Roaming\mozilla\Extensions [2013.06.07 18:26:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colonel_Rupert\AppData\Roaming\mozilla\Firefox\Profiles\te1n46k6.default\extensions [2013.06.07 18:16:07 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Users\Colonel_Rupert\AppData\Roaming\mozilla\Firefox\Profiles\te1n46k6.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2010.09.19 19:08:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Colonel_Rupert\AppData\Roaming\mozilla\Firefox\Profiles\te1n46k6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.05.27 06:54:14 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Colonel_Rupert\AppData\Roaming\mozilla\Firefox\Profiles\te1n46k6.default\extensions\toolbar@ask.com [2013.06.07 18:16:12 | 000,002,533 | ---- | M] () -- C:\Users\Colonel_Rupert\AppData\Roaming\mozilla\firefox\profiles\te1n46k6.default\searchplugins\aol-search.xml [2012.05.29 11:14:30 | 000,002,354 | ---- | M] () -- C:\Users\Colonel_Rupert\AppData\Roaming\mozilla\firefox\profiles\te1n46k6.default\searchplugins\aol-web-search.xml [2012.10.26 08:32:38 | 000,002,306 | ---- | M] () -- C:\Users\Colonel_Rupert\AppData\Roaming\mozilla\firefox\profiles\te1n46k6.default\searchplugins\askcomsearch.xml [2010.01.20 13:16:18 | 000,000,919 | ---- | M] () -- C:\Users\Colonel_Rupert\AppData\Roaming\mozilla\firefox\profiles\te1n46k6.default\searchplugins\conduit.xml [2012.07.02 23:22:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.02.04 23:14:38 | 000,000,000 | ---D | M] (Eazel-DE Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} [2012.07.13 18:10:57 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX [2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.09.05 20:40:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.05 20:40:56 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.05 20:40:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.05 20:40:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.05 20:40:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll CHR - plugin: Freemake np-plugin for google chrome (Enabled) = C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MI1933~1\Office14\NPSPWRAP.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Picasa2\npPicasa3.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: WiseConvert 1.3 = C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\anpiogajjmckmlehhpjnojhebaidkeod\10.15.2.523_0\ CHR - Extension: Freemake Video Converter = C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\ O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKCU..\Run: [ChromeFrameHelper] C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe (Google Inc.) O4 - HKCU..\Run: [IExplorer Util] C:\Users\Colonel_Rupert\AppData\Roaming\ie_util.exe File not found O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O4 - HKCU..\Run: [Ywneuvxei] C:\Users\Colonel_Rupert\AppData\Roaming\Dyduw\anuku.exe (Daniel Pistelli) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MI1933~1\Office10\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MI1933~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MI1933~1\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MI1933~1\Office12\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED0AD528-8918-45F6-A371-C5AAF664B1A4}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~2\GOEC62~1.DLL) - C:\PROGRA~2\Google\GOOGLE~2\GOEC62~1.DLL (Google) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Colonel_Rupert\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Colonel_Rupert\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{983ba4ba-a955-11df-9a6e-0024215365c6}\Shell - "" = AutoRun O33 - MountPoints2\{983ba4ba-a955-11df-9a6e-0024215365c6}\Shell\AutoRun\command - "" = D:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.06.19 07:20:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Colonel_Rupert\Desktop\OTL.exe [2013.06.18 21:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.06.18 21:08:27 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.06.18 21:08:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.06.06 06:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.06.06 06:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.06.06 06:43:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.06.06 06:43:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.06.06 06:43:35 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.05.27 07:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.05.27 07:27:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2013.05.20 07:54:43 | 000,000,000 | ---D | C] -- C:\Users\Colonel_Rupert\Desktop\iphone16.08.12 [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.19 07:20:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Colonel_Rupert\Desktop\OTL.exe [2013.06.19 07:19:32 | 000,000,000 | ---- | M] () -- C:\Users\Colonel_Rupert\defogger_reenable [2013.06.19 07:19:03 | 000,050,477 | ---- | M] () -- C:\Users\Colonel_Rupert\Desktop\Defogger.exe [2013.06.19 07:17:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.19 07:12:49 | 001,471,154 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.19 07:12:49 | 000,637,520 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.19 07:12:49 | 000,604,814 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.19 07:12:49 | 000,130,072 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.19 07:12:49 | 000,107,696 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.19 07:08:19 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.19 07:07:00 | 000,001,156 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-45948774-3835013767-118895328-1000UA.job [2013.06.19 07:06:32 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.19 07:06:32 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.19 07:06:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.18 22:47:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.18 21:08:28 | 000,000,954 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.18 17:07:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-45948774-3835013767-118895328-1000Core.job [2013.06.16 04:14:00 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job [2013.06.06 06:44:14 | 000,001,700 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.05.27 07:27:33 | 000,001,762 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.19 07:19:32 | 000,000,000 | ---- | C] () -- C:\Users\Colonel_Rupert\defogger_reenable [2013.06.19 07:19:02 | 000,050,477 | ---- | C] () -- C:\Users\Colonel_Rupert\Desktop\Defogger.exe [2013.06.18 21:08:28 | 000,000,954 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.24 19:32:48 | 000,000,580 | ---- | C] () -- C:\Users\Colonel_Rupert\AppData\Local\cookies.ini [2012.10.14 15:06:05 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.04.23 09:35:52 | 000,000,039 | ---- | C] () -- C:\Windows\WININIT.INI [2010.02.04 21:30:44 | 000,000,126 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.08.07 21:00:47 | 000,001,356 | ---- | C] () -- C:\Users\Colonel_Rupert\AppData\Local\d3d9caps.dat [2009.07.28 18:47:03 | 000,001,460 | ---- | C] () -- C:\Users\Colonel_Rupert\AppData\Local\d3d9caps64.dat [2009.04.27 07:00:06 | 000,000,018 | ---- | C] () -- C:\Users\Colonel_Rupert\AppData\Roaming\sys386lk.dat [2009.04.27 06:37:44 | 000,000,010 | ---- | C] () -- C:\Users\Colonel_Rupert\AppData\Roaming\hhxprot4 [2009.04.17 22:27:52 | 000,142,848 | ---- | C] () -- C:\Users\Colonel_Rupert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2009.04.27 07:00:06 | 000,000,000 | ---D | M] -- C:\Users\Colonel_Rupert\AppData\Roaming\103.gif [2013.05.18 06:15:33 | 000,000,000 | ---D | M] -- C:\Users\Colonel_Rupert\AppData\Roaming\Akoscu [2012.07.29 15:16:47 | 000,000,000 | ---D | M] -- C:\Users\Colonel_Rupert\AppData\Roaming\Auslogics [2010.11.07 05:14:00 | 000,000,000 | ---D | M] -- C:\Users\Colonel_Rupert\AppData\Roaming\Blitware [2010.03.17 22:22:59 | 000,000,000 | ---D | M] -- C:\Users\Colonel_Rupert\AppData\Roaming\Buhl Data Service [2012.12.30 10:28:26 | 000,000,000 | ---D | M] -- C:\Users\Colonel_Rupert\AppData\Roaming\Canneverbe Limited [2011.05.12 22:42:05 | 000,000,000 | ---D | M] -- C:\Users\Colonel_Rupert\AppData\Roaming\Der Planer 4 [2013.05.18 06:15:33 | 000,000,000 | ---D | M] -- C:\Users\Colonel_Rupert\AppData\Roaming\Dyduw [2013.02.25 16:11:20 | 000,000,000 | ---D | M] -- C:\Users\Colonel_Rupert\AppData\Roaming\Firefly Studios [2013.02.12 11:53:32 | 000,000,000 | ---D | M] -- C:\Users\Colonel_Rupert\AppData\Roaming\FUJIFILM [2011.05.26 19:06:39 | 000,000,000 | ---D | M] -- C:\Users\Colonel_Rupert\AppData\Roaming\Leadertech [2013.04.12 08:46:00 | 000,000,000 | ---D | M] -- C:\Users\Colonel_Rupert\AppData\Roaming\LolClient [2009.05.30 15:53:56 | 000,000,000 | ---D | M] -- C:\Users\Colonel_Rupert\AppData\Roaming\MAGIX [2009.10.29 20:11:13 | 000,000,000 | ---D | M] -- C:\Users\Colonel_Rupert\AppData\Roaming\MobMapUpdater [2009.09.25 12:32:08 | 000,000,000 | ---D | M] -- C:\Users\Colonel_Rupert\AppData\Roaming\Nokia [2012.07.13 18:11:16 | 000,000,000 | ---D | M] -- C:\Users\Colonel_Rupert\AppData\Roaming\OpenCandy [2012.07.29 18:27:35 | 000,000,000 | ---D | M] -- C:\Users\Colonel_Rupert\AppData\Roaming\OpenOffice.org [2009.09.25 12:41:59 | 000,000,000 | ---D | M] -- C:\Users\Colonel_Rupert\AppData\Roaming\PC Suite [2013.04.23 15:48:11 | 000,000,000 | ---D | M] -- C:\Users\Colonel_Rupert\AppData\Roaming\RavensburgerTipToi [2013.02.13 00:34:27 | 000,000,000 | ---D | M] -- C:\Users\Colonel_Rupert\AppData\Roaming\SoftGrid Client [2010.09.30 20:10:40 | 000,000,000 | ---D | M] -- C:\Users\Colonel_Rupert\AppData\Roaming\TP [2013.06.14 01:18:55 | 000,000,000 | ---D | M] -- C:\Users\Colonel_Rupert\AppData\Roaming\TS3Client [2012.07.13 18:12:14 | 000,000,000 | ---D | M] -- C:\Users\Colonel_Rupert\AppData\Roaming\TuneUp Software [2009.06.25 23:24:59 | 000,000,000 | ---D | M] -- C:\Users\Colonel_Rupert\AppData\Roaming\Ubisoft [2013.05.27 06:30:45 | 000,000,000 | ---D | M] -- C:\Users\Colonel_Rupert\AppData\Roaming\Uqysfe [2013.02.09 11:20:15 | 000,000,000 | ---D | M] -- C:\Users\Colonel_Rupert\AppData\Roaming\XMedia Recode [2010.08.21 14:18:33 | 000,000,000 | ---D | M] -- C:\Users\Colonel_Rupert\AppData\Roaming\XSManager [2012.05.22 07:48:23 | 000,000,000 | ---D | M] -- C:\Users\Colonel_Rupert\AppData\Roaming\{90140011-0061-0407-0000-0000000FF1CE} ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\Windows:48679BAB87DD39C6 < End of report > Exportierte Ereignisse: 18.06.2013 22:19 [System Scanner] Malware gefunden Die Datei 'C:\Users\Colonel_Rupert\AppData\Local\Temp\tmp359fd226\32.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Bublik.I.13' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55ed6d7b.qua' verschoben! 18.06.2013 22:10 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Users\Colonel_Rupert\AppData\Local\Temp\tmp359fd226\32.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Bublik.I.13' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 27.05.2013 06:22 [System Scanner] Malware gefunden Die Datei 'C:\Users\Colonel_Rupert\AppData\Roaming\ie_util.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Bublik.I.13' [trojan]. Durchgeführte Aktion(en): Der Registrierungseintrag <HKEY_USERS\S-1-5-21-45948774-3835013767-118895328-1000\SOFTWARE\Microsoft\Windo ws\CurrentVersion\Run\IExplorer Util> wurde erfolgreich repariert. Der Registrierungseintrag <HKEY_USERS\S-1-5-21-45948774-3835013767-118895328-1000\SOFTWARE\Microsoft\Windo ws\CurrentVersion\Run\IExplorer Util> wurde erfolgreich repariert. Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '57887126.qua' verschoben! 27.05.2013 06:19 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Users\Colonel_Rupert\AppData\Roaming\ie_util.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Bublik.I.13' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 27.05.2013 06:19 [Echtzeit Scanner] Malware gefunden In der Datei 'C:\Users\Colonel_Rupert\AppData\Roaming\ie_util.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Bublik.I.13' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.18.06 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Colonel_Rupert :: COLONEL_RUPE-PC [Administrator] 18.06.2013 21:17:18 MBAM-log-2013-06-18 (23-27-12).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 597739 Laufzeit: 2 Stunde(n), 5 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Users\Colonel_Rupert\AppData\Roaming\Dyduw\anuku.exe (Trojan.Zbot.DPE) -> 2532 -> Keine Aktion durchgeführt. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ywneuvxei (Trojan.Zbot.DPE) -> Daten: C:\Users\Colonel_Rupert\AppData\Roaming\Dyduw\anuku.exe -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|IExplorer Util (Trojan.Agent.IET) -> Daten: C:\Users\Colonel_Rupert\AppData\Roaming\ie_util.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Colonel_Rupert\AppData\Roaming\Dyduw\anuku.exe (Trojan.Zbot.DPE) -> Keine Aktion durchgeführt. C:\Users\Colonel_Rupert\Documents\Meine empfangenen Dateien\clone cd 4.4.3.1.0 and serial + keygen.zip (Trojan.Agent.CK) -> Keine Aktion durchgeführt. (Ende) Clonecd wurde gelöscht! Ich konnte die Extras und GMER nicht zippen! OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.06.2013 07:21:23 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Colonel_Rupert\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 54,29% Memory free
