|
Plagegeister aller Art und deren Bekämpfung: - Rookit und Sirefef -MalwarebytesWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
18.06.2012, 20:31 | #1 |
| - Rookit und Sirefef -Malwarebytes Nabend, erstmal sorry, dass ich während des EM-Spiels störe. Vorab, ich habe mich über dieses Problem bereits via google schlau gemacht und wurde immer auf eine Seite verwiesen...eben diese hier! Ich habe vor 3 Tagen von Antivir die Nachrichten bekommen, dass dort ein Virus gefunden wurde, meistens sirefef.ag.35 Die habe ich dann meistens gelöscht / in Q. verschoben. Darauf folgend im Abstand von wenigen Minuten kamen immer wieder diese Meldungen. Ich habe trotzdem keine Auffälligkeiten oder Leistungseinschränkungen feststellen können. Es klappt alles. Malwarebytes habe ich aktualisieren lassen und mal den kompletten scan gemacht. Er findet vor allem Rootkit0.Access und Trojan.Sirefef. WICHTIG: Ich betreibe kein Onlinebanking o.Ä.. Bin noch Student. Ich habe gelesen, dass es hier um eine Backddor geht, d.h. es wird die Tür für alle möglichen Trojaner und Würmer aufgemacht. Ist es denn jetzt gefärlich, wenn ich nur zu meiner sicheren Lernseiten in firefox gehe und facebook, also auf keine gefährlichen Seiten, wo es Würmer gibt? 2. Frage: ich habe gelesen, dass sogar der Rootkit Passwörter aufsaugt und speichert, passiert das auch wenn ich mich bei hotmail oder facebook anmelde und ist dies schlimm? Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.18.05 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 7.0.6001.18000 ... :: MEINPC [Administrator] Schutz: Aktiviert 18.06.2012 18:00:59 mbam-log-2012-06-18 (19-56-40).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 439418 Laufzeit: 1 Stunde(n), 55 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\Marcel Klahn\AppData\Local\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\n. -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\...\AppData\Local\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\n (Trojan.Dropper.PE4) -> Keine Aktion durchgeführt. C:\Users\...\AppData\Local\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\U\00000001.@ (Trojan.Small) -> Keine Aktion durchgeführt. C:\Users\...\AppData\Local\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\U\80000000.@ (Trojan.Sirefef) -> Keine Aktion durchgeführt. C:\Users\...\AppData\Local\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt. (Ende) |
20.06.2012, 14:32 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | - Rookit und Sirefef -Malwarebytes Bitte erstmal routinemäßig einen neuen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
22.06.2012, 02:13 | #3 |
| - Rookit und Sirefef -Malwarebytes Hat alles geklappt,
__________________Hier Malwarelog: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.21.04 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 7.0.6001.18000 Marcel Klahn :: MEINPC [Administrator] Schutz: Aktiviert 21.06.2012 14:10:12 mbam-log-2012-06-21 (16-26-36).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 439848 Laufzeit: 2 Stunde(n), 15 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\Marcel Klahn\AppData\Local\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\n. -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 7 C:\Users\Marcel Klahn\AppData\Local\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\n (Trojan.Dropper.PE4) -> Keine Aktion durchgeführt. C:\Users\Marcel Klahn\AppData\Local\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\U\00000001.@ (Trojan.Small) -> Keine Aktion durchgeführt. C:\Users\Marcel Klahn\AppData\Local\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\U\80000000.@ (Trojan.Sirefef) -> Keine Aktion durchgeführt. C:\Users\Marcel Klahn\AppData\Local\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt. C:\Users\Marcel Klahn\Downloads\SoftonicDownloader_fuer_malwarebytes-anti-malware.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\Marcel Klahn\Downloads\SoftonicDownloader_fuer_teamspeak.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. c:\windows\installer\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\n (Trojan.Dropper.PE4) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=8949f9efc4118d43b672d2a957c6d0e0 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-06-22 01:01:39 # local_time=2012-06-22 03:01:39 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=1797 16775165 100 100 21041 115828864 22387 0 # compatibility_mode=5892 16776574 66 95 103442810 177846285 0 0 # compatibility_mode=8192 67108863 100 0 273 273 0 0 # scanned=244590 # found=19 # cleaned=0 # scan_time=13342 C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_5.dll Win32/Toolbar.Linkury application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_6.dll Win32/Toolbar.Linkury application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_7.dll Win32/Toolbar.Linkury application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y9Y52FLE\hostinger-cs_ru[1].htm HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\Local\Temp\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\Local\Temp\Update_4c5b.exe a variant of Win32/MessengerPlus application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\Local\Temp\Update_5210.exe a variant of Win32/MessengerPlus application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\Local\Temp\0aaad5bd-8a71-4be4-bbc8-96aed3c2a44f\LinkuryInstaller.msi Win32/Toolbar.Linkury