Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: - Rookit und Sirefef -Malwarebytes

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.06.2012, 21:31   #1
Mr.Mkay
 
- Rookit und Sirefef -Malwarebytes - Standard

- Rookit und Sirefef -Malwarebytes



Nabend,
erstmal sorry, dass ich während des EM-Spiels störe. Vorab, ich habe mich über dieses Problem bereits via google schlau gemacht und wurde immer auf eine Seite verwiesen...eben diese hier!

Ich habe vor 3 Tagen von Antivir die Nachrichten bekommen, dass dort ein Virus gefunden wurde, meistens sirefef.ag.35

Die habe ich dann meistens gelöscht / in Q. verschoben. Darauf folgend im Abstand von wenigen Minuten kamen immer wieder diese Meldungen.

Ich habe trotzdem keine Auffälligkeiten oder Leistungseinschränkungen feststellen können. Es klappt alles.
Malwarebytes habe ich aktualisieren lassen und mal den kompletten scan gemacht. Er findet vor allem Rootkit0.Access und Trojan.Sirefef.

WICHTIG: Ich betreibe kein Onlinebanking o.Ä.. Bin noch Student. Ich habe gelesen, dass es hier um eine Backddor geht, d.h. es wird die Tür für alle möglichen Trojaner und Würmer aufgemacht. Ist es denn jetzt gefärlich, wenn ich nur zu meiner sicheren Lernseiten in firefox gehe und facebook, also auf keine gefährlichen Seiten, wo es Würmer gibt?
2. Frage: ich habe gelesen, dass sogar der Rootkit Passwörter aufsaugt und speichert, passiert das auch wenn ich mich bei hotmail oder facebook anmelde und ist dies schlimm?

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.18.05

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
... :: MEINPC [Administrator]

Schutz: Aktiviert

18.06.2012 18:00:59
mbam-log-2012-06-18 (19-56-40).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 439418
Laufzeit: 1 Stunde(n), 55 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\Marcel Klahn\AppData\Local\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\n. -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\...\AppData\Local\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\n (Trojan.Dropper.PE4) -> Keine Aktion durchgeführt.
C:\Users\...\AppData\Local\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\U\00000001.@ (Trojan.Small) -> Keine Aktion durchgeführt.
C:\Users\...\AppData\Local\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\U\80000000.@ (Trojan.Sirefef) -> Keine Aktion durchgeführt.
C:\Users\...\AppData\Local\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.

(Ende)
         
Vielen Dank schonmal


Alt 20.06.2012, 15:32   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
- Rookit und Sirefef -Malwarebytes - Standard

- Rookit und Sirefef -Malwarebytes



Bitte erstmal routinemäßig einen neuen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 22.06.2012, 03:13   #3
Mr.Mkay
 
- Rookit und Sirefef -Malwarebytes - Standard

- Rookit und Sirefef -Malwarebytes



Hat alles geklappt,

Hier Malwarelog:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.21.04

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Marcel Klahn :: MEINPC [Administrator]

Schutz: Aktiviert

21.06.2012 14:10:12
mbam-log-2012-06-21 (16-26-36).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 439848
Laufzeit: 2 Stunde(n), 15 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\Marcel Klahn\AppData\Local\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\n. -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 7
C:\Users\Marcel Klahn\AppData\Local\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\n (Trojan.Dropper.PE4) -> Keine Aktion durchgeführt.
C:\Users\Marcel Klahn\AppData\Local\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\U\00000001.@ (Trojan.Small) -> Keine Aktion durchgeführt.
C:\Users\Marcel Klahn\AppData\Local\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\U\80000000.@ (Trojan.Sirefef) -> Keine Aktion durchgeführt.
C:\Users\Marcel Klahn\AppData\Local\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.
C:\Users\Marcel Klahn\Downloads\SoftonicDownloader_fuer_malwarebytes-anti-malware.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\Marcel Klahn\Downloads\SoftonicDownloader_fuer_teamspeak.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
c:\windows\installer\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\n (Trojan.Dropper.PE4) -> Keine Aktion durchgeführt.

(Ende)
         
und hier der ESET log:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8949f9efc4118d43b672d2a957c6d0e0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-22 01:01:39
# local_time=2012-06-22 03:01:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1797 16775165 100 100 21041 115828864 22387 0
# compatibility_mode=5892 16776574 66 95 103442810 177846285 0 0
# compatibility_mode=8192 67108863 100 0 273 273 0 0
# scanned=244590
# found=19
# cleaned=0
# scan_time=13342
C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_5.dll	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_6.dll	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_7.dll	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y9Y52FLE\hostinger-cs_ru[1].htm	HTML/ScrInject.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Local\Temp\MyBabylonTB.exe	a variant of Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Local\Temp\Update_4c5b.exe	a variant of Win32/MessengerPlus application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Local\Temp\Update_5210.exe	a variant of Win32/MessengerPlus application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Local\Temp\0aaad5bd-8a71-4be4-bbc8-96aed3c2a44f\LinkuryInstaller.msi	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\20ed9fda-4dbb8e88	Java/Exploit.CVE-2011-3544.D trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\55296943-2bfd091e	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\30169967-1601fca9	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\416f1f70-617ce9c7	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Roaming\Mozilla\Firefox\Profiles\f0tx55np.default\extensions\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_5.dll	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Roaming\Mozilla\Firefox\Profiles\f0tx55np.default\extensions\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_6.dll	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Roaming\Mozilla\Firefox\Profiles\f0tx55np.default\extensions\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_7.dll	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Roaming\OpenCandy\CCD98C77DC1F4EC4AC65BD71C2D04232\LinkuryInstaller.msi	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\Downloads\MsgPlusLive-482.exe	a variant of Win32/Adware.CiDHelp application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\Downloads\SoftonicDownloader_fuer_malwarebytes-anti-malware.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\Downloads\SoftonicDownloader_fuer_teamspeak.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
         
PS: ich glaube diese linkury bar ist ein programm welches ich mal runtergeladen habe
LG
__________________

Alt 22.06.2012, 11:20   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
- Rookit und Sirefef -Malwarebytes - Standard

- Rookit und Sirefef -Malwarebytes



Zitat:
Keine Aktion durchgeführt.
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!


Code:
ATTFilter
C:\Users\Marcel Klahn\Downloads\SoftonicDownloader_fuer_malwarebytes-anti-malware.exe
         
Warum lädst du Malwarebytes von diesem Schei* Portal!

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.06.2012, 13:46   #5
Mr.Mkay
 
- Rookit und Sirefef -Malwarebytes - Standard

- Rookit und Sirefef -Malwarebytes



So lieber Cosinus, ich war eben 2 Sekunden davon entfernt meinen Laptop mit einem Hammer zu zertrümmern, jetzt habe ich mich ein wenig beruhigt und kann wieder denken.

Mein Laptop ist sehr alt (2,5 Jahre) -> kein Akku mehr, eben beim Hochfahren Aufladekabel ausversehen rausgerutscht und Laptop ging fast nicht mehr bzw hat ne Systemwiederherstellung gemacht, dann ging Mozilla nicht mehr, sodass ich den neu installieren musste, und mein persönliches Sahnehäubchen ist, dass die scheiß Malwarebyteskacke nicht mehr lädt, da kommt "Run time error 5 - invalid procedure call or blabla", ich installiere das jetzt alles neu und mache noch mal

MALWAREBYTES VOLLSCAN und ESET und poste dann die logs okay?