8,20 Gb Paging File | 6,04 Gb Available in Paging File | 73,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 327,54 Gb Total Space | 159,87 Gb Free Space | 48,81% Space Free | Partition Type: NTFS
Drive E: | 592,25 Gb Total Space | 321,72 Gb Free Space | 54,32% Space Free | Partition Type: NTFS
Computer Name: COLONEL_RUPE-PC | User Name: Colonel_Rupert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.3EPW3VTM7XXFMUZGNNOKOTKSAE] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = FA 69 B3 EC 03 3E CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-45948774-3835013767-118895328-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 2
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B5B1C39-DCD2-48D1-9636-9E9A80741192}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{10F9C35D-627C-4937-8D73-1314427BFC9C}" = lport=137 | protocol=17 | dir=in | app=system |
"{16F41B1E-E718-43F4-8B29-FAA914D29F8F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{20740BB7-5ED5-47B2-8FAE-22319FF0B2F2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{26491481-F0C5-489F-951C-134CCE9D3851}" = rport=137 | protocol=17 | dir=out | app=system |
"{3D2D78F7-0620-49F9-8B30-EB0EB63CD8D7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5736041B-2428-4CB6-92BE-41F759FF452E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5AFF0BB1-F22A-4A7D-AFC9-626E79C403E2}" = rport=139 | protocol=6 | dir=out | app=system |
"{7894CC7A-7F07-4D24-9F45-98D5B7F93B82}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{79A0F1F6-4347-4B03-B327-859FF30E1F2D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{81D966EE-680C-4E80-8641-2016AAFD68BC}" = rport=445 | protocol=6 | dir=out | app=system |
"{84E5BB27-A286-43E6-8E13-2EE73DC5C97B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AF2F4FCF-9BB2-4B71-A94D-FB17D9B1B708}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B272D182-5C55-4098-818E-FF147F88082A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C7451077-FE52-471E-8680-3D558793F92C}" = lport=445 | protocol=6 | dir=in | app=system |
"{CE300F09-FCB9-41C6-AE74-E33D22E6821B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D23DC491-BDCA-4637-9595-AF28E6FE1C6A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DE6405A6-B77D-4210-B41B-DDE98C7D97E5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E19E57E9-3650-49C9-8118-9766D1C42CE1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E30BCE4D-9EDA-458C-9122-6463C6B27883}" = rport=138 | protocol=17 | dir=out | app=system |
"{E3E60199-658C-4619-B0AD-A55B011FC85B}" = lport=139 | protocol=6 | dir=in | app=system |
"{F40C3134-0729-4EDA-8EEC-08AA303B84FB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FBBB518B-98F2-4971-83BF-3F7134F3A331}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E6FB23-6DA3-4242-A4E5-3701DCECE1F9}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{054EA95F-4DA9-4C05-9DAD-1D3FA2E9F80E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jabia\jaggedalliancebia.exe |
"{05C3EE2B-C515-4533-AB89-6E59DDEEDAFA}" = protocol=6 | dir=in | app=e:\spiele\cod5\codwaw.exe |
"{07580A8A-B7C5-4509-8615-6AE1BDED95FD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{077EF7A3-135F-4385-8F55-B11B8DA9B608}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orb.exe |
"{08D8D773-2BC7-4573-8090-FD22CAFF3412}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{0A8B3C3D-0311-4EF9-9C09-2F0EADCBF110}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\colonel_rupert\counter-strike\hl.exe |
"{0AEA87AB-FAAF-4C7A-BFA8-7FEC11476104}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0C2B9AA9-763F-4198-AC73-630973E9C1F6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{0C2C3BF6-98A0-4AEE-A428-67EDBCAAF51D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\raceroom racing experience\game\game.exe |
"{0C2C99E4-071E-4060-9C03-7B9D6279C597}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{0F03D439-FEEB-4364-ADA7-4F04A037319C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{12F2B97C-07E2-4E76-BA5C-1DF742EAB37B}" = protocol=17 | dir=in | app=e:\spiele\aoe3\age3y.exe |
"{1310F481-7437-4F67-A16E-3283499F5E24}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orb.exe |
"{15BC866A-5FD8-4B80-BBF8-39DC34C51CC1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{19ADC9B6-B47A-41FD-BC7D-96AEF7D5A282}" = protocol=17 | dir=in | app=e:\spiele\siedler7\data\base\_dbg\bin\release\settlers7r.exe |
"{1B304135-B052-4FBA-A001-19DA038AF239}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{214732B4-BF58-4EDA-A080-192D6FDA46C8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold kingdoms\strongholdkingdoms.exe |
"{2461B769-C6EA-4602-B584-D94FBCE8B428}" = protocol=6 | dir=in | app=e:\spiele\cod5\codwawmp.exe |
"{2541865F-2910-434B-B4BE-E805E213CA68}" = protocol=6 | dir=in | app=e:\spiele\aoe3\age3.exe |
"{286EA869-451F-4A03-BC44-425C44C90C66}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2C06E429-634A-47D6-86F6-2CBEAC38DE5A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2D2AC922-A2DF-4BE6-BEEB-88CF596C7556}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2D80E971-2041-4AFE-A498-AD1CF887A33F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2E035B64-5290-4790-AEE7-C32FBAEE315E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\colonel_rupert\day of defeat source\hl2.exe |
"{30AB8985-E456-4625-AD65-2471AE4AED6B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{3514B108-0653-4197-B172-BBC936ED827F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{35AA3EF7-4D6C-4714-9F9D-3D3211ABDA90}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{381A532F-5A05-4F33-B881-AEE88922EE48}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3BBBE8AA-895F-4811-B269-5CE4BF91AEC5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{3D88B16D-DD03-4F2C-8734-FDFEC420076D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3E1C7012-E7E5-4791-BB85-27671F4447B6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{3F25EA5E-EE6C-49DF-BA39-AC9E186A76D5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{404837FF-C7AA-411D-82C2-7646FF47D7CD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{421F607B-1D83-4B38-808E-A1A0B9B8D483}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbir.exe |
"{45BB8C0D-D3E0-4DC8-952D-7C10883099F3}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbtray.exe |
"{46979661-1A7D-4115-8FDD-A4DBA2810EA2}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{4A707C73-AE37-4862-B974-10DE03C7D2EB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe |
"{4B51CABF-8A32-44D7-8693-9719464E1334}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4C5DE31D-D6D9-4A2A-9B00-A29969B62904}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{4DD5977F-F9EC-4964-BADA-CCEAF9096622}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{4E6DB1FC-91E1-4028-B877-8E4BFE36A5F4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4ED894D9-661C-4ADA-80CE-0F585E2A252A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jabia\jaggedalliancebia.exe |
"{503A2F0A-9939-467A-8796-5D9C50038EBA}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbir.exe |
"{50998A1C-7A44-4B57-8B99-21AA46DF11E7}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{589F6512-C3F6-4B88-AF0F-5DA621E09556}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{59AA5DE6-8393-4C3F-989D-24749BB54257}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{5BF66DF5-CB69-4EAC-8043-91A4A1462EFE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{636726B0-651C-43B0-9072-66D257B8E43A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{65FD69FB-D410-403C-9AB4-810956EF7A30}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe |
"{6BE1EE97-4E57-446A-8599-B5BD431CAE02}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{6E2A3E9B-9B9E-4568-A2CC-1B489CF31E4C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{6E43936A-4E8C-4B85-8A68-B70E2EA9359E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{6F7F0D8B-CF94-4DAB-8899-5EE00B249583}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{7042CDAA-58A7-4296-9309-394C72A4531B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe |
"{73090EC4-20D6-4CFE-B950-443733385A0B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7344154E-1787-4B57-815D-6223232A8114}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\raceroom racing experience\game\game.exe |
"{735CF020-5780-4FA6-9A1B-A2FE17326652}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{74816813-1FE5-4B0D-B5A8-4DABF8AD0036}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{7817AD43-9F26-431F-9FFE-F60CFCE2B5F7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{7A9914B4-82B0-4E81-9F4A-B07610E9EF0B}" = protocol=17 | dir=in | app=e:\spiele\aoe3\age3.exe |
"{7AA2B1E1-4C7C-463D-A4D6-3951D9C3DBD9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\colonel_rupert\condition zero\hl.exe |
"{7DADF655-B3F0-43A1-A830-FD44E631FCC1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold kingdoms\strongholdkingdoms.exe |
"{7E05CC31-77B2-4D0F-8B55-BC3FA021BFDE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7EBBB4BC-5FBB-4AFB-BFA0-357232F5FAF2}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{85F229A8-4419-498C-A01B-2C3D5F4D641A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{866CCE7C-2BF2-448B-BDC1-479B88111B07}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{87BAE3C4-03D6-4898-A768-45BB66001171}" = protocol=6 | dir=out | app=system |
"{88CBF377-6872-4A63-9BBF-F6E5DD8680E9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\raceroom racing experience\rrrelauncher.exe |
"{8AA16ACD-3E36-4CB0-832B-C93704C164F3}" = protocol=6 | dir=in | app=e:\spiele\aoe3\age3y.exe |
"{8CDF73C8-858E-42EF-A51A-80DC1E8E15DA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\raceroom racing experience\rrrelauncher.exe |
"{9B96EC74-E688-4572-B4F5-CFE83D34F544}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{9C80CFBE-B900-42E8-A792-0A9F0A584F59}" = protocol=17 | dir=in | app=e:\spiele\aoe3\age3x.exe |
"{9ED4BEA0-7FEC-4F76-880C-F68F8EB1E354}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{9F79AF19-145C-4142-B285-4F684C16225D}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{9F9842C6-8F9A-4BA3-8E7F-94D319FB0B3C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A4E9BDBA-693B-4331-80D8-0D3E4B02ADEA}" = protocol=6 | dir=in | app=e:\spiele\aoe3\age3x.exe |
"{A5272678-E8E9-45BE-A5EC-D4E329FAE6F6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{A6631A01-C352-4A94-B542-CE908EFC0D21}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\colonel_rupert\condition zero\hl.exe |
"{A94F224C-7092-49E7-B2F0-133F551C5605}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{AA545C2D-AA18-4F17-A36D-739D46ED4153}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{AB1B09FC-82A1-4C56-9254-7E1C5BBC8731}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ADB9A187-EFF8-4F64-B4C8-3ED7FD413235}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{ADC7B4A2-ACD3-411E-87B2-C277055433C8}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbstreamerclient.exe |
"{B02CF37E-5A77-4199-A4D8-AFDF5A635D56}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B16FE913-1A89-4DC0-B41F-F414BE5F830E}" = protocol=17 | dir=in | app=e:\spiele\cod5\codwaw.exe |
"{B17085D3-A9D6-4817-AD99-D955A45024A5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{B17100CA-17CE-4150-A2DA-5A8F0EABB94C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B72C7738-90AE-48C6-B34C-786F9B874AE6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{B7E74A6B-F724-48C7-AB7A-34358675ED4C}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{B9FFF488-B14E-4BD9-9C03-D95FB87E179B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{BF8BD73B-5558-4536-94C1-A8C806788C86}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe |
"{BFB72513-72D7-4A9A-9B46-E1F2A57B0703}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C2C80006-EF14-4327-9E75-F5EA98BE115E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{C30C3BDD-5F3E-4E49-A37C-9541160FE5A2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{C3CA0C3F-BFD8-4C24-8D3A-6C22348D6858}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C3FFA8AF-C06C-4F6B-84F0-9FBFAC904C3E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{C4BF007D-01E1-4A7E-8438-984586DC954B}" = protocol=17 | dir=in | app=e:\spiele\cod5\codwawmp.exe |
"{C833D624-AF59-4850-8869-60D1A4B33CA7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{C93AAFCD-76D1-4BBF-AEE0-F7208064106E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{C9898265-B8E3-4A7D-ACA7-0BA6F416DEE6}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{CFE5D9BD-B8B2-440B-960E-9E0E415699B0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D18D6F57-3771-4B4B-BB69-BF0C8512C13C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D2DD9451-484D-4823-A9C7-D53EBD8EE8D8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{D3E8C059-1E59-4F64-B406-67611AC6A8ED}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D7626257-AAC1-41D6-AFC4-238FA52622F0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DAB4CD7F-0662-47DD-BB85-A6BFDF571D13}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{DCA6EA49-9DF9-4D8F-A6D6-F9E70E7FCED9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{DEA25C29-4A11-4D82-B43E-403E2E2BBF49}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{DF2DDAE8-ECF3-442A-91CA-D1643B4151F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DF6933A9-6AE5-41BD-825C-399C191FC128}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbstreamerclient.exe |
"{E480EDE6-5DDF-4ED2-A8FE-64D489E38B00}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{E650825D-7F90-4355-9ADD-F9FC1937D892}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{E78AA04F-DF5E-45AB-B5E6-B51B55563F0E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E85340AF-63A8-4EBC-A9AA-FAA4B7E2B734}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\colonel_rupert\counter-strike\hl.exe |
"{F2FD3843-4419-4976-A806-63CD53789F0D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{F54925D3-CFAF-4EBB-8D2F-B0AA8843C8B6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F58271FC-30A4-4759-9558-0E4C3E8D1EC7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{F59C3E8A-4F96-4836-AC26-42FF83024F2C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{F882A011-6DDC-419F-B0A0-852F3A6A921A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{FD54ABA5-B77A-40DC-AB58-7116EC1132CF}" = protocol=6 | dir=in | app=e:\spiele\siedler7\data\base\_dbg\bin\release\settlers7r.exe |
"{FD6C5812-B25E-4F16-AF29-9376DC50F032}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{FE7BA24D-030E-489C-B51D-B09D1F5E57B3}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbtray.exe |
"{FFF53E56-0C85-48CC-9F2F-55F30652C7D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\colonel_rupert\day of defeat source\hl2.exe |
"TCP Query User{397E5F7C-ED76-41BE-9755-F2C15C981A1B}E:\spiele\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe |
"TCP Query User{3F320F3B-C879-4A4F-9747-66B2C0DFDBCE}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{45BB1599-04CC-4D60-AF61-F9B601CDC777}C:\spiele\flatout2\flatout2.exe" = protocol=6 | dir=in | app=c:\spiele\flatout2\flatout2.exe |
"TCP Query User{6FD525AD-2E6D-4D58-8964-1C65DAF13B79}C:\program files (x86)\steam\steamapps\colonel_rupert\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\colonel_rupert\counter-strike source\hl2.exe |
"TCP Query User{773A2BD8-44F5-417E-8F32-91124C816AD4}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{785F97DD-1BD2-4450-8F2F-72F10B6F1734}E:\spiele\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe |
"TCP Query User{AAA40CB2-6161-40CF-B1ED-9054A550C49D}E:\spiele\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe |
"TCP Query User{B0B97121-0006-4665-AF66-339D9DA18115}E:\spiele\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\launcher.exe |
"TCP Query User{C34E1293-DEE9-4A7A-B1E9-FE1C79A31D1E}C:\program files (x86)\steam\steamapps\colonel_rupert\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\colonel_rupert\half-life 2 deathmatch\hl2.exe |
"TCP Query User{CF1D0499-9909-4C52-A29E-AC177C13A5BA}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{F493E34A-82C1-4825-AC5E-D9AFB7A23FCC}E:\spiele\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe |
"TCP Query User{F7F8A517-D8C9-4ACF-A1B3-1F42C81146F8}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{0F42C98A-B149-4171-A049-8CE72D128E8B}E:\spiele\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe |
"UDP Query User{1A47F07C-63B7-4951-AE26-1D5F42681BFA}E:\spiele\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\launcher.exe |
"UDP Query User{235155FE-27CD-4B3E-A184-6E6A9776C656}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{2C996CD0-8E9D-482B-80AF-A08D495459A3}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{309EEDE6-1D13-4613-9DC6-96D618748B9A}E:\spiele\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe |
"UDP Query User{42C7F33F-FEF9-4CCA-9494-FDF5D186BFB3}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{6A5471D0-B87D-4662-9A9F-26B4F55FCCAE}C:\program files (x86)\steam\steamapps\colonel_rupert\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\colonel_rupert\half-life 2 deathmatch\hl2.exe |
"UDP Query User{72CEA518-7B3F-4AE1-BDAC-4056BED304EC}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{8F269242-B2EB-423E-A571-F2314F2D7E98}C:\program files (x86)\steam\steamapps\colonel_rupert\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\colonel_rupert\counter-strike source\hl2.exe |
"UDP Query User{991B02F0-A9D6-4D5F-814E-579144385029}E:\spiele\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe |
"UDP Query User{A7035416-062F-4D8E-B839-570E4C6A8B2D}C:\spiele\flatout2\flatout2.exe" = protocol=17 | dir=in | app=c:\spiele\flatout2\flatout2.exe |
"UDP Query User{DA7E4BB5-61C4-4EB9-99E3-159B594F75CB}E:\spiele\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{78F697ED-EC97-4D8D-881D-838984EA9855}" = 64 Bit HP CIO Components Installer
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F68310EC-B615-4044-B7D7-1A6349758D42}" = Microsoft SQL Server VSS Writer
"{F90F5A11-53E6-4045-ACB1-BC03D71FB06C}" = Microsoft SQL Server Native Client
"{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01339AE5-04D4-43F8-008E-13AD788DC4F7}" = SimCity 4
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20962D9D-D7B9-4AEE-B72B-5C9A45A1B402}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3521F7CF-9343-4C1F-AE5E-0D2A57A18D2B}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{40C4903E-EDFB-4CAE-A611-41FEBA585921}" = VTech Download Agent Library
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7613592F-B20C-4E1B-B2DD-67F0784D4373}" = Energy Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E641E46-81DB-4D1D-906A-48342523051C}" = FlatOut2
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140011-0061-0407-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Deutsch
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9605D5C2-F545-40F2-B39A-0462E4CD3811}" = Windows Vista Demo Screen Saver
"{97EE1BAC-C04F-4935-8110-B1BBAB99D09D}" = Call of Duty(R) - World at War(TM) 1.4.1 Patch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}" = Watson
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAC3B914-9A96-4097-A5C7-7BF0CAD679D3}" = TransportGigant
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam-Software
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E237FA24-CFB3-431F-B356-DF8FB116DE4B}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EF59DB7F-7426-426E-B862-7031F83ED304}" = SystemDiagnostics
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Diablo III" = Diablo III
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.0.2
"Google Desktop" = Google Desktop
"HP Photo Creations" = HP Photo Creations
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{20962D9D-D7B9-4AEE-B72B-5C9A45A1B402}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{3521F7CF-9343-4C1F-AE5E-0D2A57A18D2B}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{97EE1BAC-C04F-4935-8110-B1BBAB99D09D}" = Call of Duty(R) - World at War(TM) 1.4.1 Patch
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E237FA24-CFB3-431F-B356-DF8FB116DE4B}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.1.0 (Full)
"MAGIX Foto Manager 2008 D" = MAGIX Foto Manager 2008 5.0.3.351 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Media Suite D" = MAGIX Media Suite 1.12.0.89 (D)
"MAGIX Music Manager 2007 D" = MAGIX Music Manager 2007 8.2.0.76 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX Ringtone Maker SE D" = MAGIX Ringtone Maker SE 3.1.0.4 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Orb" = Winamp Remote
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"Ravensburger tiptoi" = Ravensburger tiptoi
"Steam App 211500" = RaceRoom Racing Experience
"Steam App 240" = Counter-Strike: Source
"Steam App 47410" = Stronghold Kingdoms
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 57740" = Jagged Alliance - Back in Action
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 745" = Counter-Strike: Global Offensive - SDK
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.2
"VTechDownloadManager" = VTech Download Manager
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XSManager" = XSManager
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Google Chrome Frame" = Google Chrome Frame
"Winamp Detect" = Winamp Erkennungs-Plug-in
"Winamp Toolbar" = Winamp Toolbar
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16.06.2013 09:05:20 | Computer Name = Colonel_Rupe-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 18.06.2013 09:19:02 | Computer Name = Colonel_Rupe-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.06.2013 09:23:21 | Computer Name = Colonel_Rupe-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 18.06.2013 09:24:37 | Computer Name = Colonel_Rupe-PC | Source = MsiInstaller | ID = 10005
Description =
Error - 18.06.2013 09:24:37 | Computer Name = Colonel_Rupe-PC | Source = MsiInstaller | ID = 1024
Description =
Error - 18.06.2013 14:58:21 | Computer Name = Colonel_Rupe-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16490, Zeitstempel
0x51955cca, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x107d83ff, Prozess-ID 0x1738, Anwendungsstartzeit
01ce6c55c9608e16.
Error - 19.06.2013 01:08:10 | Computer Name = Colonel_Rupe-PC | Source = WinMgmt | ID = 10
Description =
Error - 19.06.2013 01:12:46 | Computer Name = Colonel_Rupe-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 19.06.2013 01:13:57 | Computer Name = Colonel_Rupe-PC | Source = MsiInstaller | ID = 10005
Description =
Error - 19.06.2013 01:13:57 | Computer Name = Colonel_Rupe-PC | Source = MsiInstaller | ID = 1024
Description =
[ System Events ]
Error - 18.06.2013 16:27:22 | Computer Name = Colonel_Rupe-PC | Source = DCOM | ID = 10016
Description =
Error - 18.06.2013 17:20:10 | Computer Name = Colonel_Rupe-PC | Source = DCOM | ID = 10016
Description =
Error - 18.06.2013 17:20:11 | Computer Name = Colonel_Rupe-PC | Source = DCOM | ID = 10016
Description =
Error - 19.06.2013 01:08:12 | Computer Name = Colonel_Rupe-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 19.06.2013 01:08:12 | Computer Name = Colonel_Rupe-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 19.06.2013 01:09:41 | Computer Name = Colonel_Rupe-PC | Source = DCOM | ID = 10016
Description =
Error - 19.06.2013 01:09:46 | Computer Name = Colonel_Rupe-PC | Source = DCOM | ID = 10016
Description =
Error - 19.06.2013 01:10:19 | Computer Name = Colonel_Rupe-PC | Source = Service Control Manager | ID = 7038
Description =
Error - 19.06.2013 01:10:19 | Computer Name = Colonel_Rupe-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 19.06.2013 01:14:44 | Computer Name = Colonel_Rupe-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
< End of report >
|
|
19.06.2013, 08:54
| #2 |
| /// Helfer-Team  | Online-Banking-Trojaner! hast du die Funde entfernen lassen?