application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\20ed9fda-4dbb8e88 Java/Exploit.CVE-2011-3544.D trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\55296943-2bfd091e multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\30169967-1601fca9 multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\416f1f70-617ce9c7 multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\Roaming\Mozilla\Firefox\Profiles\f0tx55np.default\extensions\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_5.dll Win32/Toolbar.Linkury application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\Roaming\Mozilla\Firefox\Profiles\f0tx55np.default\extensions\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_6.dll Win32/Toolbar.Linkury application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\Roaming\Mozilla\Firefox\Profiles\f0tx55np.default\extensions\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_7.dll Win32/Toolbar.Linkury application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\Roaming\OpenCandy\CCD98C77DC1F4EC4AC65BD71C2D04232\LinkuryInstaller.msi Win32/Toolbar.Linkury application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\Downloads\MsgPlusLive-482.exe a variant of Win32/Adware.CiDHelp application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\Downloads\SoftonicDownloader_fuer_malwarebytes-anti-malware.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\Downloads\SoftonicDownloader_fuer_teamspeak.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I LG |
22.06.2012, 10:20 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | - Rookit und Sirefef -MalwarebytesZitat:
Code:
ATTFilter C:\Users\Marcel Klahn\Downloads\SoftonicDownloader_fuer_malwarebytes-anti-malware.exe Finger weg von Softonic!! Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen
__________________ Logfiles bitte immer in CODE-Tags posten |
22.06.2012, 12:46 | #5 |
| - Rookit und Sirefef -Malwarebytes So lieber Cosinus, ich war eben 2 Sekunden davon entfernt meinen Laptop mit einem Hammer zu zertrümmern, jetzt habe ich mich ein wenig beruhigt und kann wieder denken. Mein Laptop ist sehr alt (2,5 Jahre) -> kein Akku mehr, eben beim Hochfahren Aufladekabel ausversehen rausgerutscht und Laptop ging fast nicht mehr bzw hat ne Systemwiederherstellung gemacht, dann ging Mozilla nicht mehr, sodass ich den neu installieren musste, und mein persönliches Sahnehäubchen ist, dass die scheiß Malwarebyteskacke nicht mehr lädt, da kommt "Run time error 5 - invalid procedure call or blabla", ich installiere das jetzt alles neu und mache noch mal MALWAREBYTES VOLLSCAN und ESET und poste dann die logs okay? |
22.06.2012, 13:12 | #6 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | - Rookit und Sirefef -MalwarebytesZitat:
__________________ --> - Rookit und Sirefef -Malwarebytes |
23.06.2012, 12:54 | #7 |
| - Rookit und Sirefef -Malwarebytes So mein Lieber, Malwarebyteslog ( Habe alle Vögel entfernt, so dass sie in Quarantäne sind ). Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.22.04 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 7.0.6001.18000 Marcel Klahn :: MEINPC [Administrator] Schutz: Aktiviert 22.06.2012 14:16:05 mbam-log-2012-06-22 (23-54-12).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 440498 Laufzeit: 1 Stunde(n), 45 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\Marcel Klahn\AppData\Roaming\dwm.exe (Trojan.Downloader) -> Keine Aktion durchgeführt. C:\Users\Marcel Klahn\Downloads\SoftonicDownloader_fuer_malwarebytes-anti-malware.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\Marcel Klahn\Downloads\SoftonicDownloader_fuer_teamspeak.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=8949f9efc4118d43b672d2a957c6d0e0 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-06-22 01:01:39 # local_time=2012-06-22 03:01:39 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=1797 16775165 100 100 21041 115828864 22387 0 # compatibility_mode=5892 16776574 66 95 103442810 177846285 0 0 # compatibility_mode=8192 67108863 100 0 273 273 0 0 # scanned=244590 # found=19 # cleaned=0 # scan_time=13342 C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_5.dll Win32/Toolbar.Linkury application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_6.dll Win32/Toolbar.Linkury application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_7.dll Win32/Toolbar.Linkury application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y9Y52FLE\hostinger-cs_ru[1].htm HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\Local\Temp\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\Local\Temp\Update_4c5b.exe a variant of Win32/MessengerPlus application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\Local\Temp\Update_5210.exe a variant of Win32/MessengerPlus application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\Local\Temp\0aaad5bd-8a71-4be4-bbc8-96aed3c2a44f\LinkuryInstaller.msi Win32/Toolbar.Linkury application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\20ed9fda-4dbb8e88 Java/Exploit.CVE-2011-3544.D trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\55296943-2bfd091e multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\30169967-1601fca9 multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\416f1f70-617ce9c7 multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\Roaming\Mozilla\Firefox\Profiles\f0tx55np.default\extensions\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_5.dll Win32/Toolbar.Linkury