Alt 22.06.2012, 14:12   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
- Rookit und Sirefef -Malwarebytes - Standard

- Rookit und Sirefef -Malwarebytes



Zitat:
Mein Laptop ist sehr alt (2,5 Jahre)
Find ich nicht sehr alt. Das Notebook von meinem Vaddi ist 5 Jahre alt und läuft tadellos. Ist zwar nicht das schnellste, aber Win7 läuft rel. flott und flüssig
__________________
--> - Rookit und Sirefef -Malwarebytes

Alt 23.06.2012, 13:54   #7
Mr.Mkay
 
- Rookit und Sirefef -Malwarebytes - Standard

- Rookit und Sirefef -Malwarebytes



So mein Lieber,

Malwarebyteslog ( Habe alle Vögel entfernt, so dass sie in Quarantäne sind ).

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.22.04

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Marcel Klahn :: MEINPC [Administrator]

Schutz: Aktiviert

22.06.2012 14:16:05
mbam-log-2012-06-22 (23-54-12).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 440498
Laufzeit: 1 Stunde(n), 45 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Marcel Klahn\AppData\Roaming\dwm.exe (Trojan.Downloader) -> Keine Aktion durchgeführt.
C:\Users\Marcel Klahn\Downloads\SoftonicDownloader_fuer_malwarebytes-anti-malware.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\Marcel Klahn\Downloads\SoftonicDownloader_fuer_teamspeak.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.

(Ende)
         
Und ESETlog:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8949f9efc4118d43b672d2a957c6d0e0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-22 01:01:39
# local_time=2012-06-22 03:01:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1797 16775165 100 100 21041 115828864 22387 0
# compatibility_mode=5892 16776574 66 95 103442810 177846285 0 0
# compatibility_mode=8192 67108863 100 0 273 273 0 0
# scanned=244590
# found=19
# cleaned=0
# scan_time=13342
C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_5.dll	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_6.dll	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_7.dll	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y9Y52FLE\hostinger-cs_ru[1].htm	HTML/ScrInject.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Local\Temp\MyBabylonTB.exe	a variant of Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Local\Temp\Update_4c5b.exe	a variant of Win32/MessengerPlus application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Local\Temp\Update_5210.exe	a variant of Win32/MessengerPlus application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Local\Temp\0aaad5bd-8a71-4be4-bbc8-96aed3c2a44f\LinkuryInstaller.msi	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\20ed9fda-4dbb8e88	Java/Exploit.CVE-2011-3544.D trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\55296943-2bfd091e	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\30169967-1601fca9	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\416f1f70-617ce9c7	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Roaming\Mozilla\Firefox\Profiles\f0tx55np.default\extensions\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_5.dll	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Roaming\Mozilla\Firefox\Profiles\f0tx55np.default\extensions\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_6.dll	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Roaming\Mozilla\Firefox\Profiles\f0tx55np.default\extensions\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_7.dll	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Roaming\OpenCandy\CCD98C77DC1F4EC4AC65BD71C2D04232\LinkuryInstaller.msi	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\Downloads\MsgPlusLive-482.exe	a variant of Win32/Adware.CiDHelp application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\Downloads\SoftonicDownloader_fuer_malwarebytes-anti-malware.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\Downloads\SoftonicDownloader_fuer_teamspeak.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=87fd32826fbcd9498c8d58c38a192daa
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-23 11:44:39
# local_time=2012-06-23 01:44:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1797 16775165 100 100 71178 115954075 61598 0
# compatibility_mode=5892 16776574 100 95 103568021 177971496 0 0
# compatibility_mode=8192 67108863 100 0 125484 125484 0 0
# scanned=245852
# found=14
# cleaned=0
# scan_time=13112
C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_5.dll	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_6.dll	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_7.dll	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y9Y52FLE\hostinger-cs_ru[1].htm	HTML/ScrInject.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Local\Temp\MyBabylonTB.exe	a variant of Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Local\Temp\Update_4c5b.exe	a variant of Win32/MessengerPlus application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Local\Temp\Update_5210.exe	a variant of Win32/MessengerPlus application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Local\Temp\0aaad5bd-8a71-4be4-bbc8-96aed3c2a44f\LinkuryInstaller.msi	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\20ed9fda-4dbb8e88	Java/Exploit.CVE-2011-3544.D trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\55296943-2bfd091e	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\30169967-1601fca9	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\416f1f70-617ce9c7	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Roaming\OpenCandy\CCD98C77DC1F4EC4AC65BD71C2D04232\LinkuryInstaller.msi	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\Downloads\MsgPlusLive-482.exe	a variant of Win32/Adware.CiDHelp application (unable to clean)	00000000000000000000000000000000	I
         

Alt 24.06.2012, 17:19   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
- Rookit und Sirefef -Malwarebytes - Standard

- Rookit und Sirefef -Malwarebytes



Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.06.2012, 17:24   #9
Mr.Mkay
 
- Rookit und Sirefef -Malwarebytes - Standard

- Rookit und Sirefef -Malwarebytes



1.)
Der normale Modus von Windos geht uneingeschränkt und flüssig.

2.)
Es ist alles vorhanden und unverändert.

Alt 24.06.2012, 18:03   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
- Rookit und Sirefef -Malwarebytes - Standard

- Rookit und Sirefef -Malwarebytes



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.06.2012, 19:00   #11
Mr.Mkay
 
- Rookit und Sirefef -Malwarebytes - Standard

- Rookit und Sirefef -Malwarebytes



OTLlog:

Code:
ATTFilter
OTL Extras logfile created on: 24.06.2012 18:09:01 - Run 1
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\XXX\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 62,18% Memory free
6,21 Gb Paging File | 4,84 Gb Available in Paging File | 77,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 108,53 Gb Free Space | 23,80% Space Free | Partition Type: NTFS
 