__________________ |
|
19.06.2013, 08:55
| #3 |
| | Online-Banking-Trojaner! GMER Logfile:
__________________Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-19 08:17:25
Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\00000052 WDC_WD10 rev.01.0 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\COLONE~1\AppData\Local\Temp\kwroqaod.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\PnkBstrA.exe[2168] C:\Windows\SysWOW64\WSOCK32.dll!recv + 81 0000000073ab18a9 2 bytes CALL 759d142d C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2168] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 87 0000000073ab190e 2 bytes CALL 759d142d C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2168] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000073ab19f0 2 bytes JMP 764c8400 C:\Windows\syswow64\WS2_32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2168] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000073ab19fb 2 bytes JMP 764d8b38 C:\Windows\syswow64\WS2_32.dll
.text C:\Windows\vVX3000.exe[4080] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll + 1 00000000779d17d8 3 bytes [CB, D0, 20]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll + 5 00000000779d17dc 1 byte [C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000779ea370 4 bytes [68, A0, CF, 20]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000779ea375 1 byte [C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077a14572 6 bytes [68, 03, 58, 21, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077a1457d 6 bytes [68, BD, 57, 21, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077a145e0 6 bytes [68, 8F, 58, 21, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077a145eb 6 bytes [68, 49, 58, 21, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000759e1e70 6 bytes [68, 34, D3, 20, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000759e9392 6 bytes [68, F3, D2, 20, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!GetCursorPos 00000000755c8100 6 bytes [68, 55, DC, 20, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000755c8178 6 bytes [68, 72, DE, 20, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!TranslateMessage 00000000755c8b19 6 bytes [68, A5, 5D, 21, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000755c9151 6 bytes [68, 50, 19, 20, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 00000000755c91a8 6 bytes [68, E3, 19, 20, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000755c95a8 6 bytes [68, 9D, DE, 20, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!GetCapture 00000000755c9c1e 6 bytes [68, 83, DD, 20, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!GetMessagePos 00000000755c9c69 6 bytes [68, 23, DC, 20, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!ReleaseDC 00000000755ca14f 6 bytes [68, 10, 19, 20, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!GetDC 00000000755ca17a 4 bytes [68, 92, 18, 20]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!GetDC + 5 00000000755ca17f 1 byte [C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000755ca1be 4 bytes [68, D1, 18, 20]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000755ca1c3 1 byte [C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!RegisterClassW 00000000755caff2 6 bytes [68, C1, 5A, 21, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!RegisterClassA 00000000755cb68f 6 bytes [68, 0E, 5B, 21, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!EndPaint 00000000755cc09e 4 bytes [68, F7, 17, 20]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!EndPaint + 5 00000000755cc0a3 1 byte [C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!BeginPaint 00000000755cc0bb 4 bytes [68, 87, 17, 20]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 00000000755cc0c0 1 byte [C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!CallWindowProcW 00000000755cc487 6 bytes [68, F3, 59, 21, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!GetDCEx 00000000755ce429 4 bytes [68, 37, 18, 20]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 00000000755ce42e 1 byte [C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!ReleaseCapture 00000000755cf2a0 6 bytes [68, 33, DD, 20, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!SetCapture 00000000755cf2ad 4 bytes [68, D9, DC, 20]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!SetCapture + 5 00000000755cf2b2 1 byte [C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!CallWindowProcA 00000000755cf623 6 bytes [68, 3C, 5A, 21, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!RegisterClassExW 00000000755d1939 6 bytes [68, 5B, 5B, 21, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!RegisterClassExA 00000000755d3149 6 bytes [68, AD, 5B, 21, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000755d5c31 6 bytes [68, 4A, DE, 20, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000755d5e37 6 bytes [68, 22, DE, 20, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000755d687e 6 bytes [68, D5, 58, 21, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000755d6d81 6 bytes [68, 67, 59, 21, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000755e7299 6 bytes [68, 54, 5F, 21, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!SwitchDesktop 000000007560259e 6 bytes [68, 9F, 57, 21, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075602a58 6 bytes [68, 9C, DC, 20, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007561bd3d 6 bytes [68, 1E, 59, 21, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 000000007561bd61 6 bytes [68, AD, 59, 21, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000756263dd 4 bytes [68, 4F, 57, 21]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000756263e2 1 byte [C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 000000007622ceb9 6 bytes [68, 9A, D3, 20, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000076241ee9 6 bytes [68, B1, D3, 20, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000764c330c 6 bytes [68, 27, E3, 20, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 00000000764c418a 6 bytes [68, 38, DF, 20, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000764c4496 6 bytes [68, 80, E3, 20, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\WS2_32.dll!send 00000000764c659b 6 bytes [68, 5F, E3, 20, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000764d62d4 6 bytes [68, C8, DE, 20, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000075c6c664 6 bytes [68, DC, 08, 21, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000075c6e13a 6 bytes [68, 7C, 0A, 21, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000075c6f8d8 6 bytes [68, 49, 09, 21, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000075c73184 6 bytes [68, 50, 0A, 21, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000075c95761 6 bytes [68, 1E, 06, 21, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075c95fef 6 bytes [68, DA, 05, 21, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000075c9632d 6 bytes [68, 62, 06, 21, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000075c9fa49 6 bytes [68, 77, 09, 21, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000075caf564 6 bytes [68, 0C, 07, 21, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000075caf639 6 bytes [68, 46, 08, 21, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000075cc4f2f 6 bytes [68, F6, 09, 21, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000075cc525a 6 bytes [68, B7, 06, 21, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000075d0ece5 6 bytes [68, A9, 07, 21, 00, C3]
.text C:\Windows\vVX3000.exe[4080] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000075d0edb7 6 bytes [68, 91, 08, 21, 00, C3]
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4092] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll + 1 00000000779d17d8 3 bytes [CB, D0, 36]
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4092] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll + 5 00000000779d17dc 1 byte [C3]
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4092] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000779ea370 4 bytes [68, A0, CF, 36]
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4092] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000779ea375 1 byte [C3]
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4092] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077a14572 6 bytes [68, 03, 58, 37, 00, C3]
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4092] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077a1457d 6 bytes [68, BD, 57, 37, 00, C3]
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4092] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077a145e0 6 bytes [68, 8F, 58, 37, 00, C3]
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4092] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077a145eb 6 bytes [68, 49, 58, 37, 00, C3]
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4092] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000759e1e70 6 bytes [68, 34, D3, 36, 00, C3]
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4092] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000759e9392 6 bytes [68, F3, D2, 36, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Update\GoogleUpdate.exe[1056] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll + 1 00000000779d17d8 3 bytes [CB, D0, 2D]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Update\GoogleUpdate.exe[1056] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll + 5 00000000779d17dc 1 byte [C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Update\GoogleUpdate.exe[1056] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000779ea370 4 bytes [68, A0, CF, 2D]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Update\GoogleUpdate.exe[1056] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000779ea375 1 byte [C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Update\GoogleUpdate.exe[1056] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077a14572 6 bytes [68, 03, 58, 2E, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Update\GoogleUpdate.exe[1056] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077a1457d 6 bytes [68, BD, 57, 2E, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Update\GoogleUpdate.exe[1056] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077a145e0 6 bytes [68, 8F, 58, 2E, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Update\GoogleUpdate.exe[1056] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077a145eb 6 bytes [68, 49, 58, 2E, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Update\GoogleUpdate.exe[1056] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000759e1e70 6 bytes [68, 34, D3, 2D, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Update\GoogleUpdate.exe[1056] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000759e9392 6 bytes [68, F3, D2, 2D, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Roaming\Dyduw\anuku.exe[2968] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 00000000764c418a 6 bytes [68, 38, DF, 41, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Roaming\Dyduw\anuku.exe[2968] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000764d62d4 6 bytes [68, C8, DE, 41, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll + 1 00000000779d17d8 3 bytes [CB, D0, 09]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll + 5 00000000779d17dc 1 byte [C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000779ea370 4 bytes [68, A0, CF, 09]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000779ea375 1 byte [C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077a14572 6 bytes [68, 03, 58, 0A, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077a1457d 6 bytes [68, BD, 57, 0A, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077a145e0 6 bytes [68, 8F, 58, 0A, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077a145eb 6 bytes [68, 49, 58, 0A, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000759e1e70 6 bytes [68, 34, D3, 09, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000759e9392 6 bytes [68, F3, D2, 09, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!GetCursorPos 00000000755c8100 6 bytes [68, 55, DC, 09, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000755c8178 6 bytes [68, 72, DE, 09, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!TranslateMessage 00000000755c8b19 6 bytes [68, A5, 5D, 0A, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000755c9151 6 bytes [68, 50, 19, 09, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 00000000755c91a8 6 bytes [68, E3, 19, 09, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000755c95a8 6 bytes [68, 9D, DE, 09, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!GetCapture 00000000755c9c1e 6 bytes [68, 83, DD, 09, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!GetMessagePos 00000000755c9c69 6 bytes [68, 23, DC, 09, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!ReleaseDC 00000000755ca14f 6 bytes [68, 10, 19, 09, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!GetDC 00000000755ca17a 4 bytes [68, 92, 18, 09]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!GetDC + 5 00000000755ca17f 1 byte [C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000755ca1be 4 bytes [68, D1, 18, 09]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000755ca1c3 1 byte [C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!RegisterClassW 00000000755caff2 6 bytes [68, C1, 5A, 0A, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!RegisterClassA 00000000755cb68f 6 bytes [68, 0E, 5B, 0A, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!EndPaint 00000000755cc09e 4 bytes [68, F7, 17, 09]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!EndPaint + 5 00000000755cc0a3 1 byte [C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!BeginPaint 00000000755cc0bb 4 bytes [68, 87, 17, 09]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 00000000755cc0c0 1 byte [C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!CallWindowProcW 00000000755cc487 6 bytes [68, F3, 59, 0A, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!GetDCEx 00000000755ce429 4 bytes [68, 37, 18, 09]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 00000000755ce42e 1 byte [C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!ReleaseCapture 00000000755cf2a0 6 bytes [68, 33, DD, 09, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!SetCapture 00000000755cf2ad 4 bytes [68, D9, DC, 09]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!SetCapture + 5 00000000755cf2b2 1 byte [C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!CallWindowProcA 00000000755cf623 6 bytes [68, 3C, 5A, 0A, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!RegisterClassExW 00000000755d1939 6 bytes [68, 5B, 5B, 0A, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!RegisterClassExA 00000000755d3149 6 bytes [68, AD, 5B, 0A, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000755d5c31 6 bytes [68, 4A, DE, 09, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000755d5e37 6 bytes [68, 22, DE, 09, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000755d687e 6 bytes [68, D5, 58, 0A, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000755d6d81 6 bytes [68, 67, 59, 0A, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000755e7299 6 bytes [68, 54, 5F, 0A, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!SwitchDesktop 000000007560259e 6 bytes [68, 9F, 57, 0A, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075602a58 6 bytes [68, 9C, DC, 09, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007561bd3d 6 bytes [68, 1E, 59, 0A, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 000000007561bd61 6 bytes [68, AD, 59, 0A, 00, C3]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000756263dd 4 bytes [68, 4F, 57, 0A]
.text C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[2200] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000756263e2 1 byte [C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll + 1 00000000779d17d8 5 bytes [CB, D0, 05, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000779ea370 6 bytes [68, A0, CF, 05, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077a14572 6 bytes [68, 03, 58, 06, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077a1457d 6 bytes [68, BD, 57, 06, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077a145e0 6 bytes [68, 8F, 58, 06, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077a145eb 6 bytes [68, 49, 58, 06, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000759e1e70 6 bytes [68, 34, D3, 05, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000759e9392 6 bytes [68, F3, D2, 05, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 000000007622ceb9 6 bytes [68, 9A, D3, 05, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000076241ee9 6 bytes [68, B1, D3, 05, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\USER32.dll!GetCursorPos 00000000755c8100 6 bytes [68, 55, DC, 05, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000755c8178 6 bytes [68, 72, DE, 05, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\USER32.dll!TranslateMessage 00000000755c8b19 6 bytes [68, A5, 5D, 06, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000755c9151 6 bytes [68, 50, 19, 05, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 00000000755c91a8 6 bytes [68, E3, 19, 05, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000755c95a8 6 bytes [68, 9D, DE, 05, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\USER32.dll!GetCapture 00000000755c9c1e 6 bytes [68, 83, DD, 05, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\USER32.dll!GetMessagePos 00000000755c9c69 6 bytes [68, 23, DC, 05, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\USER32.dll!ReleaseDC 00000000755ca14f 6 bytes [68, 10, 19, 05, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\USER32.dll!GetDC 00000000755ca17a 6 bytes [68, 92, 18, 05, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000755ca1be 6 bytes [68, D1, 18, 05, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\USER32.dll!RegisterClassW 00000000755caff2 6 bytes [68, C1, 5A, 06, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\USER32.dll!RegisterClassA 00000000755cb68f 6 bytes [68, 0E, 5B, 06, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\USER32.dll!EndPaint 00000000755cc09e 6 bytes [68, F7, 17, 05, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\USER32.dll!BeginPaint 00000000755cc0bb 6 bytes [68, 87, 17, 05, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\USER32.dll!CallWindowProcW 00000000755cc487 6 bytes [68, F3, 59, 06, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\USER32.dll!GetDCEx 00000000755ce429 6 bytes [68, 37, 18, 05, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\USER32.dll!ReleaseCapture 00000000755cf2a0 6 bytes [68, 33, DD, 05, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\USER32.dll!SetCapture 00000000755cf2ad 6 bytes [68, D9, DC, 05, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\USER32.dll!CallWindowProcA 00000000755cf623 6 bytes [68, 3C, 5A, 06, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\USER32.dll!RegisterClassExW 00000000755d1939 6 bytes [68, 5B, 5B, 06, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\USER32.dll!RegisterClassExA 00000000755d3149 6 bytes [68, AD, 5B, 06, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000755d5c31 6 bytes [68, 4A, DE, 05, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000755d5e37 6 bytes [68, 22, DE, 05, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000755d687e 6 bytes [68, D5, 58, 06, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000755d6d81 6 bytes [68, 67, 59, 06, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000755e7299 6 bytes [68, 54, 5F, 06, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\USER32.dll!SwitchDesktop 000000007560259e 6 bytes [68, 9F, 57, 06, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075602a58 6 bytes [68, 9C, DC, 05, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007561bd3d 6 bytes [68, 1E, 59, 06, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 000000007561bd61 6 bytes [68, AD, 59, 06, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000756263dd 6 bytes [68, 4F, 57, 06, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000764c330c 6 bytes [68, 27, E3, 05, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 00000000764c418a 6 bytes [68, 38, DF, 05, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000764c4496 6 bytes [68, 80, E3, 05, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\WS2_32.dll!send 00000000764c659b 6 bytes [68, 5F, E3, 05, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000764d62d4 6 bytes [68, C8, DE, 05, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000075c6c664 6 bytes [68, DC, 08, 06, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000075c6e13a 6 bytes [68, 7C, 0A, 06, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000075c6f8d8 6 bytes [68, 49, 09, 06, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000075c73184 6 bytes [68, 50, 0A, 06, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000075c95761 6 bytes [68, 1E, 06, 06, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075c95fef 6 bytes [68, DA, 05, 06, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000075c9632d 6 bytes [68, 62, 06, 06, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000075c9fa49 6 bytes [68, 77, 09, 06, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000075caf564 6 bytes [68, 0C, 07, 06, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000075caf639 6 bytes [68, 46, 08, 06, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000075cc4f2f 6 bytes [68, F6, 09, 06, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000075cc525a 6 bytes [68, B7, 06, 06, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000075d0ece5 6 bytes [68, A9, 07, 06, 01, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3348] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000075d0edb7 6 bytes [68, 91, 08, 06, 01, C3]
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [992:1916] 000007fefaa02d14
Thread C:\Windows\System32\svchost.exe [992:3740] 000007fefaa09ab4
Thread C:\Program Files\Microsoft LifeCam\MSCamS64.exe [1112:2824] 000007fef953a270
Thread C:\Windows\system32\SearchIndexer.exe [2836:3160] 000007fef6ee39f0
---- EOF - GMER 2.1 ----
Hallo, ich glaube die sind in Quarantäne! |
|
19.06.2013, 09:12
| #4 |
| /// Helfer-Team | Online-Banking-Trojaner! Downloade Dir bitte  AdwCleaner auf deinen Desktop.