application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\Roaming\Mozilla\Firefox\Profiles\f0tx55np.default\extensions\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_6.dll Win32/Toolbar.Linkury application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\Roaming\Mozilla\Firefox\Profiles\f0tx55np.default\extensions\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_7.dll Win32/Toolbar.Linkury application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\Roaming\OpenCandy\CCD98C77DC1F4EC4AC65BD71C2D04232\LinkuryInstaller.msi Win32/Toolbar.Linkury application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\Downloads\MsgPlusLive-482.exe a variant of Win32/Adware.CiDHelp application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\Downloads\SoftonicDownloader_fuer_malwarebytes-anti-malware.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\Downloads\SoftonicDownloader_fuer_teamspeak.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=87fd32826fbcd9498c8d58c38a192daa # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-06-23 11:44:39 # local_time=2012-06-23 01:44:39 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=1797 16775165 100 100 71178 115954075 61598 0 # compatibility_mode=5892 16776574 100 95 103568021 177971496 0 0 # compatibility_mode=8192 67108863 100 0 125484 125484 0 0 # scanned=245852 # found=14 # cleaned=0 # scan_time=13112 C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_5.dll Win32/Toolbar.Linkury application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_6.dll Win32/Toolbar.Linkury application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_7.dll Win32/Toolbar.Linkury application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y9Y52FLE\hostinger-cs_ru[1].htm HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\Local\Temp\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\Local\Temp\Update_4c5b.exe a variant of Win32/MessengerPlus application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\Local\Temp\Update_5210.exe a variant of Win32/MessengerPlus application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\Local\Temp\0aaad5bd-8a71-4be4-bbc8-96aed3c2a44f\LinkuryInstaller.msi Win32/Toolbar.Linkury application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\20ed9fda-4dbb8e88 Java/Exploit.CVE-2011-3544.D trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\55296943-2bfd091e multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\30169967-1601fca9 multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\416f1f70-617ce9c7 multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\AppData\Roaming\OpenCandy\CCD98C77DC1F4EC4AC65BD71C2D04232\LinkuryInstaller.msi Win32/Toolbar.Linkury application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel Klahn\Downloads\MsgPlusLive-482.exe a variant of Win32/Adware.CiDHelp application (unable to clean) 00000000000000000000000000000000 I |
24.06.2012, 16:19 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | - Rookit und Sirefef -Malwarebytes Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
24.06.2012, 16:24 | #9 |
| - Rookit und Sirefef -Malwarebytes 1.) Der normale Modus von Windos geht uneingeschränkt und flüssig. 2.) Es ist alles vorhanden und unverändert. |
24.06.2012, 17:03 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | - Rookit und Sirefef -Malwarebytes Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
24.06.2012, 18:00 | #11 |
| - Rookit und Sirefef -Malwarebytes OTLlog: Code:
ATTFilter OTL Extras logfile created on: 24.06.2012 18:09:01 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\XXX\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 62,18% Memory free 6,21 Gb Paging File | 4,84 Gb Available in Paging File | 77,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,99 Gb Total Space | 108,53 Gb Free Space | 23,80% Space Free | Partition Type: NTFS Computer Name: MEINPC | User Name: XXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07AEA761-D591-4AFB-ABBC-06048176C386}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{0D643B3F-A693-427B-A67C-48CB742D568B}" = lport=139 | protocol=6 | dir=in | app=system | "{1F662737-C9B6-4A7A-B765-C6722681FD55}" = rport=139 | protocol=6 | dir=out | app=system | "{39CF63C7-7F3B-4070-A63B-535F87E1BE65}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{4392B3A6-54A2-43E0-B46D-04692180B2C3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{55B050DB-47B2-4EDF-BB45-308871FAA202}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{604059AB-A7F2-4F32-BA9F-A8C0C49A8F8A}" = rport=445 | protocol=6 | dir=out | app=system | "{6F853BC8-B66E-425C-84D4-3A92BA34A1B2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{7F7C7A29-4430-4FF0-9A4C-D74D2D0297F4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{81C97AF4-C90B-43EA-8D3B-8FFE076E9138}" = lport=2869 | protocol=6 | dir=in | app=system | "{9358AFA7-4567-4B19-9684-52ACBB9B4057}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{9AC552F0-6A73-4356-A85B-795E4C1B79DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9ACCB99B-E069-4DA4-B11C-24F22A1BA7F9}" = rport=137 | protocol=17 | dir=out | app=system | "{9AD4124E-3C8C-4D2D-AB2C-40999D5796F0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B5F24EFF-8C7A-4711-9A98-F832016A7324}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{BAA5FB4E-347F-432F-B8AB-6E8F78F7FB4B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BE8E2EC8-AC5A-4B24-A9C1-77B54B62E2C6}" = lport=138 | protocol=17 | dir=in | app=system | "{C32876C3-F072-4828-80D7-BE2555F4E87D}" = rport=138 | protocol=17 | dir=out | app=system | "{DE723057-3ACC-4BC7-AB4A-4667B9B65C72}" = lport=137 | protocol=17 | dir=in | app=system | "{DFD1D758-50C3-4D6D-BE81-105F706A96F9}" = lport=445 | protocol=6 | dir=in | app=system | "{FFE9358B-64A8-4775-8263-6D9FC68FB75E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0034B4CA-A5B7-4A9B-9E5B-023388B08418}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{011A73C5-B957-42DA-9A3A-6D71ADA44F20}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | "{01248A5C-1CC9-47E7-A5DA-482787CFD1CF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{061BB3F6-4868-41E0-B7A4-490DE0645337}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{0AD63CA4-E4FB-4FCB-9EE2-9E7B8D955EB7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{0F718127-523C-488F-9CC4-DAD47B3B0A25}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{15BBEE9F-12AE-410C-817E-979CADE497C1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{18199688-6DBC-4332-BBB3-498810E5A503}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{1841BCD1-1775-4719-9843-188376CB1E55}" = dir=in | app=c:\program files\itunes\itunes.exe | "{1E55D932-337E-4B63-ABBA-26C86E209F95}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{1E897F8E-3298-47F0-97C7-19ADC5D0B640}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{22048019-8675-4445-B55D-9FDF63EBFC98}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\terence_hill16\condition zero\hl.exe | "{224736FA-9B8C-426A-9CA1-9455E0595E25}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | "{2350BA0C-4720-4D8A-8F36-FA863064E50F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{2364CF3D-3F74-433F-844D-9DBE24765FAC}" = protocol=17 | dir=in | app=c:\program files\sega\vancouver 2010\vancouver.exe | "{23AF9CBB-0F29-42A0-86CD-48CED64A316A}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{2A31AB8C-32D3-46EE-BEDB-117C7ECD290A}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{32A0C091-32D8-437C-A2AB-0ECBEDD740D1}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{40EDF76A-3D1E-4710-B472-67000AF7F63B}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty black ops\blackops.exe | "{4223ED3C-87E6-42D2-B3EB-F0F2BC71F3B0}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | "{44313369-55A3-4DAD-880E-2106C1031AB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{452CDF18-82B2-4844-8513-178CA8FE3360}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{49DC0E02-1B15-467D-8198-8466B564116C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{49F62A47-B755-424E-9267-4F406DD40A53}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{4BD3F5CB-CA22-4A88-8B7A-21CF7062CC13}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{4CA5F6F1-D5DE-494B-9D26-61EA0F213A7A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{4DD826E1-F48E-400E-A3A2-146AEECCD809}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{4E71E235-6DD8-41A9-9C31-481B80A22FBB}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\terence_hill16\counter-strike\hl.exe | "{4EDC18B9-3E32-44C8-9A7B-B268742A9586}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | "{56443007-DF0A-40AB-8202-A5EB39463465}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{5C23E97A-5833-4633-B4FE-241FA477B2F7}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{5E8A179A-401E-4BE6-BC52-7B3A5304B668}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{601CC48E-3C4D-4AB8-8EC1-E8A7521B630F}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{60BCEC71-D567-4DE7-A45C-0A1BA3437B82}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{64C0DAE4-7F7E-4D6E-AE20-0EB3F8C595D8}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{6663F193-62A0-403B-A82A-86F416581C0E}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty black ops\blackopsmp.exe | "{682B7FA9-0908-477F-8107-05881AF9487E}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{6D86947B-3BDE-4BA7-B745-05BCAA63EC5E}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steam.exe | "{6E12FEE1-50ED-49D2-A8FD-001E93AF8C79}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{6E3A109D-AC1A-485F-800A-32582D09EFA8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{6F97E643-0381-4EC4-B015-59AE9A4D1B1E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{7456D133-7724-4DE5-990F-1995F2ABB6E5}" = protocol=6 | dir=in | app=c:\program files\rockstar games\eflc\launcheflc.exe | "{7911B65F-F8D4-49AC-9559-FC298D813B4D}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | "{7DC8C5F2-DA97-490A-846E-E45818C73E03}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{7F12975D-5324-4466-9703-2D5D5F9F8047}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\terence_hill16\day of defeat\hl.exe | "{819240D5-7A55-4E61-B1BD-A3DB91533BB6}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{82B1698F-2559-4E40-88FF-7694D783A31C}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steam.exe | "{847A9F9D-53B5-482C-BEBD-9BD6CFD7AC1D}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\terence_hill16\counter-strike source\hl2.exe | "{8B964631-6A47-49F4-928A-EEB5ED22FDA1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{959129AB-1A37-4600-B6DA-B01833A5D626}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\terence_hill16\counter-strike\hl.exe | "{994497A6-8650-405D-BAD1-2029198B0DD5}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\terence_hill16\day