Computer Name: MEINPC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07AEA761-D591-4AFB-ABBC-06048176C386}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{0D643B3F-A693-427B-A67C-48CB742D568B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1F662737-C9B6-4A7A-B765-C6722681FD55}" = rport=139 | protocol=6 | dir=out | app=system | 
"{39CF63C7-7F3B-4070-A63B-535F87E1BE65}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4392B3A6-54A2-43E0-B46D-04692180B2C3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{55B050DB-47B2-4EDF-BB45-308871FAA202}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{604059AB-A7F2-4F32-BA9F-A8C0C49A8F8A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6F853BC8-B66E-425C-84D4-3A92BA34A1B2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{7F7C7A29-4430-4FF0-9A4C-D74D2D0297F4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{81C97AF4-C90B-43EA-8D3B-8FFE076E9138}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9358AFA7-4567-4B19-9684-52ACBB9B4057}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{9AC552F0-6A73-4356-A85B-795E4C1B79DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9ACCB99B-E069-4DA4-B11C-24F22A1BA7F9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9AD4124E-3C8C-4D2D-AB2C-40999D5796F0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B5F24EFF-8C7A-4711-9A98-F832016A7324}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{BAA5FB4E-347F-432F-B8AB-6E8F78F7FB4B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BE8E2EC8-AC5A-4B24-A9C1-77B54B62E2C6}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C32876C3-F072-4828-80D7-BE2555F4E87D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DE723057-3ACC-4BC7-AB4A-4667B9B65C72}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DFD1D758-50C3-4D6D-BE81-105F706A96F9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{FFE9358B-64A8-4775-8263-6D9FC68FB75E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0034B4CA-A5B7-4A9B-9E5B-023388B08418}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{011A73C5-B957-42DA-9A3A-6D71ADA44F20}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 
"{01248A5C-1CC9-47E7-A5DA-482787CFD1CF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{061BB3F6-4868-41E0-B7A4-490DE0645337}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{0AD63CA4-E4FB-4FCB-9EE2-9E7B8D955EB7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{0F718127-523C-488F-9CC4-DAD47B3B0A25}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{15BBEE9F-12AE-410C-817E-979CADE497C1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{18199688-6DBC-4332-BBB3-498810E5A503}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{1841BCD1-1775-4719-9843-188376CB1E55}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{1E55D932-337E-4B63-ABBA-26C86E209F95}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{1E897F8E-3298-47F0-97C7-19ADC5D0B640}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{22048019-8675-4445-B55D-9FDF63EBFC98}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\terence_hill16\condition zero\hl.exe | 
"{224736FA-9B8C-426A-9CA1-9455E0595E25}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{2350BA0C-4720-4D8A-8F36-FA863064E50F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{2364CF3D-3F74-433F-844D-9DBE24765FAC}" = protocol=17 | dir=in | app=c:\program files\sega\vancouver 2010\vancouver.exe | 
"{23AF9CBB-0F29-42A0-86CD-48CED64A316A}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{2A31AB8C-32D3-46EE-BEDB-117C7ECD290A}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{32A0C091-32D8-437C-A2AB-0ECBEDD740D1}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{40EDF76A-3D1E-4710-B472-67000AF7F63B}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{4223ED3C-87E6-42D2-B3EB-F0F2BC71F3B0}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{44313369-55A3-4DAD-880E-2106C1031AB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{452CDF18-82B2-4844-8513-178CA8FE3360}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{49DC0E02-1B15-467D-8198-8466B564116C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{49F62A47-B755-424E-9267-4F406DD40A53}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{4BD3F5CB-CA22-4A88-8B7A-21CF7062CC13}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4CA5F6F1-D5DE-494B-9D26-61EA0F213A7A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{4DD826E1-F48E-400E-A3A2-146AEECCD809}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{4E71E235-6DD8-41A9-9C31-481B80A22FBB}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\terence_hill16\counter-strike\hl.exe | 
"{4EDC18B9-3E32-44C8-9A7B-B268742A9586}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{56443007-DF0A-40AB-8202-A5EB39463465}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{5C23E97A-5833-4633-B4FE-241FA477B2F7}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{5E8A179A-401E-4BE6-BC52-7B3A5304B668}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{601CC48E-3C4D-4AB8-8EC1-E8A7521B630F}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{60BCEC71-D567-4DE7-A45C-0A1BA3437B82}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{64C0DAE4-7F7E-4D6E-AE20-0EB3F8C595D8}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{6663F193-62A0-403B-A82A-86F416581C0E}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{682B7FA9-0908-477F-8107-05881AF9487E}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{6D86947B-3BDE-4BA7-B745-05BCAA63EC5E}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steam.exe | 
"{6E12FEE1-50ED-49D2-A8FD-001E93AF8C79}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{6E3A109D-AC1A-485F-800A-32582D09EFA8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{6F97E643-0381-4EC4-B015-59AE9A4D1B1E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{7456D133-7724-4DE5-990F-1995F2ABB6E5}" = protocol=6 | dir=in | app=c:\program files\rockstar games\eflc\launcheflc.exe | 
"{7911B65F-F8D4-49AC-9559-FC298D813B4D}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 
"{7DC8C5F2-DA97-490A-846E-E45818C73E03}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{7F12975D-5324-4466-9703-2D5D5F9F8047}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\terence_hill16\day of defeat\hl.exe | 
"{819240D5-7A55-4E61-B1BD-A3DB91533BB6}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{82B1698F-2559-4E40-88FF-7694D783A31C}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steam.exe | 
"{847A9F9D-53B5-482C-BEBD-9BD6CFD7AC1D}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\terence_hill16\counter-strike source\hl2.exe | 
"{8B964631-6A47-49F4-928A-EEB5ED22FDA1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{959129AB-1A37-4600-B6DA-B01833A5D626}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\terence_hill16\counter-strike\hl.exe | 
"{994497A6-8650-405D-BAD1-2029198B0DD5}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\terence_hill16\day of defeat\hl.exe | 
"{9AAA64FD-4199-4DFF-95D2-92A5CF1CE16A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{9ADB8DFB-C3BC-4AF8-8E5D-ABC56E454E15}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{9F5042B0-D76F-4288-B6F2-B8F4E203CCEA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9F59692A-0A15-4448-9DCB-8D28780ADD1A}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{A0969DB5-7D8B-42E3-AFB3-E730E2B86CB5}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{A0D12D26-A4F3-4363-A7C7-E2377A7C6843}" = dir=in | app=c:\users\marcel klahn\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{A445A008-32C2-400C-8863-411BAA8A4F5B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{A9766ECF-7510-4353-B3FE-914C6231FE3E}" = protocol=6 | dir=in | app=d:\alicesetup.exe | 
"{A97AEF74-69F7-4D98-B0E9-AB2E5280C90B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{AC2DA7B4-4134-458A-BFD5-D3C3A8F27D69}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{B14147BB-5B4D-4D28-A102-7F0E75FC427A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B182805B-2EEF-4832-B2FE-A69E14F5E31E}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\terence_hill16\counter-strike source\hl2.exe | 
"{BC435D40-F6E2-4B35-8CF3-4DBADE74E54A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{BE169CC6-F67D-43CF-8D6D-DAC5BD3990E2}" = protocol=17 | dir=in | app=d:\alicesetup.exe | 
"{BEA626B6-140C-4DC4-AD06-572D004D03BF}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{C20E7EA3-389D-4629-A28D-4B63E88E05EF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C210FDBE-3DE2-4FC9-B464-AFF7F763F7E5}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{C826C2E0-613E-4A3B-8A97-D549C7267ADF}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{CC216FFB-1C51-4745-B465-2E29E6662F90}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{CCF94C05-7D03-406F-B8C6-5142559C33FC}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{CEFAB09C-3281-4293-B731-236907552C5F}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{D21D5511-CA82-46B1-9303-8CFB4BA9E85F}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{D9917DA7-E508-4DCC-BC2B-D24D9883775C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | 
"{DEE67258-0384-4F34-9F9C-E32EDEE15A4A}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\terence_hill16\condition zero\hl.exe | 
"{DF2C31C5-1E98-484B-8793-67AA68A937E1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{E88CD5C9-604D-4288-8371-A6F18D6B9E31}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{E976FDEE-5A74-42F5-B304-A8B2F23051A5}" = protocol=17 | dir=in | app=c:\program files\rockstar games\eflc\launcheflc.exe | 