dann: ESET Online Scanner
|
|
19.06.2013, 09:28
| #5 |
| | Online-Banking-Trojaner! AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 19/06/2013 um 10:21:30 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Colonel_Rupert - COLONEL_RUPE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Colonel_Rupert\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\.autoreg
Datei Gelöscht : C:\Users\Colonel_Rupert\AppData\Roaming\Mozilla\Firefox\Profiles\te1n46k6.default\searchplugins\aol-web-search.xml
Datei Gelöscht : C:\Users\Colonel_Rupert\AppData\Roaming\Mozilla\Firefox\Profiles\te1n46k6.default\searchplugins\askcomsearch.xml
Datei Gelöscht : C:\Users\Colonel_Rupert\AppData\Roaming\Mozilla\Firefox\Profiles\te1n46k6.default\searchplugins\Conduit.xml
Gelöscht mit Neustart : C:\Program Files (x86)\Ask.com
Gelöscht mit Neustart : C:\Program Files (x86)\ICQ6Toolbar
Gelöscht mit Neustart : C:\Program Files (x86)\Winamp Toolbar
Gelöscht mit Neustart : C:\ProgramData\Ask
Gelöscht mit Neustart : C:\ProgramData\boost_interprocess
Gelöscht mit Neustart : C:\ProgramData\ICQ\ICQToolbar
Gelöscht mit Neustart : C:\ProgramData\Winamp Toolbar
Gelöscht mit Neustart : C:\Users\COLONE~1\AppData\Local\Temp\AskSearch
Gelöscht mit Neustart : C:\Users\Colonel_Rupert\AppData\Local\AskToolbar
Gelöscht mit Neustart : C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\anpiogajjmckmlehhpjnojhebaidkeod
Gelöscht mit Neustart : C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\anpiogajjmckmlehhpjnojhebaidkeod
Gelöscht mit Neustart : C:\Users\Colonel_Rupert\AppData\Local\OpenCandy
Gelöscht mit Neustart : C:\Users\Colonel_Rupert\AppData\Local\PackageAware
Gelöscht mit Neustart : C:\Users\Colonel_Rupert\AppData\LocalLow\AskToolbar
Gelöscht mit Neustart : C:\Users\Colonel_Rupert\AppData\LocalLow\Conduit
Gelöscht mit Neustart : C:\Users\Colonel_Rupert\AppData\Roaming\Mozilla\Firefox\Profiles\te1n46k6.default\Conduit
Gelöscht mit Neustart : C:\Users\Colonel_Rupert\AppData\Roaming\Mozilla\Firefox\Profiles\te1n46k6.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
Gelöscht mit Neustart : C:\Users\Colonel_Rupert\AppData\Roaming\Mozilla\Firefox\Profiles\te1n46k6.default\extensions\toolbar@ask.com
Gelöscht mit Neustart : C:\Users\Colonel_Rupert\AppData\Roaming\Mozilla\Firefox\Profiles\te1n46k6.default\WinampToolbarData
Gelöscht mit Neustart : C:\Users\Colonel_Rupert\AppData\Roaming\OpenCandy
Gelöscht mit Neustart : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\anpiogajjmckmlehhpjnojhebaidkeod
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Winamp Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\Software\Winamp Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\anpiogajjmckmlehhpjnojhebaidkeod
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8C2644D-BF72-4A89-A88C-D85F565F2F46}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16490
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v3.6.28 (de)
Datei : C:\Users\Colonel_Rupert\AppData\Roaming\Mozilla\Firefox\Profiles\te1n46k6.default\prefs.js
C:\Users\Colonel_Rupert\AppData\Roaming\Mozilla\Firefox\Profiles\te1n46k6.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT2096149.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2096149.CTID", "CT2096149");
Gelöscht : user_pref("CT2096149.CurrentServerDate", "18-4-2013");
Gelöscht : user_pref("CT2096149.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2096149.EMailNotifierPollDate", "Thu Apr 18 2013 10:59:17 GMT+0200");
Gelöscht : user_pref("CT2096149.ExternalComponentPollDate128980152497863240", "Thu Apr 18 2013 10:49:06 GMT+020[...]
Gelöscht : user_pref("CT2096149.ExternalComponentPollDate129010431852969472", "Thu Apr 18 2013 10:49:06 GMT+020[...]
Gelöscht : user_pref("CT2096149.ExternalComponentPollDate129241041042904211", "Thu Apr 18 2013 10:49:06 GMT+020[...]
Gelöscht : user_pref("CT2096149.FeedLastCount128731247637625063", 650);
Gelöscht : user_pref("CT2096149.FeedLastCount129318631772025035", 450);
Gelöscht : user_pref("CT2096149.FeedPollDate128731245136062514", "Thu Apr 18 2013 10:49:15 GMT+0200");
Gelöscht : user_pref("CT2096149.FeedPollDate128731245316218848", "Thu Apr 18 2013 10:49:15 GMT+0200");
Gelöscht : user_pref("CT2096149.FeedPollDate128731246282468810", "Thu Apr 18 2013 10:49:15 GMT+0200");
Gelöscht : user_pref("CT2096149.FeedPollDate128731246553406402", "Thu Apr 18 2013 10:49:16 GMT+0200");
Gelöscht : user_pref("CT2096149.FeedPollDate128731246684343903", "Thu Apr 18 2013 10:49:16 GMT+0200");
Gelöscht : user_pref("CT2096149.FeedPollDate128731246876375154", "Thu Apr 18 2013 10:49:16 GMT+0200");
Gelöscht : user_pref("CT2096149.FeedPollDate128731247027625394", "Thu Apr 18 2013 10:49:17 GMT+0200");
Gelöscht : user_pref("CT2096149.FeedPollDate128731247188094432", "Thu Apr 18 2013 10:49:17 GMT+0200");
Gelöscht : user_pref("CT2096149.FeedPollDate128731247334657027", "Thu Apr 18 2013 10:49:17 GMT+0200");
Gelöscht : user_pref("CT2096149.FeedPollDate128731247470125937", "Thu Apr 18 2013 10:49:17 GMT+0200");
Gelöscht : user_pref("CT2096149.FeedPollDate128731247603093789", "Thu Apr 18 2013 10:49:17 GMT+0200");
Gelöscht : user_pref("CT2096149.FeedPollDate128734892822582235", "Thu Apr 18 2013 10:49:17 GMT+0200");
Gelöscht : user_pref("CT2096149.FeedPollDate128734892990081385", "Thu Apr 18 2013 10:49:17 GMT+0200");
Gelöscht : user_pref("CT2096149.FeedPollDate129318631772181287", "Thu Apr 18 2013 10:49:15 GMT+0200");
Gelöscht : user_pref("CT2096149.FeedPollDate129318631772181288", "Thu Apr 18 2013 10:49:15 GMT+0200");
Gelöscht : user_pref("CT2096149.FeedPollDate129318631772181289", "Thu Apr 18 2013 10:49:15 GMT+0200");
Gelöscht : user_pref("CT2096149.FeedPollDate129318631772181290", "Thu Apr 18 2013 10:49:15 GMT+0200");
Gelöscht : user_pref("CT2096149.FeedPollDate129318631772181291", "Thu Apr 18 2013 10:49:16 GMT+0200");
Gelöscht : user_pref("CT2096149.FeedPollDate129318631772181292", "Thu Apr 18 2013 10:49:16 GMT+0200");
Gelöscht : user_pref("CT2096149.FeedPollDate129318631772181293", "Thu Apr 18 2013 10:49:17 GMT+0200");
Gelöscht : user_pref("CT2096149.FeedPollDate129318631772181294", "Thu Apr 18 2013 10:49:17 GMT+0200");
Gelöscht : user_pref("CT2096149.FeedPollDate129318631772181295", "Thu Apr 18 2013 10:49:17 GMT+0200");
Gelöscht : user_pref("CT2096149.FeedPollDate129318631772181296", "Thu Apr 18 2013 10:49:17 GMT+0200");
Gelöscht : user_pref("CT2096149.FeedTTL128731246553406402", 2);
Gelöscht : user_pref("CT2096149.FeedTTL128731247027625394", 2);
Gelöscht : user_pref("CT2096149.FeedTTL128731247188094432", 5);
Gelöscht : user_pref("CT2096149.FeedTTL128731247470125937", 30);
Gelöscht : user_pref("CT2096149.FeedTTL128734892822582235", 5);
Gelöscht : user_pref("CT2096149.FeedTTL128734892990081385", 5);
Gelöscht : user_pref("CT2096149.FeedTTL129318631772181287", 40);
Gelöscht : user_pref("CT2096149.FeedTTL129318631772181288", 40);
Gelöscht : user_pref("CT2096149.FeedTTL129318631772181289", 40);
Gelöscht : user_pref("CT2096149.FeedTTL129318631772181290", 40);
Gelöscht : user_pref("CT2096149.FeedTTL129318631772181291", 40);
Gelöscht : user_pref("CT2096149.FeedTTL129318631772181292", 40);
Gelöscht : user_pref("CT2096149.FeedTTL129318631772181293", 40);
Gelöscht : user_pref("CT2096149.FeedTTL129318631772181294", 40);
Gelöscht : user_pref("CT2096149.FeedTTL129318631772181296", 40);
Gelöscht : user_pref("CT2096149.FirstServerDate", "5-2-2010");
Gelöscht : user_pref("CT2096149.FirstTime", true);
Gelöscht : user_pref("CT2096149.FirstTimeFF3", true);
Gelöscht : user_pref("CT2096149.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2096149.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2096149.Initialize", true);
Gelöscht : user_pref("CT2096149.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2096149.InstalledDate", "Fri Feb 05 2010 10:40:28 GMT+0100");
Gelöscht : user_pref("CT2096149.InvalidateCache", false);
Gelöscht : user_pref("CT2096149.IsGrouping", false);
Gelöscht : user_pref("CT2096149.IsMulticommunity", false);
Gelöscht : user_pref("CT2096149.IsOpenThankYouPage", true);
Gelöscht : user_pref("CT2096149.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2096149.LanguagePackLastCheckTime", "Thu Apr 18 2013 10:49:07 GMT+0200");
Gelöscht : user_pref("CT2096149.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2096149.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2096149.LastLogin_2.5.6.0", "Thu Apr 18 2013 10:49:07 GMT+0200");
Gelöscht : user_pref("CT2096149.LatestVersion", "3.18.0.7");
Gelöscht : user_pref("CT2096149.Locale", "de");
Gelöscht : user_pref("CT2096149.LoginCache", 4);
Gelöscht : user_pref("CT2096149.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2096149.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2096149.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2096149.RadioIsPodcast", false);
Gelöscht : user_pref("CT2096149.RadioLastCheckTime", "Thu Apr 18 2013 10:49:15 GMT+0200");
Gelöscht : user_pref("CT2096149.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2096149.RadioLastUpdateServer", "128929877726170000");
Gelöscht : user_pref("CT2096149.RadioMediaID", "9475153");
Gelöscht : user_pref("CT2096149.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2096149.RadioMenuSelectedID", "EBRadioMenu_CT20961499475153");
Gelöscht : user_pref("CT2096149.RadioStationName", "Antenne%20Bayern%20Top%2040%20");
Gelöscht : user_pref("CT2096149.RadioStationURL", "hxxp://channels.webradio.antenne.de/top-40");
Gelöscht : user_pref("CT2096149.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT2096149.SavedHomepage", "resource:/browserconfig.properties");
Gelöscht : user_pref("CT2096149.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2096149.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2096149.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT209[...]