of defeat\hl.exe | "{9AAA64FD-4199-4DFF-95D2-92A5CF1CE16A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | "{9ADB8DFB-C3BC-4AF8-8E5D-ABC56E454E15}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | "{9F5042B0-D76F-4288-B6F2-B8F4E203CCEA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9F59692A-0A15-4448-9DCB-8D28780ADD1A}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{A0969DB5-7D8B-42E3-AFB3-E730E2B86CB5}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{A0D12D26-A4F3-4363-A7C7-E2377A7C6843}" = dir=in | app=c:\users\marcel klahn\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{A445A008-32C2-400C-8863-411BAA8A4F5B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | "{A9766ECF-7510-4353-B3FE-914C6231FE3E}" = protocol=6 | dir=in | app=d:\alicesetup.exe | "{A97AEF74-69F7-4D98-B0E9-AB2E5280C90B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{AC2DA7B4-4134-458A-BFD5-D3C3A8F27D69}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{B14147BB-5B4D-4D28-A102-7F0E75FC427A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{B182805B-2EEF-4832-B2FE-A69E14F5E31E}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\terence_hill16\counter-strike source\hl2.exe | "{BC435D40-F6E2-4B35-8CF3-4DBADE74E54A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{BE169CC6-F67D-43CF-8D6D-DAC5BD3990E2}" = protocol=17 | dir=in | app=d:\alicesetup.exe | "{BEA626B6-140C-4DC4-AD06-572D004D03BF}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{C20E7EA3-389D-4629-A28D-4B63E88E05EF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C210FDBE-3DE2-4FC9-B464-AFF7F763F7E5}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | "{C826C2E0-613E-4A3B-8A97-D549C7267ADF}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{CC216FFB-1C51-4745-B465-2E29E6662F90}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | "{CCF94C05-7D03-406F-B8C6-5142559C33FC}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{CEFAB09C-3281-4293-B731-236907552C5F}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{D21D5511-CA82-46B1-9303-8CFB4BA9E85F}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty black ops\blackops.exe | "{D9917DA7-E508-4DCC-BC2B-D24D9883775C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | "{DEE67258-0384-4F34-9F9C-E32EDEE15A4A}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\terence_hill16\condition zero\hl.exe | "{DF2C31C5-1E98-484B-8793-67AA68A937E1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{E88CD5C9-604D-4288-8371-A6F18D6B9E31}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty black ops\blackopsmp.exe | "{E976FDEE-5A74-42F5-B304-A8B2F23051A5}" = protocol=17 | dir=in | app=c:\program files\rockstar games\eflc\launcheflc.exe | "{EE569652-E0F3-4E8D-82DC-4BD8963AEA8D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{F846C41E-8D05-44EC-8530-339BF955C63B}" = protocol=6 | dir=in | app=c:\program files\sega\vancouver 2010\vancouver.exe | "{F8E14428-4B46-4EB2-92BB-AEB6BD6CB99F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{F900BB65-0B84-4A56-8A5B-B2CF41AF8E03}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{FCDFEFD3-6581-4179-8AB1-6003237BB360}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{FF6D65DD-3CD2-4630-B4BF-E0CED9D72BB8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | "{FFBC7F42-7321-4B8B-AFF1-C37EA4C95694}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "TCP Query User{0469FBDB-B53F-4C52-9D56-C5B96E022AEE}C:\program files\xfire\ua_lsp_inst.exe" = protocol=6 | dir=in | app=c:\program files\xfire\ua_lsp_inst.exe | "TCP Query User{2C321FA3-3086-47DA-B61C-D566CDAFCC07}C:\program files\ea games\medal of honor pacific assault(tm)\mohpa.exe" = protocol=6 | dir=in | app=c:\program files\ea games\medal of honor pacific assault(tm)\mohpa.exe | "TCP Query User{6A8B49C0-9365-4931-8BC9-168FE521F4F0}C:\program files\call of duty\codmp.exe" = protocol=6 | dir=in | app=c:\program files\call of duty\codmp.exe | "TCP Query User{7F8B6A9E-CC53-408A-875B-B5F0D55ABFC0}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{80AA73F2-692D-45A7-9B2E-FF1E5336A7A6}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{8B63153C-DDD6-4944-A29B-4B2EECCB341A}C:\program files\valve\steam\steamapps\terence_hill16\condition zero deleted scenes\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\terence_hill16\condition zero deleted scenes\hl.exe | "TCP Query User{9601E0F4-B2BB-4DCA-A852-AFD642B1424E}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{A4A0133B-8D58-4A4B-98D0-0916DBA5800B}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{C972AA6C-D050-438F-B370-8D6339836659}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{DFA68155-7830-4AAD-BD78-85A69289DEAC}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{E9085907-EA7A-4732-827F-41A487D129E8}C:\program files\rockstar games\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\eflc\eflc.exe | "UDP Query User{20EEDED2-3DB9-4516-A798-88C6128FA5B6}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{39D9187B-9ECC-4C15-98B7-BBBF3068E252}C:\program files\ea games\medal of honor pacific assault(tm)\mohpa.exe" = protocol=17 | dir=in | app=c:\program files\ea games\medal of honor pacific assault(tm)\mohpa.exe | "UDP Query User{6736E1EB-975B-4955-B86B-C8A9D70BDC5D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{6F7DAE3B-4425-43F5-A2CE-D29962C53E83}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{8AC42B42-5F81-4684-8781-D51E743F8B40}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{916070E9-4976-4F99-AC75-229E084A406A}C:\program