"{EE569652-E0F3-4E8D-82DC-4BD8963AEA8D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{F846C41E-8D05-44EC-8530-339BF955C63B}" = protocol=6 | dir=in | app=c:\program files\sega\vancouver 2010\vancouver.exe | 
"{F8E14428-4B46-4EB2-92BB-AEB6BD6CB99F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F900BB65-0B84-4A56-8A5B-B2CF41AF8E03}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{FCDFEFD3-6581-4179-8AB1-6003237BB360}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{FF6D65DD-3CD2-4630-B4BF-E0CED9D72BB8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{FFBC7F42-7321-4B8B-AFF1-C37EA4C95694}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"TCP Query User{0469FBDB-B53F-4C52-9D56-C5B96E022AEE}C:\program files\xfire\ua_lsp_inst.exe" = protocol=6 | dir=in | app=c:\program files\xfire\ua_lsp_inst.exe | 
"TCP Query User{2C321FA3-3086-47DA-B61C-D566CDAFCC07}C:\program files\ea games\medal of honor pacific assault(tm)\mohpa.exe" = protocol=6 | dir=in | app=c:\program files\ea games\medal of honor pacific assault(tm)\mohpa.exe | 
"TCP Query User{6A8B49C0-9365-4931-8BC9-168FE521F4F0}C:\program files\call of duty\codmp.exe" = protocol=6 | dir=in | app=c:\program files\call of duty\codmp.exe | 
"TCP Query User{7F8B6A9E-CC53-408A-875B-B5F0D55ABFC0}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{80AA73F2-692D-45A7-9B2E-FF1E5336A7A6}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{8B63153C-DDD6-4944-A29B-4B2EECCB341A}C:\program files\valve\steam\steamapps\terence_hill16\condition zero deleted scenes\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\terence_hill16\condition zero deleted scenes\hl.exe | 
"TCP Query User{9601E0F4-B2BB-4DCA-A852-AFD642B1424E}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{A4A0133B-8D58-4A4B-98D0-0916DBA5800B}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{C972AA6C-D050-438F-B370-8D6339836659}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{DFA68155-7830-4AAD-BD78-85A69289DEAC}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{E9085907-EA7A-4732-827F-41A487D129E8}C:\program files\rockstar games\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\eflc\eflc.exe | 
"UDP Query User{20EEDED2-3DB9-4516-A798-88C6128FA5B6}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{39D9187B-9ECC-4C15-98B7-BBBF3068E252}C:\program files\ea games\medal of honor pacific assault(tm)\mohpa.exe" = protocol=17 | dir=in | app=c:\program files\ea games\medal of honor pacific assault(tm)\mohpa.exe | 
"UDP Query User{6736E1EB-975B-4955-B86B-C8A9D70BDC5D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{6F7DAE3B-4425-43F5-A2CE-D29962C53E83}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{8AC42B42-5F81-4684-8781-D51E743F8B40}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{916070E9-4976-4F99-AC75-229E084A406A}C:\program files\xfire\ua_lsp_inst.exe" = protocol=17 | dir=in | app=c:\program files\xfire\ua_lsp_inst.exe | 
"UDP Query User{A851158D-8BB8-4D33-8B4B-13AA47159303}C:\program files\call of duty\codmp.exe" = protocol=17 | dir=in | app=c:\program files\call of duty\codmp.exe | 
"UDP Query User{AE1AD9E7-0285-4D50-A2D5-A9C6799E9C2C}C:\program files\rockstar games\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\eflc\eflc.exe | 
"UDP Query User{B0CF7F79-99C6-4F94-8E41-61F3B20648ED}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{BF347138-0056-406D-93E4-340991A675CF}C:\program files\valve\steam\steamapps\terence_hill16\condition zero deleted scenes\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\terence_hill16\condition zero deleted scenes\hl.exe | 
"UDP Query User{E73C0106-7AA6-437A-ACBF-A76C8CCFBD95}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{05DCB19F-234A-7E88-522D-4C90F3D501EE}" = CCC Help Chinese Standard
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0825DB8F-54A6-1964-3E8E-D9548777447E}" = CCC Help Greek
"{0B0116D6-60DD-9DDB-39A3-B9E82EB82FFA}" = CCC Help Finnish
"{0D6F13C8-83EE-5B1E-AFA2-D048118F8E17}" = CCC Help Swedish
"{0E9E7F27-15EA-C664-796F-BF0B51FAA8D2}" = CCC Help Danish
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1204BC47-3822-B05A-ED32-987F3653A954}" = Catalyst Control Center Graphics Previews Common
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1577F264-A7FC-5A53-823B-D1EDF32D611D}" = CCC Help Japanese
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 24
"{26C5D4C6-E7EC-64B2-E119-549D9B271820}" = CCC Help Turkish
"{28241D8C-C149-57A3-9659-6C1C2F3588C5}" = CCC Help Czech
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32C09AEA-BCAE-4595-0A9E-1DA30A0CA936}" = CCC Help English
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3880E12E-99E8-0191-B947-498F87E360E1}" = CCC Help Korean
"{3C8BD1B0-5E91-573D-A5F5-B80430D30436}" = CCC Help Spanish
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4026AEE5-528D-72E8-9A23-C51C7EBCB124}" = CCC Help Norwegian
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B8FD0B6-CFC9-E468-357C-E6EAA83EE2EB}" = CCC Help German
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53A5DF5E-E0B2-64D7-9908-500B590B0C7F}" = CCC Help Polish
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{5527CA99-AAEC-45E2-9EB9-CED0BB2FC2BD}" = MorphVOX Pro
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault(tm)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{59C45031-B4B1-EAA3-01B3-23FF59A1DDB5}" = CCC Help Thai
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{6291FC10-FDF0-4022-A1A5-710C728D49C2}" = Vancouver 2010
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73A0F8AC-61F6-4C86-D448-7EB8C066A0F3}" = CCC Help French
"{75430901-2556-AAAF-C31A-CB35BEE5DB71}" = CCC Help Hungarian
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{782DADC3-C885-4572-8F6A-675304CA8782}" = ccc-utility
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B772F48-58A8-48C1-8F93-0AA960767FCA}" = Linkury Smartbar
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}" = Cradle of Rome
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112270203}" = Dream Day Wedding
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113056167}" = Dream Day Honeymoon
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115443300}" = Cooking Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8651BEDC-F331-8263-B856-696194F55B9A}" = CCC Help Russian
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D4F1C64-4E17-9532-E0DC-A08E2A7A7502}" = CCC Help Chinese Traditional
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9BCA07A1-B626-0AFE-9D04-66C5E75AB15A}" = AMD Catalyst Install Manager
"{9FD17B01-2356-455D-5397-1BED89DFA07F}" = CCC Help Dutch
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A1CE4680-F9EA-400D-BE71-70995522BD82}_is1" = Voodoo Skript 1.6.9
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BB87040F-C72D-69D8-356B-F7ABE8FD792E}" = CCC Help Portuguese
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4625A3D-F9A3-D5F4-F60F-2BB24DCC1C01}" = Catalyst Control Center
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext
"{C9CF43F4-CFFA-629E-C2EF-D5F330D593F4}" = Catalyst Control Center InstallProxy
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.74.216
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{DFDDBC6C-54F0-A526-40C5-E3DC41BD4098}" = CCC Help Italian
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E19490CD-5380-4F37-B0A7-624D635605DC}" = Catalyst Control Center - Branding
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F06119B1-23C6-8EB7-D8B9-1EDBAC8B254A}" = Catalyst Control Center Localization All
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AV Voice Changer Software DIAMOND 7.0" = AV Voice Changer Software DIAMOND 7.0
"Avidemux 2.5" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Call of Duty" = Call of Duty
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"conduitEngine" = Conduit Engine
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FormatFactory" = FormatFactory 2.30
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"ICQToolbar" = ICQ Toolbar
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"kikin Plugin (NO23 Edition)" = kikin Plugin (NO23 Edition) 1.11
"LManager" = Launch Manager
"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 6.0.19.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live_Germany Toolbar" = Messenger_Plus_Live_Germany Toolbar
"MessengerPlusLive_Germany_TB Toolbar" = MessengerPlusLive Germany TB Toolbar
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PokerStars" = PokerStars
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0
"Shop for HP Supplies" = Shop for HP Supplies
"SopCast" = SopCast 3.2.4
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 30" = Day of Defeat
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Steam App 550" = Left 4 Dead 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.08.2011 13:58:56 | Computer Name = MeinPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.08.2011 06:34:57 | Computer Name = MeinPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.08.2011 12:53:13 | Computer Name = MeinPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.08.2011 15:20:23 | Computer Name = MeinPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.08.2011 12:54:56 | Computer Name = MeinPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.08.2011 16:25:23 | Computer Name = MeinPC | Source = Application Hang | ID = 1002
Description = Programm iTunes.exe, Version 10.2.2.14 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 470  Anfangszeit: 01cc5c43f2380427  Zeitpunkt der Beendigung:
 80
 