Gelöscht : user_pref("CT2096149.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2096149.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2096149.SearchInNewTabLastCheckTime", "Thu Apr 18 2013 10:49:06 GMT+0200");
Gelöscht : user_pref("CT2096149.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2096149.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gelöscht : user_pref("CT2096149.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2096149.SettingsLastCheckTime", "Thu Apr 18 2013 10:49:05 GMT+0200");
Gelöscht : user_pref("CT2096149.SettingsLastUpdate", "1365736324");
Gelöscht : user_pref("CT2096149.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2096149.ThirdPartyComponentsLastCheck", "Fri Apr 12 2013 05:15:15 GMT+0200");
Gelöscht : user_pref("CT2096149.ThirdPartyComponentsLastUpdate", "1331806000");
Gelöscht : user_pref("CT2096149.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Gelöscht : user_pref("CT2096149.UserID", "UN60787127492499491");
Gelöscht : user_pref("CT2096149.ValidationData_Search", 2);
Gelöscht : user_pref("CT2096149.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT2096149.WeatherNetwork", "");
Gelöscht : user_pref("CT2096149.WeatherPollDate", "Thu Apr 18 2013 10:49:17 GMT+0200");
Gelöscht : user_pref("CT2096149.WeatherUnit", "C");
Gelöscht : user_pref("CT2096149.alertChannelId", "516568");
Gelöscht : user_pref("CT2096149.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Gelöscht : user_pref("CT2096149.clientLogIsEnabled", false);
Gelöscht : user_pref("CT2096149.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2096149.myStuffEnabled", true);
Gelöscht : user_pref("CT2096149.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2096149.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2096149.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2096149.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2096149.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2096149");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2096149");
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Apr 18 2013 10:49:05 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Apr 18 2013 10:49:05 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "{5ae606e8-e0d5-4fee-ba89-0805fcb9b89e}");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Mar 17 2013 07:23:16 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2096149");
Gelöscht : user_pref("CommunityToolbar.twitter.user_16409683.LastCheckTime", "Thu Apr 18 2013 10:49:06 GMT+0200[...]
Gelöscht : user_pref("aol_toolbar.surf.date", "10");
Gelöscht : user_pref("aol_toolbar.surf.lastDate", "18");
Gelöscht : user_pref("aol_toolbar.surf.lastMonth", "3");
Gelöscht : user_pref("aol_toolbar.surf.lastYear", "2013");
Gelöscht : user_pref("aol_toolbar.surf.month", "19");
Gelöscht : user_pref("aol_toolbar.surf.prevMonth", "28");
Gelöscht : user_pref("aol_toolbar.surf.total", "783");
Gelöscht : user_pref("aol_toolbar.surf.week", "10");
Gelöscht : user_pref("aol_toolbar.surf.year", "122");
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com Search");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com Search");
Gelöscht : user_pref("browser.search.defaultthis.engineName", "Eazel-DE Customized Web Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2096149&Sea[...]
Gelöscht : user_pref("browser.search.order.1", "Ask.com Search");
Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com Search");
Gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Gelöscht : user_pref("extensions.asktb.cbid", "LL");
Gelöscht : user_pref("extensions.asktb.config-updated", false);
Gelöscht : user_pref("extensions.asktb.cr-o", "");
Gelöscht : user_pref("extensions.asktb.crumb", "2011.10.18+21.50.31-toolbar002iad-DE-SGFtYnVyZyxHZXJtYW55");
Gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...]
Gelöscht : user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
Gelöscht : user_pref("extensions.asktb.first-restart-after-config-update", true);
Gelöscht : user_pref("extensions.asktb.guid", "c2dbc634-a749-458b-a504-05859b9d113e");
Gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Gelöscht : user_pref("extensions.asktb.if", "su");
Gelöscht : user_pref("extensions.asktb.l", "dis");
Gelöscht : user_pref("extensions.asktb.last-config-req", "1338878759090");
Gelöscht : user_pref("extensions.asktb.locale", "de_DE");
Gelöscht : user_pref("extensions.asktb.location", "Hamburg,Germany");
Gelöscht : user_pref("extensions.asktb.o", "APN10023");
Gelöscht : user_pref("extensions.asktb.qsrc", "2871");
Gelöscht : user_pref("extensions.asktb.sa", "NO");
Gelöscht : user_pref("extensions.asktb.search-suggestions-enabled", true);
Gelöscht : user_pref("extensions.asktb.silent-upgrade", true);
Gelöscht : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
Gelöscht : user_pref("extensions.asktb.themeid", "");
Gelöscht : user_pref("extensions.asktb.timeinstalled", "12.01.2012 14:41:14");
Gelöscht : user_pref("extensions.asktb.to", "");
Gelöscht : user_pref("winamp_toolbar.buttons.layout", "shoutcast_30026;mobile/android_33522;post_to_twitter_335[...]
Gelöscht : user_pref("winamp_toolbar.firsttime.showwindow", false);
Gelöscht : user_pref("winamp_toolbar.guid", "{AE22C443-EBDA-8F87-AA7C-C455A9A14276}");
Gelöscht : user_pref("winamp_toolbar.install.lastTbVersion", "5.6.19.1");
Gelöscht : user_pref("winamp_toolbar.metrics.activestampdate", "18");
Gelöscht : user_pref("winamp_toolbar.metrics.activestampmonth", "3");
Gelöscht : user_pref("winamp_toolbar.metrics.activestampyear", "2013");
Gelöscht : user_pref("winamp_toolbar.metrics.originalDate", "29");
Gelöscht : user_pref("winamp_toolbar.metrics.originalHours", "9");
Gelöscht : user_pref("winamp_toolbar.metrics.originalMinutes", "14");
Gelöscht : user_pref("winamp_toolbar.metrics.originalMonth", "5");
Gelöscht : user_pref("winamp_toolbar.metrics.originalSeconds", "25");
Gelöscht : user_pref("winamp_toolbar.metrics.originalYear", "2012");
Gelöscht : user_pref("winamp_toolbar.remote.publish.xml", "1366274953161");
Gelöscht : user_pref("winamp_toolbar.search.cid", "02-07-2012");
Gelöscht : user_pref("winamp_toolbar.search.instd", "20111008043509633");
Gelöscht : user_pref("winamp_toolbar.search.oid", "29-05-2012");
Gelöscht : user_pref("winamp_toolbar.search.populateoncomplete", false);
Gelöscht : user_pref("winamp_toolbar.search.searchtype", "web");
Gelöscht : user_pref("winamp_toolbar.search.source", "tb50-ff-winamp");
Gelöscht : user_pref("winamp_toolbar.skin.custom", true);
Gelöscht : user_pref("winamp_toolbar.upgrade.showwindow", false);
Gelöscht : user_pref("winamp_toolbar.winamp.appversion", "1");
Gelöscht : user_pref("winamp_toolbar.winamp.artist", "");
Gelöscht : user_pref("winamp_toolbar.winamp.button.focus", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.forward", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.open", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.pause", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.play", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.rewind", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.stop", false);
Gelöscht : user_pref("winamp_toolbar.winamp.button.volume", true);
Gelöscht : user_pref("winamp_toolbar.winamp.info.url", "hxxp://music.aol.com/artist/{artist}");
Gelöscht : user_pref("winamp_toolbar.winamp.ticker.show", true);
Gelöscht : user_pref("winamp_toolbar.winamp.title", "-999999");
Gelöscht : user_pref("winamp_toolbar.winamp.tracklength", "-999999");
Gelöscht : user_pref("winamp_toolbar.winamp.tracktime", "-999999");
Gelöscht : user_pref("winamp_toolbar.winamp.volume", "0");
-\\ Google Chrome v27.0.1453.110
Datei : C:\Users\Colonel_Rupert\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [28298 octets] - [19/06/2013 10:21:30]
########## EOF - C:\AdwCleaner[S1].txt - [28359 octets] ##########
Ich kann keine verbindung zu eset aufbauen! Fehlermeldung ist: Websiete kann nicht angezeigt werden! Aber andere Seiten kann ich öffnen. |
|
19.06.2013, 16:28
| #6 |
| /// Helfer-Team | Online-Banking-Trojaner!Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
danach Rechner neustarten und mit ESET nochmal versuchen.