files\xfire\ua_lsp_inst.exe" = protocol=17 | dir=in | app=c:\program files\xfire\ua_lsp_inst.exe | "UDP Query User{A851158D-8BB8-4D33-8B4B-13AA47159303}C:\program files\call of duty\codmp.exe" = protocol=17 | dir=in | app=c:\program files\call of duty\codmp.exe | "UDP Query User{AE1AD9E7-0285-4D50-A2D5-A9C6799E9C2C}C:\program files\rockstar games\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\eflc\eflc.exe | "UDP Query User{B0CF7F79-99C6-4F94-8E41-61F3B20648ED}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{BF347138-0056-406D-93E4-340991A675CF}C:\program files\valve\steam\steamapps\terence_hill16\condition zero deleted scenes\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\terence_hill16\condition zero deleted scenes\hl.exe | "UDP Query User{E73C0106-7AA6-437A-ACBF-A76C8CCFBD95}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM) "{05DCB19F-234A-7E88-522D-4C90F3D501EE}" = CCC Help Chinese Standard "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller "{0825DB8F-54A6-1964-3E8E-D9548777447E}" = CCC Help Greek "{0B0116D6-60DD-9DDB-39A3-B9E82EB82FFA}" = CCC Help Finnish "{0D6F13C8-83EE-5B1E-AFA2-D048118F8E17}" = CCC Help Swedish "{0E9E7F27-15EA-C664-796F-BF0B51FAA8D2}" = CCC Help Danish "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{1204BC47-3822-B05A-ED32-987F3653A954}" = Catalyst Control Center Graphics Previews Common "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1 "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{1577F264-A7FC-5A53-823B-D1EDF32D611D}" = CCC Help Japanese "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 24 "{26C5D4C6-E7EC-64B2-E119-549D9B271820}" = CCC Help Turkish "{28241D8C-C149-57A3-9659-6C1C2F3588C5}" = CCC Help Czech "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{32C09AEA-BCAE-4595-0A9E-1DA30A0CA936}" = CCC Help English "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{3880E12E-99E8-0191-B947-498F87E360E1}" = CCC Help Korean "{3C8BD1B0-5E91-573D-A5F5-B80430D30436}" = CCC Help Spanish "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4026AEE5-528D-72E8-9A23-C51C7EBCB124}" = CCC Help Norwegian "{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4B8FD0B6-CFC9-E468-357C-E6EAA83EE2EB}" = CCC Help German "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout "{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400 "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{53A5DF5E-E0B2-64D7-9908-500B590B0C7F}" = CCC Help Polish "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City "{5527CA99-AAEC-45E2-9EB9-CED0BB2FC2BD}" = MorphVOX Pro "{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault(tm) "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{59C45031-B4B1-EAA3-01B3-23FF59A1DDB5}" = CCC Help Thai "{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion "{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City "{6291FC10-FDF0-4022-A1A5-710C728D49C2}" = Vancouver 2010 "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc "{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min "{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone "{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400 "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{73A0F8AC-61F6-4C86-D448-7EB8C066A0F3}" = CCC Help French "{75430901-2556-AAAF-C31A-CB35BEE5DB71}" = CCC Help Hungarian "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{782DADC3-C885-4572-8F6A-675304CA8782}" = ccc-utility "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7B772F48-58A8-48C1-8F93-0AA960767FCA}" = Linkury Smartbar "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159 "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}" = Cradle of Rome "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112270203}" = Dream Day Wedding "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113056167}" = Dream Day Honeymoon "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115443300}" = Cooking Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{8651BEDC-F331-8263-B856-696194F55B9A}" = CCC Help Russian "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8D4F1C64-4E17-9532-E0DC-A08E2A7A7502}" = CCC Help Chinese Traditional "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller "{9BCA07A1-B626-0AFE-9D04-66C5E75AB15A}" = AMD Catalyst Install Manager "{9FD17B01-2356-455D-5397-1BED89DFA07F}" = CCC Help Dutch "{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support "{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE "{A1CE4680-F9EA-400D-BE71-70995522BD82}_is1" = Voodoo Skript 1.6.9 "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5 "{BB87040F-C72D-69D8-356B-F7ABE8FD792E}" = CCC Help Portuguese "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C4625A3D-F9A3-D5F4-F60F-2BB24DCC1C01}" = Catalyst Control Center "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects "{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext "{C9CF43F4-CFFA-629E-C2EF-D5F330D593F4}" = Catalyst Control Center InstallProxy "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.74.216 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM) "{DFDDBC6C-54F0-A526-40C5-E3DC41BD4098}" = CCC Help Italian "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E19490CD-5380-4F37-B0A7-624D635605DC}" = Catalyst Control Center - Branding "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{F06119B1-23C6-8EB7-D8B9-1EDBAC8B254A}" = Catalyst Control Center Localization All "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help "{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner "{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3 "Acer Screensaver" = Acer ScreenSaver "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AV Voice Changer Software DIAMOND 7.0" = AV Voice Changer Software DIAMOND 7.0 "Avidemux 2.5" = Avidemux 2.