Error - 19.08.2011 06:40:18 | Computer Name = MeinPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.08.2011 17:18:34 | Computer Name = MeinPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.08.2011 12:49:17 | Computer Name = MeinPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.08.2011 13:15:22 | Computer Name = MeinPC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 24.12.2011 06:18:25 | Computer Name = MeinPC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.5 für die Netzwerkkarte mit der Netzwerkadresse
 00265E49CE16 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 24.12.2011 23:32:33 | Computer Name = MeinPC | Source = HTTP | ID = 15016
Description = 
 
Error - 24.12.2011 23:34:09 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 25.12.2011 06:28:06 | Computer Name = MeinPC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 25.12.2011 um 04:49:25 unerwartet heruntergefahren.
 
Error - 25.12.2011 06:28:09 | Computer Name = MeinPC | Source = HTTP | ID = 15016
Description = 
 
Error - 25.12.2011 06:28:13 | Computer Name = MeinPC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.5 für die Netzwerkkarte mit der Netzwerkadresse
 00265E49CE16 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 25.12.2011 06:29:46 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 25.12.2011 12:17:15 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 26.12.2011 07:24:45 | Computer Name = MeinPC | Source = bowser | ID = 8003
Description = 
 
Error - 26.12.2011 08:36:22 | Computer Name = MeinPC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 26.12.2011 um 12:53:13 unerwartet heruntergefahren.
 
 
< End of report >
         

Alt 24.06.2012, 19:17   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
- Rookit und Sirefef -Malwarebytes - Standard

- Rookit und Sirefef -Malwarebytes



Das ist nur das Extras-Log ich brauche aber primär die OTL.txt
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.06.2012, 19:22   #13
Mr.Mkay
 
- Rookit und Sirefef -Malwarebytes - Standard

- Rookit und Sirefef -Malwarebytes



Entschuldige! Wer lesen kann, ist klar im Vorteil!
Zitat:
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
Sorry, hier OTL.txt

Code:
ATTFilter
OTL logfile created on: 24.06.2012 18:09:01 - Run 1
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\Marcel Klahn\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 62,18% Memory free
6,21 Gb Paging File | 4,84 Gb Available in Paging File | 77,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 108,53 Gb Free Space | 23,80% Space Free | Partition Type: NTFS
 
Computer Name: MEINPC | User Name: Marcel Klahn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.24 18:06:27 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel Klahn\Desktop\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.02.15 05:13:20 | 000,405,504 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012.02.15 05:12:48 | 000,163,328 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.09.04 20:46:32 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\MARCEL~1\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2009.07.26 05:46:25 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.25 21:09:24 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.06.25 03:47:04 | 001,069,576 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009.06.23 17:19:14 | 000,711,200 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
PRC - [2009.06.23 17:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
PRC - [2009.06.23 17:19:12 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
PRC - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009.05.14 23:03:18 | 000,345,384 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009.05.13 19:39:42 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.11 19:32:06 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.01.21 01:41:24 | 000,202,024 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2009.01.21 01:41:18 | 000,156,968 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2008.12.26 17:30:58 | 000,173,288 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2008.12.18 14:51:34 | 000,075,048 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.15 04:11:36 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2012.02.14 23:13:24 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011.11.09 10:55:02 | 000,016,384 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.01.27 21:16:20 | 000,239,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\93e9637d1e5c69baa89c5a47dc44153f\WindowsFormsIntegration.ni.dll
MOD - [2011.01.27 20:51:37 | 011,791,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll
MOD - [2011.01.27 08:33:31 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3736ba3ecac186f9c5d85f01bda2be98\System.Runtime.Remoting.ni.dll
MOD - [2010.07.23 00:41:29 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2010.05.04 22:45:15 | 002,294,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\6c69930d05c557da70144bcc0add7065\System.Core.ni.dll
MOD - [2010.05.04 22:45:10 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9ad65537fa3d6b3c9c01a98586acfa28\PresentationFramework.Aero.ni.dll
MOD - [2010.05.04 22:45:09 | 014,320,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2606f840d6783c9c2307965650735ada\PresentationFramework.ni.dll
MOD - [2010.05.04 22:44:49 | 012,428,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
MOD - [2010.05.04 22:44:40 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
MOD - [2010.05.04 22:44:34 | 005,449,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
MOD - [2010.05.04 22:44:29 | 000,970,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
MOD - [2010.05.04 22:44:25 | 012,213,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9895974a8ff48335614f44603ff16a9d\PresentationCore.ni.dll
MOD - [2010.05.04 22:44:11 | 003,311,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\400510870f710fd409ee7fc71b4a69aa\WindowsBase.ni.dll
MOD - [2010.05.04 22:44:07 | 007,867,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2010.05.04 22:43:39 | 011,485,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009.07.25 21:09:24 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009.03.12 12:46:55 | 000,430,080 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.12 12:46:54 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.12 12:46:49 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.03.12 12:46:37 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.02.02 17:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2009.01.21 01:41:26 | 000,872,448 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009.01.21 01:41:22 | 000,007,680 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
MOD - [2003.06.07 23:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.21 22:21:17 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.02.15 05:12:48 | 000,163,328 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.06.23 17:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.01.16 20:53:30 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008.12.18 14:51:34 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.02.15 05:47:12 | 009,182,208 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012.02.15 05:47:12 | 009,182,208 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012.02.15 04:12:48 | 000,264,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011.12.05 21:46:56 | 000,083,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2011.11.17 21:14:36 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2009.12.09 15:51:48 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.11.26 01:06:34 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.01.16 20:53:32 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008.12.30 00:57:56 | 000,952,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.12.26 13:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2008.12.04 18:34:34 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008.12.04 18:34:34 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008.12.04 18:34:34 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008.11.12 04:29:42 | 000,154,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008.09.04 06:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5738
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5738
IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5738
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.linkury.com
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC&o=15000&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=PV&apn_dtid=&apn_uid=28A6E7D8-4CE1-44DA-8732-4624D117B7AD&apn_sauid=FD0D6661-8E96-4704-8BB3-384684DCF121
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=w7cD6BnnfuVHOjUz6-hH5q7wNTA?q={searchTerms}
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=www-proxy.google.de:3128;http=www-proxy.google.de:3128
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Marcel Klahn\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.11.18 19:11:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.22 13:42:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.22 22:43:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.11.18 19:11:50 | 000,000,000 | ---D | M]
 