__________________ --> Online-Banking-Trojaner! |
|
19.06.2013, 17:43
| #7 |
| | Online-Banking-Trojaner! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows (TM) Vista Home Premium x64 Ran by Colonel_Rupert on 19.06.2013 at 18:32:11,10 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7ABF4DDD-5912-4A65-9784-10CCCDDDC5C8} ~~~ Files Successfully deleted: [File] "C:\Windows\tasks\driver robot.job" Successfully deleted: [File] C:\Windows\prefetch\APNSTUB.EXE-967FFF60.pf ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\winamp toolbar" Successfully deleted: [Folder] "C:\Program Files (x86)\icq6toolbar" Successfully deleted: [Folder] "C:\Program Files (x86)\winamp toolbar" Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{000F2938-EE9B-42C0-A956-42E8C3F2E843} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{02C2CDBF-1CFF-42D1-9C95-08EB45EEF1A9} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{0362D71C-849C-40CD-A0F1-ED44C002FE0F} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{0657CBFA-6B13-408F-83BB-3BA46D8C1273} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{082C6192-FA5C-42C7-93F6-C780FB96FE8A} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{099CDF66-2ACC-49EB-AD64-40F8DB21971B} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{0EC24DB7-A301-4A8C-9B46-36AA57D701E3} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{0F9BCF99-964C-4A5B-AF4F-8DEAD8E583B4} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{10F2ECF0-9817-4744-9025-50B02CF8BE91} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{139C8E75-1A4D-47FF-AA69-079B62663667} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{143A2AC8-68DF-4581-A4D1-75D5ED78DD6C} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{16CB93CD-BA84-44ED-9476-ECF466650B8D} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{1791E914-0C84-48FF-8772-2CCF9339B92E} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{18F3DAB6-3ECF-4D1B-8B05-805A20E9E7B6} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{1A8D1F30-6D4A-4758-86DA-5955B452299C} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{1B6950C0-AB40-43BB-9185-BF9E11D81197} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{1B9B79C3-EA61-45E7-BA94-0A2D4F551DE1} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{1BA527BE-0295-4A0F-BD98-6E7D573412A3} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{1CA8F1F2-0409-4585-BF97-6D590B2BA183} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{1CC85021-8BC3-4691-BA1A-EF44E17C0C9C} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{1CE7645D-D15E-4B3D-9946-87688BB63D26} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{1FEF2DA8-B0D2-4E41-BCE4-4E55B8034FB1} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{21D1D6A7-132E-4B9C-8342-C80C240AAC1C} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{21E77DFE-D080-4D0A-A4AB-789ABFEA8AEF} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{22937352-1659-485D-A799-C926E75A9BAC} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{247E19D2-3299-4BC0-9605-C86387F23CE7} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{262CA780-A210-494A-B1BF-A7C670901683} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{272D89E7-BF14-45CB-97B8-C9894A7C3016} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{2E2792FD-E352-49C8-ACC6-AF52F4923922} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{2E6EFFAA-C19C-4EE2-B618-E800EE5C53E1} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{344A4ADE-5895-4745-9950-EA18F833A795} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{358A08AD-02E7-4C01-8077-6BBB8ECB638C} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{38B4BEAC-8BE0-4EEC-9BB8-BFA0DCD59B45} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{39ACC404-7CE7-4D90-B151-BA2687A0CD9A} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{3A2345E2-7335-4B85-A40E-581C43C86AA3} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{3B984668-C904-4A61-AA3F-C0BB20F5C7BC} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{3BC84F25-30DB-4CF9-B97E-983282D62E44} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{3CCB2C55-5286-46D5-80A9-2DDEC1A2A054} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{3F85D8C6-5E1F-419C-95AA-E07E381D07A5} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{4083AC3A-65E0-4F6D-856E-F16A1BB228B6} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{40B65730-B07F-4E11-AB62-73CE4F0271AB} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{420C5993-0EF8-4B0C-A229-C004CBE2D564} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{422529C2-51EE-47A6-BAB4-D4E94FB116EB} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{441CFACF-CCAC-4E72-A110-E02021F796AD} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{44BA927C-3DC3-4B5B-ADF7-532D559DE5B1} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{44E93E8D-3C92-41A2-B57D-6590B7143A9B} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{45AA418C-EB82-4B12-81AD-9F6628DB8897} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{48B100B2-BA65-49E1-8E40-03F0D2AECEEF} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{49D08377-CB3D-4549-B0C4-C2F3B8B6787B} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{4B3AF783-A021-4F5D-A526-C3BD1F192343} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{4B9B5ADA-4E03-4193-8111-D9F69043853E} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{4C11E447-A92E-4167-8C41-FD4846B9EB4D} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{4C6ACD81-23A0-47C7-A3F6-80AFFE0CCF5A} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{4C97D436-910E-4AD2-BEA5-0207A165B25D} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{4D46CBA1-1413-4F0B-A6DF-A4EFC225F270} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{4DBA6630-A8AB-4F15-B6BF-9C1E1B248A07} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{4E9090FF-9873-4594-9279-78F9A401B028} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{4FBA41FF-D034-4F5D-9015-6E34ECA0E743} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{4FD64F77-342B-400D-92C3-7B20D50BDE81} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{50921306-2AF6-4D4A-AC95-A8FC36833AD5} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{50C28FAB-C09E-4175-8604-853744A6F941} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{52A4E49D-70DC-49AC-A534-98B0D27D1037} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{53556E82-2032-4568-8CD5-15DB78704A56} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{553B2F4B-05D6-45D1-B1A7-7D4F2DA6C7E3} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{55C68F45-55D2-4B14-B170-CA5E624FDC31} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{56089734-AC0B-4D99-89E4-AEC3E0775AAA} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{57054AB9-D350-42A9-8BE6-E4243EEEC60E} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{57979502-CD9C-4279-B521-54E447FC7529} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{5B400561-3C94-457B-AA98-82B018189990} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{5D39B74E-1994-4795-88BB-3DE0D614B6D9} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{5D439619-40B1-4A2E-B522-BA166CB8E797} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{5FA9528F-E78B-4A00-8244-131A6CDFBB71} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{613BE601-ED08-482C-8626-8E46BA9AEA51} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{61EA0246-124F-4288-9D63-D5906DFDC48E} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{634EE120-C9AA-403A-A2CC-15663A3436EA} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{66DBA607-C413-45B1-B845-8F056F2F8576} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{6A8DE143-B758-4F61-BBB5-26A28620FD90} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{6B0E7875-D1BC-4750-BBC5-541E17BE2B9F} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{6B922C43-0D43-42A0-8E9C-42BA99C8BB5F} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{6BC872DD-0AD3-4E7E-90F0-2707A97A63F4} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{6C06ECC3-2599-4B7E-8DB1-9D6CE52D44B0} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{6CC5E237-C99A-4E6D-9B85-452874B75C87} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{6DA0FBA7-A2A5-4373-B2ED-109DFCBB292A} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{6E9960FB-E917-45C3-BC17-D158B1E1297D} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{6ED14E93-C61A-404B-A55B-CC1ED1B6A42C} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{726BA393-0F2C-431A-B840-C231D6B7DCF5} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{72D84DD3-B209-43CC-9770-B0E7B563B06D} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{737141E4-9F8E-47EB-932E-8E41A6D06907} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{75A04DEC-0323-455F-AFE3-F59D5646D42C} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{76D4B04A-C8FF-485B-9723-A6CC05B4BCA6} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{77BEBD44-85B6-4192-95CD-BC472D01E22A} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{784D5E95-1DF9-4E8C-BFFD-FC668D9F7449} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{795F085D-2F07-403D-8DCC-F2AACD289F45} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{7AC9675D-9069-4070-A5FE-A014F7EF08A4} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{7B200717-8982-4154-8F79-72BF9EB0E06F} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{7CE5B5DF-BDBD-45FE-804A-41A93D291210} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{7D03DBD8-6EA9-44A4-8F20-A990448D1715} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{7D3C08FF-ED2A-40F3-A28E-44A4436F5F57} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{7EEE87A6-0F15-415A-96D9-7CF6C9322FF0} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{8024F315-7EA4-448A-BA31-A5F0484B055F} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{81174B30-6159-4843-BB7F-23F31396ABDD} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{82E286CA-2037-4B08-8420-EA2D55F6A1CE} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{8314FAE1-3AB5-46C1-8E29-29007170C925} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{850275F8-6CFB-42D1-A75A-F996AC4E703C} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{88CA9CD5-6C6A-41C1-9214-B57E73F02C15} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{88F55591-861A-4736-A991-366D7A6000A4} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{89A7F391-FF49-4131-B32F-7C50156E44D1} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{89FE5E4A-6E58-4AC7-B246-BA644870428B} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{8A186EC3-75B1-4E39-BECA-ADE797591E55} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{8BB1059B-139D-48AA-B5A3-13E160DED289} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{8C95019C-90D9-4BDE-9E5F-802EE55C5C2E} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{8E702ACE-EB0D-4B09-87A0-20CC0ACA3356} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{8ED3BA89-A718-4ABB-AF42-785EA6E4057B} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{8FD897A9-A0F4-4779-82E4-280134AA5573} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{91A53C24-91D4-4B84-91A3-179E433E85A7} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{928462BF-8307-4F32-A2E5-BBDE76D892B3} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{946E06C8-697A-457D-94F1-2D91392EA984} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{96793222-9471-40B6-98F9-2A5450D45D5F} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{99624479-C176-4FB5-8423-A0DD38730C88} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{996A5C9D-A490-4BAC-9445-BF656215E96F} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{9B0865E3-255B-49E5-B5D9-964FAA3B1D96} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{9B1F1689-32C7-499B-BA4B-5E1B99826C32} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{9CC3A0A8-9085-4701-8618-AD784D2F1046} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{9CC48BCE-B5DB-451E-8ABE-EBE5159590F0} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{9EBBF6C1-D188-43A4-93C8-064789C55B97} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{9F7AFE0C-E4CD-49AF-90C7-5A2DA1899A24} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{9FF17748-7FBB-44AA-8E37-8D3E5E2CCAA8} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{A05EE6DB-9223-4B3B-AF44-AC83D9F4CD42} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{A36CBA7A-AC2C-4CE1-AB4E-B54DEE970F1F} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{A3CD7CC9-2917-4BE9-8652-2C65185DF639} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{A3F0BEA0-3980-462A-8E32-C392561E5F8C} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{A5C4252D-CF4A-432C-BEAC-1AA0ED2770ED} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{A5DDA930-1C92-4072-9CAE-C69D55374817} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{A64BF116-3D98-48CE-9BC2-8E4106E158FF} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{A6D43F3D-D082-4AFC-BCD8-A9C258A6697F} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{A963401A-EC6A-4F4D-99C7-283C09C4FA47} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{A9D24553-8B30-4A14-82AA-652EFFA17FEB} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{AA30B7B3-DD35-4590-B6AB-7AABB4F6E309} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{AA433D3B-9A33-4E36-938D-D5C9C4912FCB} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{AB0DCADA-952D-4680-B3F5-33AF2FF49819} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{AB2A7840-1360-4CCE-9A8F-C241E8339056} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{AF188CA1-A331-454F-A646-65CFE138A406} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{AF89B7EB-CD48-44EE-B319-CFB11D8B94C5} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{B21CBA67-B7D9-431F-957C-AFCE4918CBC5} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{B3965B01-BE9F-4871-B9F3-ACB9C7C683A4} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{B3990078-71DF-4A9B-B661-DE191C95B14D} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{B4913485-CB0E-4C3B-9533-1297E2259FD2} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{B50D00CF-0FD2-4344-854B-FDB27C696C3A} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{BC776A0D-DAB7-425E-8D9C-68C3685E15F3} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{BD0CB055-1D39-45D5-862B-4FE5DFD593A1} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{BD388D5F-18E4-46B1-A169-1664FFFB4F33} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{BDA1612C-74FC-417B-9056-667B6E12D86F} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{BF03276C-1258-40B2-BBBC-5E3E4A94ABD1} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{C0029C4B-C43F-4F92-859E-A6C78281A317} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{C097B93F-371F-407B-9168-D02A232E59FF} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{C11D5712-3431-4380-BFBF-90D407376D70} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{C1D770D3-380F-4E91-A6AC-BE98E900A586} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{C42EE527-D37D-4B98-893A-3DBA145CBCF1} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{C43EA2BD-75F8-436D-8E62-86C993318405} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{C5488970-11D7-47CF-9031-C959EBEDAA10} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{C635C5D4-0B50-4843-941B-CC5831403B0F} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{CA5A1E01-6511-4CC8-A4A5-C9FF09FD8A44} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{CA8E2426-306F-4565-8A76-3355D925F4C0} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{CEC9CCA4-E90A-4DF2-B9E3-A2C47013C15D} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{D364DEF7-9C4E-43CC-934C-1B43A1588E57} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{D3E53590-EA94-4DAA-98B4-48A0F63B8B5F} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{D4E51F58-DD8B-4F56-85D0-3F3B36629BF8} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{D6FABA3A-C6C3-4448-ACB2-3E5F7F28C6A7} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{D7EB2721-BF9D-463C-9A88-E243958AD696} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{DBEE0350-05D8-4740-A5B7-FA411A07CAC5} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{DBF3C612-B1AD-441A-AA76-AAAD4542195E} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{E084F37B-F219-474E-9FAD-64BF939BA460} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{E1D7DF06-9D4C-4980-BB12-6242B19852A9} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{E1DAEC12-7B8D-4F8F-BC20-81D7928B1C09} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{E24094E3-A684-4E39-9297-825B8C43AC1D} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{E292E2E4-4CA4-460D-A74D-18982F12144B} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{E4E593CB-5AFF-4F1E-AB2F-23127EEC61C9} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{E7815E26-3DC0-44F0-9521-D7C705635A47} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{E80F1D7D-D9EA-4792-81B3-7B4C2DF43A7A} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{E8FD9B8E-A482-4660-85E7-57BE888889DE} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{E91ACEF5-5D3E-4B67-94BB-6365BADA8A15} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{E982FFC8-0A18-49C1-B5C9-903C1E9A254C} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{E9C85AB0-32FE-451E-B978-6DE6A6C78A2E} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{EC017169-2D86-46D6-9F7E-5012FE527DE3} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{F0CB45CB-22E9-4AB2-9CE5-BE9E05CB9D0B} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{F0E1AD5E-5A3E-49AE-9D47-5F86FF8BA28A} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{F0F1A5B2-2C22-49B0-A23C-F16F76E5F1EB} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{F10830CF-0330-4D2F-A3F8-47C9745E47FD} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{F1566B59-752A-4EDC-9F40-94E693DDC594} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{F24F963B-7DD4-4087-873E-18F8B57520FF} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{F2E7435B-DF95-40A0-89CB-F3DC9FB2196A} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{F3388C6D-06F8-4D62-B29D-164CD7047026} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{F47C466A-8CE6-4041-AFD9-A00C0EA751EA} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{F5773810-B5B2-4A67-89F7-6F3B4BCF7786} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{F7AB9B18-B344-496A-BB58-8A742598A73E} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{F7CF0143-348F-4C06-B7EE-53ECABF51A07} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{F94634F6-5704-4DBF-AB39-A1E310E4E74F} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{FA04693F-0BF8-4E6E-91A9-FD1ADBE4D06E} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{FC20546C-CCCE-4C7F-9A1D-812A81FF416C} Successfully deleted: [Empty Folder] C:\Users\Colonel_Rupert\appdata\local\{FCC0BDCB-1D0A-41C9-8500-3FD8FDA12C95} ~~~ FireFox Emptied folder: C:\Users\Colonel_Rupert\AppData\Roaming\mozilla\firefox\profiles\te1n46k6.default\minidumps [2 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 19.06.2013 at 18:36:51,80 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Habe den Neustart gemacht, aber es tut sich nichts mit eset immernoch das gleich Problem keine Verbindung, Webseite kann nicht gezeigt werden! Habe alles aus Antivir ist im Schlummermodus und die Firewall ist aus! |
|
19.06.2013, 19:06
| #8 |
| /// Helfer-Team | Online-Banking-Trojaner! OK: Scan mit Combofix
|
|
19.06.2013, 19:32
| #9 |
| | Online-Banking-Trojaner! Combofix Logfile: Code:
ATTFilter ComboFix 13-06-18.02 - Colonel_Rupert 19.06.2013 20:17:27.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4094.2589 [GMT 2:00]
ausgeführt von:: c:\users\Colonel_Rupert\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Colonel_Rupert\AppData\Roaming\Dyduw
c:\users\Colonel_Rupert\AppData\Roaming\Dyduw\anuku.exe
c:\windows\IsUn0407.exe
c:\windows\SysWow64\SETC556.tmp
E:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-19 bis 2013-06-19 ))))))))))))))))))))))))))))))
.