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Call of Duty" = Call of Duty "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "conduitEngine" = Conduit Engine "DAEMON Tools Lite" = DAEMON Tools Lite "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "ENTERPRISER" = Microsoft Office Enterprise 2007 "ESET Online Scanner" = ESET Online Scanner v3 "FormatFactory" = FormatFactory 2.30 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324 "Google Chrome" = Google Chrome "Google Desktop" = Google Desktop "GridVista" = Acer GridVista "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 2.5 "HP Print Projects" = HP Print Projects 1.0 "HP Smart Web Printing" = HP Smart Web Printing 4.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 10.0 "ICQToolbar" = ICQ Toolbar "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "kikin Plugin (NO23 Edition)" = kikin Plugin (NO23 Edition) 1.11 "LManager" = Launch Manager "MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 6.0.19.0 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "McAfee Security Scan" = McAfee Security Scan Plus "Messenger Plus! Live" = Messenger Plus! Live "Messenger_Plus_Live_Germany Toolbar" = Messenger_Plus_Live_Germany Toolbar "MessengerPlusLive_Germany_TB Toolbar" = MessengerPlusLive Germany TB Toolbar "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "PokerStars" = PokerStars "QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0 "Shop for HP Supplies" = Shop for HP Supplies "SopCast" = SopCast 3.2.4 "Steam App 10180" = Call of Duty: Modern Warfare 2 "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer "Steam App 240" = Counter-Strike: Source "Steam App 260" = Counter-Strike: Source Beta "Steam App 30" = Day of Defeat "Steam App 42680" = Call of Duty: Modern Warfare 3 "Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer "Steam App 42700" = Call of Duty: Black Ops "Steam App 42710" = Call of Duty: Black Ops - Multiplayer "Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server "Steam App 550" = Left 4 Dead 2 "SynTPDeinstKey" = Synaptics Pointing Device Driver "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "Uninstall_is1" = Uninstall 1.0.0.1 "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "TeamSpeak 3 Client" = TeamSpeak 3 Client ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12.08.2011 13:58:56 | Computer Name = MeinPC | Source = WinMgmt | ID = 10 Description = Error - 13.08.2011 06:34:57 | Computer Name = MeinPC | Source = WinMgmt | ID = 10 Description = Error - 13.08.2011 12:53:13 | Computer Name = MeinPC | Source = WinMgmt | ID = 10 Description = Error - 13.08.2011 15:20:23 | Computer Name = MeinPC | Source = WinMgmt | ID = 10 Description = Error - 16.08.2011 12:54:56 | Computer Name = MeinPC | Source = WinMgmt | ID = 10 Description = Error - 17.08.2011 16:25:23 | Computer Name = MeinPC | Source = Application Hang | ID = 1002 Description = Programm iTunes.exe, Version 10.2.2.14 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 470 Anfangszeit: 01cc5c43f2380427 Zeitpunkt der Beendigung: 80 Error - 19.08.2011 06:40:18 | Computer Name = MeinPC | Source = WinMgmt | ID = 10 Description = Error - 19.08.2011 17:18:34 | Computer Name = MeinPC | Source = WinMgmt | ID = 10 Description = Error - 20.08.2011 12:49:17 | Computer Name = MeinPC | Source = WinMgmt | ID = 10 Description = Error - 20.08.2011 13:15:22 | Computer Name = MeinPC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 24.12.2011 06:18:25 | Computer Name = MeinPC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.2.5 für die Netzwerkkarte mit der Netzwerkadresse 00265E49CE16 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 24.12.2011 23:32:33 | Computer Name = MeinPC | Source = HTTP | ID = 15016 Description = Error - 24.12.2011 23:34:09 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7000 Description = Error - 25.12.2011 06:28:06 | Computer Name = MeinPC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 25.12.2011 um 04:49:25 unerwartet heruntergefahren. Error - 25.12.2011 06:28:09 | Computer Name = MeinPC | Source = HTTP | ID = 15016 Description = Error - 25.12.2011 06:28:13 | Computer Name = MeinPC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.2.5 für die Netzwerkkarte mit der Netzwerkadresse 00265E49CE16 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 25.12.2011 06:29:46 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7000 Description = Error - 25.12.2011 12:17:15 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7011 Description = Error - 26.12.2011 07:24:45 | Computer Name = MeinPC | Source = bowser | ID = 8003 Description = Error - 26.12.2011 08:36:22 | Computer Name = MeinPC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 26.12.2011 um 12:53:13 unerwartet heruntergefahren. < End of report > |
24.06.2012, 18:17 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | - Rookit und Sirefef -Malwarebytes Das ist nur das Extras-Log ich brauche aber primär die OTL.txt