[2012.06.22 13:42:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcel Klahn\AppData\Roaming\mozilla\Extensions
[2012.06.23 13:46:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcel Klahn\AppData\Roaming\mozilla\Firefox\Profiles\balegvbu.default\extensions
[2012.06.22 13:42:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.01.18 22:09:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.20 13:35:15 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Linkury Smartbar Search (Enabled)
CHR - default_search_provider: search_url = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:5731629158&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Marcel Klahn\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Shockwave Flash = C:\Users\Marcel Klahn\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1010111618\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\Toolbar\WebBrowser: (Messenger Plus Live Germany Toolbar) - {542E4D79-1970-4E95-9862-FDB96F61B280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\Toolbar\WebBrowser: (MessengerPlusLive Germany TB Toolbar) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000..\Run: [Facebook Update] C:\Users\Marcel Klahn\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000..\Run: [Linkury Chrome Smartbar] C:\Program Files\Linkury\Linkury.exe startup File not found
O4 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marcel Klahn\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BF6FFA2-68FE-46EF-86A5-EACA2BD2376E}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C50B5E64-FEB9-43A5-8D7F-A5168348F856}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Marcel Klahn\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Marcel Klahn\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{16bdb6e5-f5f2-11de-af79-001f16b62207}\Shell - "" = AutoRun
O33 - MountPoints2\{16bdb6e5-f5f2-11de-af79-001f16b62207}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{977c12ef-ff54-11de-bcad-001f16b62207}\Shell - "" = AutoRun
O33 - MountPoints2\{977c12ef-ff54-11de-bcad-001f16b62207}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.24 18:06:24 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Marcel Klahn\Desktop\OTL.exe
[2012.06.22 14:11:06 | 000,000,000 | ---D | C] -- C:\Users\Marcel Klahn\AppData\Roaming\Malwarebytes
[2012.06.22 13:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.06.22 13:40:07 | 000,000,000 | ---D | C] -- C:\Users\Marcel Klahn\AppData\Roaming\Mozilla
[2012.06.21 23:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.06 13:18:41 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars
[2012.06.06 13:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.24 18:08:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.24 18:06:27 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel Klahn\Desktop\OTL.exe
[2012.06.24 17:34:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.24 17:34:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.24 17:17:02 | 000,013,472 | ---- | M] () -- C:\Users\Marcel Klahn\Desktop\104598.jpg
[2012.06.24 16:19:01 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-499933100-2867506379-2947858537-1000UA.job
[2012.06.24 13:08:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.24 12:42:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.23 16:59:52 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.23 16:59:51 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.23 16:59:51 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.23 16:59:51 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.23 16:53:47 | 3215,810,560 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.22 14:06:59 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.22 13:42:17 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.22 13:24:41 | 000,000,104 | ---- | M] () -- C:\Users\Marcel Klahn\Desktop\Internet - Verknüpfung.lnk
[2012.06.22 13:22:20 | 000,007,836 | ---- | M] () -- C:\Users\Marcel Klahn\AppData\Local\d3d9caps.dat
 
========== Files Created - No Company Name ==========
 
[2012.06.24 17:17:01 | 000,013,472 | ---- | C] () -- C:\Users\Marcel Klahn\Desktop\104598.jpg
[2012.06.22 14:06:59 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.22 13:42:17 | 000,000,822 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.06.22 13:42:17 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.22 13:24:41 | 000,000,104 | ---- | C] () -- C:\Users\Marcel Klahn\Desktop\Internet - Verknüpfung.lnk
[2012.03.21 13:20:14 | 000,000,745 | ---- | C] () -- C:\Windows\CoD.INI
[2012.02.14 23:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2012.01.10 23:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.03.22 02:29:15 | 000,022,836 | ---- | C] () -- C:\Users\Marcel Klahn\AppData\Roaming\3A92.424
[2010.11.18 18:55:02 | 000,181,716 | ---- | C] () -- C:\Windows\hpoins44.dat
[2010.11.14 23:47:53 | 000,000,026 | ---- | C] () -- C:\Windows\NeoSetup.INI
[2010.09.29 03:13:06 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.03.19 00:33:59 | 000,000,716 | ---- | C] () -- C:\Users\Marcel Klahn\AppData\Roaming\wklnhst.dat
[2009.12.06 23:54:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.11.19 23:18:13 | 000,001,478 | ---- | C] () -- C:\Users\Marcel Klahn\AppData\Local\RecConfig.xml
[2009.10.06 21:08:17 | 000,040,448 | ---- | C] () -- C:\Users\Marcel Klahn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.07 07:35:17 | 000,007,836 | ---- | C] () -- C:\Users\Marcel Klahn\AppData\Local\d3d9caps.dat
[2008.01.21 04:25:01 | 000,002,048 | -HS- | C] () -- C:\Users\Marcel Klahn\AppData\Local\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\@
 
