- Rookit und Sirefef -Malwarebytes

cosinus · 25.06.2012, 10:35

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5738
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5738
IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5738
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.linkury.com
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=SPC&o=15000&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=PV&apn_dtid=&apn_uid=28A6E7D8-4CE1-44DA-8732-4624D117B7AD&apn_sauid=FD0D6661-8E96-4704-8BB3-384684DCF121
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=w7cD6BnnfuVHOjUz6-hH5q7wNTA?q={searchTerms}
IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=www-proxy.google.de:3128;http=www-proxy.google.de:3128
[2010.01.18 22:09:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.20 13:35:15 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
CHR - default_search_provider: Linkury Smartbar Search (Enabled)
CHR - default_search_provider: search_url = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:5731629158&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1010111618\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\Toolbar\WebBrowser: (Messenger Plus Live Germany Toolbar) - {542E4D79-1970-4E95-9862-FDB96F61B280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\Toolbar\WebBrowser: (MessengerPlusLive Germany TB Toolbar) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000..\Run: [Linkury Chrome Smartbar] C:\Program Files\Linkury\Linkury.exe startup File not found
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{16bdb6e5-f5f2-11de-af79-001f16b62207}\Shell - "" = AutoRun
O33 - MountPoints2\{16bdb6e5-f5f2-11de-af79-001f16b62207}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{977c12ef-ff54-11de-bcad-001f16b62207}\Shell - "" = AutoRun
O33 - MountPoints2\{977c12ef-ff54-11de-bcad-001f16b62207}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
[2011.03.22 02:29:15 | 000,022,836 | ---- | C] () -- C:\Users\Marcel Klahn\AppData\Roaming\3A92.424
[2010.03.03 12:01:07 | 000,000,000 | -HSD | M] -- C:\Users\Marcel Klahn\AppData\Roaming\.#
[2010.12.26 13:17:03 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\kikin
[2010.10.05 18:53:16 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Itixzu
[2010.07.09 12:06:10 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Uhdovy
[2010.10.04 06:35:36 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Fuamy
[2010.07.10 17:20:01 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Qiupk
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:B203B914
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:DCAF903C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3064D21D
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:CE0A077E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:BB24555F
:Files
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

- Rookit und Sirefef -Malwarebytes

Plagegeister aller Art und deren Bekämpfung: - Rookit und Sirefef -Malwarebytes

- Rookit und Sirefef -Malwarebytes

Ähnliche Themen: - Rookit und Sirefef -Malwarebytes