.
2013-06-19 18:12 . 2013-06-19 18:12 -------- d-----w- C:\32788R22FWJFW
2013-06-19 16:32 . 2013-06-19 16:32 -------- d-----w- c:\windows\ERUNT
2013-06-19 16:32 . 2013-06-19 16:32 -------- d-----w- C:\JRT
2013-06-19 08:21 . 2013-06-19 08:22 1649 ----a-w- c:\windows\DeleteOnReboot.bat
2013-06-19 07:40 . 2013-06-19 07:40 -------- d-----w- c:\program files (x86)\7-Zip
2013-06-18 19:08 . 2013-06-18 19:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-18 19:08 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-18 13:27 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{31602078-AE77-47FC-9971-C580399C560C}\mpengine.dll
2013-06-12 13:43 . 2013-04-24 02:10 1078272 ----a-w- c:\windows\system32\certutil.exe
2013-06-06 04:43 . 2013-06-06 04:43 -------- d-----w- c:\program files\iPod
2013-06-06 04:43 . 2013-06-06 04:44 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-06 04:43 . 2013-06-06 04:44 -------- d-----w- c:\program files\iTunes
2013-06-06 04:43 . 2013-06-06 04:44 -------- d-----w- c:\program files (x86)\iTunes
2013-05-27 05:27 . 2013-05-27 05:27 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2013-05-27 05:27 . 2013-05-27 05:27 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-27 05:27 . 2013-05-27 05:27 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2013-05-27 05:27 . 2013-05-27 05:27 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2013-05-27 05:27 . 2013-05-27 05:27 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-27 05:27 . 2013-05-27 05:27 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-27 05:27 . 2013-05-27 05:27 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2013-05-27 05:27 . 2013-05-27 05:27 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2013-05-27 05:27 . 2013-05-27 05:27 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-27 05:27 . 2013-05-27 05:27 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-05-27 05:27 . 2013-05-27 05:27 -------- d-----w- c:\program files (x86)\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 04:40 . 2006-11-02 12:35 75825640 ----a-w- c:\windows\system32\mrt.exe
2013-06-12 07:17 . 2012-04-21 19:26 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 07:17 . 2011-05-22 11:28 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 17:29 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2009-10-03 08:41 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2013-04-15 14:17 . 2013-05-15 07:19 901496 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 03:34 . 2013-05-15 07:19 47104 ----a-w- c:\windows\system32\cdd.dll
2013-04-09 01:55 . 2013-05-15 07:19 2774016 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-20 39408]
"ChromeFrameHelper"="c:\users\Colonel_Rupert\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe" [2013-05-29 82896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files (x86)\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~2\GOEC62~1.DLL
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"hpqSRMon"=
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 07:17]
.
2013-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 06:34]
.
2013-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 06:34]
.
2013-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-45948774-3835013767-118895328-1000Core.job
- c:\users\Colonel_Rupert\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-19 19:12]
.
2013-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-45948774-3835013767-118895328-1000UA.job
- c:\users\Colonel_Rupert\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-19 19:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-01-06 6962720]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-06 1833504]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mSearch Page = ${URL_SEARCHPAGE}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = localhost;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MI1933~1\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MI1933~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Colonel_Rupert\AppData\Roaming\Mozilla\Firefox\Profiles\te1n46k6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Eazel-DE Toolbar: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - c:\program files (x86)\Mozilla Firefox\extensions\{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}
FF - Ext: Freemake Video Converter Plugin: fmconverter@gmail.com - c:\program files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKCU-Run-Ywneuvxei - c:\users\Colonel_Rupert\AppData\Roaming\Dyduw\anuku.exe
Wow6432Node-HKCU-Run-IExplorer Util - c:\users\Colonel_Rupert\AppData\Roaming\ie_util.exe
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-Run-fsc-reg - c:\fsc-reg\fscreg.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-06-19 20:31:34
ComboFix-quarantined-files.txt 2013-06-19 18:31
.
Vor Suchlauf: 15 Verzeichnis(se), 169.277.718.528 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 169.732.161.536 Bytes frei
.
- - End Of File - - 5F39860955C429085E1938FA295DFBC6
5C616939100B85E558DA92B899A0FC36 |
|
20.06.2013, 12:21
| #10 |
| /// Helfer-Team | Online-Banking-Trojaner! Eset nochmal versuchen. |
|
20.06.2013, 16:25
| #11 |
| | Online-Banking-Trojaner! jetzt hat es funktioniert, hier der Bericht ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=16a6fd705c8c834fb0a2a300e00b938b # engine=14113 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-06-20 03:10:31 # local_time=2013-06-20 05:10:31 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1799 16775165 100 99 92881 237164321 85658 0 # compatibility_mode=5892 16776574 100 100 150041 209264937 0 0 # scanned=362261 # found=3 # cleaned=0 # scan_time=11610 sh=EF34E83A1B877FDD3F590C5B588A8B25A7EFCD0C ft=1 fh=6aea6c5119443fbe vn="a variant of Win32/Kryptik.BBEI trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Colonel_Rupert\AppData\Roaming\Dyduw\anuku.exe.vir" sh=0422D77AE97B56DEF1247012A38B2C66C9430AC1 ft=0 fh=0000000000000000 vn="probably unknown NewHeur_PE virus" ac=I fn="C:\Users\Colonel_Rupert\AppData\Local\Downloaded Installations\{7711CD4B-AC81-44E1-9224-50A8ABDC6A9D}\MSN Star Check.msi" sh=E59CF113F05E4D2247225D02DE2EE7C58517C924 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-2423.AU trojan" ac=I fn="C:\Users\Colonel_Rupert\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\6cae2102-68513d2d" Ich habe ESET deinstalliert, wie es vorher beschrieben war! Geändert von Colonelruper (20.06.2013 um 16:31 Uhr) |
|
20.06.2013, 16:38
| #12 |
| /// Helfer-Team | Online-Banking-Trojaner! Gut! Fixen mit OTL
Code:
ATTFilter :OTL
:Files
C:\Qoobox\Quarantine\C\Users\Colonel_Rupert\AppData\Roaming\Dyduw\anuku.exe.vir
C:\Users\Colonel_Rupert\AppData\Local\Downloaded Installations\{7711CD4B-AC81-44E1-9224-50A8ABDC6A9D}\MSN Star Check.msi
C:\Users\Colonel_Rupert\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\6cae2102-68513d2d
dann: Downloade Dir bitte  SecurityCheck und:
|
|
20.06.2013, 16:41
| #13 |
| | Online-Banking-Trojaner! ========== OTL ========== ========== FILES ========== C:\Qoobox\Quarantine\C\Users\Colonel_Rupert\AppData\Roaming\Dyduw\anuku.exe.vir moved successfully. C:\Users\Colonel_Rupert\AppData\Local\Downloaded Installations\{7711CD4B-AC81-44E1-9224-50A8ABDC6A9D}\MSN Star Check.msi moved successfully. C:\Users\Colonel_Rupert\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\6cae2102-68513d2d moved successfully. OTL by OldTimer - Version 3.2.69.0 log created on 06202013_174053 Results of screen317's Security Check version 0.99.64 Windows Vista Service Pack 2 x64 Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 JavaFX 2.1.1 Java 7 Update 15 Java version out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox (3.6.28) Firefox out of Date! Google Chrome 27.0.1453.110 Google Chrome 27.0.1453.94 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Sind wir jetzt mit der Prozedur fertig? Was muss ich sonst noch machen? Was kann ich für einen guten Browserschutz nehmen oder reicht der von Antivir aus? Ist es sinnvoll nur einen Browser zu benutzen, wenn ja welchen? Machmal is Firefox langsamer mal schneller, deswegen wechsel ich mal zwischen FireFox und IE. |
|
21.06.2013, 15:28
| #14 | |||
| /// Helfer-Team | Online-Banking-Trojaner!Zitat:
Zitat:
Zitat:
Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
|
21.06.2013, 16:43
| #15 |
| | Online-Banking-Trojaner! Ich habe nach dem Java Control Panel gesucht kann es aber nicht finden, unter den IE hab ich das Java Plug in deaktiviert! Muss Ich das neu installieren? PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Internet Explorer 9.0 ist aktuell Flash (11,7,700,224) ist aktuell. Java (1,7,0,25) ist aktuell. Adobe Reader 10,1,0,0 ist veraltet! Aktualisieren Sie bitte auf die neueste Version: 11.0 Zurück Tools: StartSeite PluginCheck Secunia Online Scan Weiterführendes: Java Updaten und Einstellen Secunia Personal Software Inspector (PSI) Family: TR/Agent Den Reader hab ich versucht zu aktualisieren! hat aber nicht geklappt! Habe jetzt einige Neustarts gemacht und immer wieder probiert es zu laden und zu installieren! Hinweis: Das Update ist erfolgreich installiert! Aber wenn ich den PlugIn Check mache steht da das der Reader nicht aktuell ist! Hallo habe heute morgen nochmal nachgesehn, wenn ich den PlugIn Check mache und anschließend auf den link gehe um den reader zu aktualisieren, kommt derlink über Filepony zum Update 10.1.4 auch bei Adobe ist nichts von der Variante 11.0 zu finden. Da liegt warscheinlich das Problem. |
|
| Themen zu Online-Banking-Trojaner! |
| antivir, avg, avira, avira searchfree toolbar, battle.net, bho, defender, flash player, format, google, home, install.exe, intranet, java/exploit.cve-2013-2423.au, microsoft office 2003, msiinstaller, plug-in, problem, realtek, registry, scan, server, stick, tr/bublik.i.13, trojan.agent.ck, trojan.agent.iet, trojan.zbot.dpe, trojaner, vista, win32/kryptik.bbei |
WARNUNG an die MITLESER: 
Textbox. 
Linear-Darstellung