========== LOP Check ==========
 
[2009.07.25 21:24:09 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2009.07.25 21:24:09 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2010.03.03 12:01:07 | 000,000,000 | -HSD | M] -- C:\Users\Marcel Klahn\AppData\Roaming\.#
[2009.07.25 21:24:09 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Acer GameZone Console
[2010.06.19 17:58:00 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\avidemux
[2010.01.04 15:54:28 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Avnex
[2011.11.17 21:18:07 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\DAEMON Tools Lite
[2011.04.25 19:25:38 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.09.04 14:04:08 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\eSobi
[2010.10.04 06:35:36 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Fuamy
[2012.06.06 14:03:45 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\ICQ
[2010.10.05 18:53:16 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Itixzu
[2010.12.26 13:17:03 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\kikin
[2011.11.17 21:16:50 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\OpenCandy
[2009.12.08 15:24:19 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\PlayFirst
[2012.04.05 22:37:30 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\PowerCinema
[2010.07.10 17:20:01 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Qiupk
[2010.06.21 13:58:13 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\QuickStoresToolbar
[2010.01.04 16:00:53 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Screaming Bee
[2012.04.05 22:34:45 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\SoftDMA
[2011.03.24 16:52:59 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\TeamViewer
[2010.03.19 00:34:02 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Template
[2012.06.22 22:43:09 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\TS3Client
[2010.07.09 12:06:10 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Uhdovy
[2012.03.21 23:19:03 | 000,000,934 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-499933100-2867506379-2947858537-1000Core.job
[2012.06.24 16:19:01 | 000,000,956 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-499933100-2867506379-2947858537-1000UA.job
[2012.06.23 14:05:14 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.03.03 12:01:07 | 000,000,000 | -HSD | M] -- C:\Users\Marcel Klahn\AppData\Roaming\.#
[2009.07.25 21:24:09 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Acer GameZone Console
[2009.09.22 14:58:36 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Adobe
[2009.11.04 15:20:20 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Apple Computer
[2009.09.04 20:46:35 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\ATI
[2010.06.19 17:58:00 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\avidemux
[2010.01.04 15:54:28 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Avnex
[2012.04.05 22:34:44 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\CyberLink
[2011.11.17 21:18:07 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\DAEMON Tools Lite
[2009.10.06 21:08:07 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\DivX
[2011.04.25 19:25:38 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.09.04 14:04:08 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\eSobi
[2010.10.04 06:35:36 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Fuamy
[2009.09.04 13:53:59 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Google
[2010.11.18 19:23:38 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\HP
[2012.06.06 14:03:45 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\ICQ
[2009.09.04 20:45:24 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Identities
[2010.10.05 18:53:16 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Itixzu
[2010.12.26 13:17:03 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\kikin
[2009.09.04 20:46:05 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Macromedia
[2012.06.22 14:11:06 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Media Center Programs
[2011.11.17 20:55:01 | 000,000,000 | --SD | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Microsoft
[2012.06.22 13:42:20 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Mozilla
[2011.11.17 21:16:50 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\OpenCandy
[2009.12.08 15:24:19 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\PlayFirst
[2012.04.05 22:37:30 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\PowerCinema
[2010.07.10 17:20:01 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Qiupk
[2010.06.21 13:58:13 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\QuickStoresToolbar
[2010.01.04 16:00:53 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Screaming Bee
[2010.05.04 14:39:57 | 000,000,000 | RH-D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\SecuROM
[2010.10.02 19:39:05 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Skype
[2010.10.02 19:32:16 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\skypePM
[2012.04.05 22:34:45 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\SoftDMA
[2012.03.20 21:14:55 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\teamspeak2
[2011.03.24 16:52:59 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\TeamViewer
[2010.03.19 00:34:02 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Template
[2012.06.22 22:43:09 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\TS3Client
[2010.01.14 00:23:05 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\U3
[2010.07.09 12:06:10 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Uhdovy
[2009.09.06 22:39:17 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.11.09 20:44:46 | 000,752,688 | ---- | M] () -- C:\Users\Marcel Klahn\AppData\Roaming\kikin\kikin_updater_2.4.15.exe
[2010.12.26 13:17:13 | 000,228,657 | ---- | M] () -- C:\Users\Marcel Klahn\AppData\Roaming\kikin\kikin_updater_2.9.1.exe
[2011.07.28 21:23:27 | 003,085,984 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Marcel Klahn\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2010.01.04 15:59:13 | 000,104,470 | R--- | M] () -- C:\Users\Marcel Klahn\AppData\Roaming\Microsoft\Installer\{5527CA99-AAEC-45E2-9EB9-CED0BB2FC2BD}\_6FEFF9B68218417F98F549.exe
[2010.01.04 15:59:13 | 000,104,470 | R--- | M] () -- C:\Users\Marcel Klahn\AppData\Roaming\Microsoft\Installer\{5527CA99-AAEC-45E2-9EB9-CED0BB2FC2BD}\_BEBCCB425837855F193AE7.exe
[2010.01.04 15:59:13 | 000,104,470 | R--- | M] () -- C:\Users\Marcel Klahn\AppData\Roaming\Microsoft\Installer\{5527CA99-AAEC-45E2-9EB9-CED0BB2FC2BD}\_F45B3AB76C8CE6133754A5.exe
[2011.11.17 21:17:02 | 005,750,064 | ---- | M] () -- C:\Users\Marcel Klahn\AppData\Roaming\OpenCandy\CCD98C77DC1F4EC4AC65BD71C2D04232\LinkuryInstaller_p1v6.exe
[2010.06.20 13:35:13 | 000,704,248 | ---- | M] () -- C:\Users\Marcel Klahn\AppData\Roaming\QuickStoresToolbar\unins000.exe
[2010.03.03 15:00:50 | 000,045,304 | ---- | M] (Andreas Breitschopp - Softwareentwicklung und -vertrieb) -- C:\Users\Marcel Klahn\AppData\Roaming\QuickStoresToolbar\Update.exe
[2007.10.23 10:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Marcel Klahn\AppData\Roaming\U3\087723163E535EA3\cleanup.exe
[2008.05.02 11:41:48 | 003,493,888 | ---- | M] (SanDisk Corporation) -- C:\Users\Marcel Klahn\AppData\Roaming\U3\087723163E535EA3\Launchpad Removal.exe
[2008.05.04 17:02:26 | 004,603,904 | ---- | M] () -- C:\Users\Marcel Klahn\AppData\Roaming\U3\087723163E535EA3\LaunchPad.exe
[2007.10.23 10:44:48 | 000,054,584 | ---- | M] () -- C:\Users\Marcel Klahn\AppData\Roaming\U3\087723163E535EA3\U3AccessGrant.exe
[2008.05.02 11:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\Marcel Klahn\AppData\Roaming\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.02.12 18:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Acer\Preload\Autorun\DRV\AHCI\X64\IaStor.sys
[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Acer\Preload\Autorun\DRV\AHCI\X86\IaStor.sys
[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys
[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys
[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_c491546e\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.02.15 05:13:56 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:B203B914
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:DCAF903C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3064D21D
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:CE0A077E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:BB24555F

< End of report >
         

Alt 25.06.2012, 11:35   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
- Rookit und Sirefef -Malwarebytes - Standard

- Rookit und Sirefef -Malwarebytes



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5738
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5738
IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5738
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.linkury.com
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=SPC&o=15000&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=PV&apn_dtid=&apn_uid=28A6E7D8-4CE1-44DA-8732-4624D117B7AD&apn_sauid=FD0D6661-8E96-4704-8BB3-384684DCF121
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=w7cD6BnnfuVHOjUz6-hH5q7wNTA?q={searchTerms}
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=www-proxy.google.de:3128;http=www-proxy.google.de:3128
[2010.01.18 22:09:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.20 13:35:15 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
CHR - default_search_provider: Linkury Smartbar Search (Enabled)
CHR - default_search_provider: search_url = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:5731629158&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1010111618\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\Toolbar\WebBrowser: (Messenger Plus Live Germany Toolbar) - {542E4D79-1970-4E95-9862-FDB96F61B280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\Toolbar\WebBrowser: (MessengerPlusLive Germany TB Toolbar) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000..\Run: [Linkury Chrome Smartbar] C:\Program Files\Linkury\Linkury.exe startup File not found
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{16bdb6e5-f5f2-11de-af79-001f16b62207}\Shell - "" = AutoRun
O33 - MountPoints2\{16bdb6e5-f5f2-11de-af79-001f16b62207}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{977c12ef-ff54-11de-bcad-001f16b62207}\Shell - "" = AutoRun
O33 - MountPoints2\{977c12ef-ff54-11de-bcad-001f16b62207}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
[2011.03.22 02:29:15 | 000,022,836 | ---- | C] () -- C:\Users\Marcel Klahn\AppData\Roaming\3A92.424
[2010.03.03 12:01:07 | 000,000,000 | -HSD | M] -- C:\Users\Marcel Klahn\AppData\Roaming\.#
[2010.12.26 13:17:03 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\kikin
[2010.10.05 18:53:16 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Itixzu
[2010.07.09 12:06:10 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Uhdovy
[2010.10.04 06:35:36 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Fuamy
[2010.07.10 17:20:01 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Qiupk
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:B203B914
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:DCAF903C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3064D21D
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:CE0A077E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:BB24555F
:Files
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.06.2012, 16:32   #15
Mr.Mkay
 
- Rookit und Sirefef -Malwarebytes - Standard

- Rookit und Sirefef -Malwarebytes



Hat geklappt, PC hat sich neugestartet
OGL-Fix:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{542e4d79-1970-4e95-9862-fdb96f61b280} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{542e4d79-1970-4e95-9862-fdb96f61b280}\ deleted successfully.
C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{76aeea42-e04a-4b62-83ab-df4b2be2541e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76aeea42-e04a-4b62-83ab-df4b2be2541e}\ deleted successfully.
C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
HKU\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de folder moved successfully.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{542e4d79-1970-4e95-9862-fdb96f61b280}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{542e4d79-1970-4e95-9862-fdb96f61b280}\ not found.
File C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76aeea42-e04a-4b62-83ab-df4b2be2541e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76aeea42-e04a-4b62-83ab-df4b2be2541e}\ not found.
File C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E601996F-E400-41CA-804B-CD6373A7EEE2}\ deleted successfully.
C:\Program Files\kikin\ie_kikin.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{542e4d79-1970-4e95-9862-fdb96f61b280} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{542e4d79-1970-4e95-9862-fdb96f61b280}\ not found.
File C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{76aeea42-e04a-4b62-83ab-df4b2be2541e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76aeea42-e04a-4b62-83ab-df4b2be2541e}\ not found.
File C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files\ICQ6Toolbar\1010111618\ICQToolBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{542E4D79-1970-4E95-9862-FDB96F61B280} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{542E4D79-1970-4E95-9862-FDB96F61B280}\ not found.
File C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll not found.
Registry value HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76AEEA42-E04A-4B62-83AB-DF4B2BE2541E}\ not found.
File C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll not found.
Registry value HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Linkury Chrome Smartbar deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65}\ not found.
File C:\Program Files\kikin\ie_kikin.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16bdb6e5-f5f2-11de-af79-001f16b62207}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16bdb6e5-f5f2-11de-af79-001f16b62207}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16bdb6e5-f5f2-11de-af79-001f16b62207}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16bdb6e5-f5f2-11de-af79-001f16b62207}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{977c12ef-ff54-11de-bcad-001f16b62207}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{977c12ef-ff54-11de-bcad-001f16b62207}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{977c12ef-ff54-11de-bcad-001f16b62207}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{977c12ef-ff54-11de-bcad-001f16b62207}\ not found.
File F:\LaunchU3.exe -a not found.
C:\Users\Marcel Klahn\AppData\Roaming\3A92.424 moved successfully.
C:\Users\Marcel Klahn\AppData\Roaming\.# folder moved successfully.
C:\Users\Marcel Klahn\AppData\Roaming\kikin folder moved successfully.
C:\Users\Marcel Klahn\AppData\Roaming\Itixzu folder moved successfully.
C:\Users\Marcel Klahn\AppData\Roaming\Uhdovy folder moved successfully.
C:\Users\Marcel Klahn\AppData\Roaming\Fuamy folder moved successfully.
C:\Users\Marcel Klahn\AppData\Roaming\Qiupk folder moved successfully.
ADS C:\ProgramData\Temp:B203B914 deleted successfully.
ADS C:\ProgramData\Temp:DCAF903C deleted successfully.
ADS C:\ProgramData\Temp:CDFF58FE deleted successfully.
ADS C:\ProgramData\Temp:3064D21D deleted successfully.
ADS C:\ProgramData\Temp:798A3728 deleted successfully.
ADS C:\ProgramData\Temp:B623B5B8 deleted successfully.
ADS C:\ProgramData\Temp:CE0A077E deleted successfully.
ADS C:\ProgramData\Temp:9E22BBE8 deleted successfully.
ADS C:\ProgramData\Temp:BB24555F deleted successfully.
========== FILES ==========
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\6baea4fe-37166f99-n folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\1a209876-5aa34940-n folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\5535ab32-339a3541-n folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\f84c6ae-43f11994-n folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\759e98ee-11ccc2f1-n folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\4f710eed-7b0aebee-n folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\14e5d595-24e5ba32-n folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\6d0ad391-639b839c-n folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 75 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Marcel Klahn
->Temp folder emptied: 2958623579 bytes
->Temporary Internet Files folder emptied: 166080469 bytes
->FireFox cache emptied: 2306488915 bytes
->Google Chrome cache emptied: 6364879 bytes
->Flash cache emptied: 3834252 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1140553856 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 6.277,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Marcel Klahn
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.0 log created on 06252012_161719

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Antwort

Themen zu - Rookit und Sirefef -Malwarebytes
80000000.@, 800000cb.@, administrator, anti-malware, antivir, appdata, autostart, code, dateien, dateisystem, ebanking, explorer, firefox, folge, frage, gelöscht, google, heuristiks/extra, heuristiks/shuriken, hotmail, mail, problem, rootkit, scan, seite, seiten, software, trojaner, virus, vista, wichtig



Ähnliche Themen: - Rookit und Sirefef -Malwarebytes


  1. Trojaner TR/Sirefef.BC.57, TR/Sirefef.AG.9, TR/ATRAPS.Gen2, TR/Necurs.A.71 und SpyHunter 4 auf Rechner
    Log-Analyse und Auswertung - 07.05.2013 (7)
  2. Trojaner Sirefef.AG.9 u. Sirefef.AL.50 in C:\$Recycle.Bin\, Vista-Sicherheitscenter u. Firewall nach anschl. VistaUpdate nicht mehr startbar
    Plagegeister aller Art und deren Bekämpfung - 06.03.2013 (41)
  3. Sirefef-A und Sirefef.mc Virenfund - eigenständiges Öffnen von Internetseiten
    Plagegeister aller Art und deren Bekämpfung - 12.11.2012 (9)
  4. Trojaner eingefangen - Sirefef-A/Sirefef-AHF/BitCoinMiner-U/Malware-gen
    Log-Analyse und Auswertung - 31.08.2012 (27)
  5. Win64/Sirefef.w - Sirefef.ab und Sirefef.M eingefangen
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (29)
  6. Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (18)
  7. win 32:Sirefef-AO und Malware.gen, win64:Sirefef-A gefunden von avast!
    Log-Analyse und Auswertung - 11.08.2012 (1)
  8. sirefef.ah und sirefef.r auf Win7 (32bit) gefunden. Rechner fährt automatisch runter.
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (37)
  9. Trojana:Win32/Sirefef.R und Sirefef.AH kann nicht entfernt werden
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (13)
  10. Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FF
    Plagegeister aller Art und deren Bekämpfung - 13.06.2012 (37)
  11. Trojan:Win64/Sirefef.K + .../Sirefef.D + .../Sirefef.E
    Log-Analyse und Auswertung - 13.01.2012 (15)
  12. Trojan:Win64/Sirefef.K, Sirefef.E und Sirefef.D kommen immer wieder
    Plagegeister aller Art und deren Bekämpfung - 04.01.2012 (1)
  13. Trojan:Win64/Sirefef.K & Sirefef.D & Sirefef.E
    Log-Analyse und Auswertung - 02.01.2012 (6)
  14. TR/Rootkit.Gen .... rookit.agent ..... security tool ..... C:\System Volume Informat
    Plagegeister aller Art und deren Bekämpfung - 12.03.2010 (3)
  15. Google zeigt mir unbekannte seiten! rookit oder malware vermutet bitte um hilfe ;)
    Log-Analyse und Auswertung - 25.02.2010 (2)
  16. TR/Rookit.Gen? noch drauf?
    Plagegeister aller Art und deren Bekämpfung - 14.12.2009 (4)
  17. [help]TR/rookit - neustinstallation ? hijack-log. inside
    Plagegeister aller Art und deren Bekämpfung - 21.09.2005 (6)

Zum Thema - Rookit und Sirefef -Malwarebytes - Nabend , erstmal sorry, dass ich während des EM-Spiels störe. Vorab, ich habe mich über dieses Problem bereits via google schlau gemacht und wurde immer auf eine Seite verwiesen...eben diese - - Rookit und Sirefef -Malwarebytes...
Archiv
Du betrachtest: - Rookit und Sirefef -Malwarebytes auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.