__________________ Logfiles bitte immer in CODE-Tags posten |
24.06.2012, 18:22 | #13 | |
| - Rookit und Sirefef -Malwarebytes Entschuldige! Wer lesen kann, ist klar im Vorteil! Zitat:
Code:
ATTFilter OTL logfile created on: 24.06.2012 18:09:01 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Marcel Klahn\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 62,18% Memory free 6,21 Gb Paging File | 4,84 Gb Available in Paging File | 77,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,99 Gb Total Space | 108,53 Gb Free Space | 23,80% Space Free | Partition Type: NTFS Computer Name: MEINPC | User Name: Marcel Klahn | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.24 18:06:27 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel Klahn\Desktop\OTL.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.02.15 05:13:20 | 000,405,504 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2012.02.15 05:12:48 | 000,163,328 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.09.04 20:46:32 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\MARCEL~1\AppData\Local\Temp\RtkBtMnt.exe PRC - [2009.07.26 05:46:25 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.25 21:09:24 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009.06.25 03:47:04 | 001,069,576 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe PRC - [2009.06.23 17:19:14 | 000,711,200 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe PRC - [2009.06.23 17:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe PRC - [2009.06.23 17:19:12 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe PRC - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2009.05.14 23:03:18 | 000,345,384 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2009.05.13 19:39:42 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009.04.11 19:32:06 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.01.21 01:41:24 | 000,202,024 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe PRC - [2009.01.21 01:41:18 | 000,156,968 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2008.12.26 17:30:58 | 000,173,288 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2008.12.18 14:51:34 | 000,075,048 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ========== Modules (No Company Name) ========== MOD - [2012.02.15 04:11:36 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll MOD - [2012.02.14 23:13:24 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2011.11.09 10:55:02 | 000,016,384 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.01.27 21:16:20 | 000,239,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\93e9637d1e5c69baa89c5a47dc44153f\WindowsFormsIntegration.ni.dll MOD - [2011.01.27 20:51:37 | 011,791,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll MOD - [2011.01.27 08:33:31 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3736ba3ecac186f9c5d85f01bda2be98\System.Runtime.Remoting.ni.dll MOD - [2010.07.23 00:41:29 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll MOD - [2010.05.04 22:45:15 | 002,294,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\6c69930d05c557da70144bcc0add7065\System.Core.ni.dll MOD - [2010.05.04 22:45:10 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9ad65537fa3d6b3c9c01a98586acfa28\PresentationFramework.Aero.ni.dll MOD - [2010.05.04 22:45:09 | 014,320,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2606f840d6783c9c2307965650735ada\PresentationFramework.ni.dll MOD - [2010.05.04 22:44:49 | 012,428,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll MOD - [2010.05.04 22:44:40 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll MOD - [2010.05.04 22:44:34 | 005,449,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll MOD - [2010.05.04 22:44:29 | 000,970,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll MOD - [2010.05.04 22:44:25 | 012,213,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9895974a8ff48335614f44603ff16a9d\PresentationCore.ni.dll MOD - [2010.05.04 22:44:11 | 003,311,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\400510870f710fd409ee7fc71b4a69aa\WindowsBase.ni.dll MOD - [2010.05.04 22:44:07 | 007,867,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll MOD - [2010.05.04 22:43:39 | 011,485,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2009.07.25 21:09:24 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2009.03.12 12:46:55 | 000,430,080 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.03.12 12:46:54 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.03.12 12:46:49 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.03.12 12:46:37 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2009.02.02 17:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2009.01.21 01:41:26 | 000,872,448 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll MOD - [2009.01.21 01:41:22 | 000,007,680 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll MOD - [2003.06.07 23:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll ========== Win32 Services (SafeList) ========== SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.03.21 22:21:17 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.02.15 05:12:48 | 000,163,328 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.06.23 17:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.01.16 20:53:30 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService) SRV - [2008.12.18 14:51:34 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.02.15 05:47:12 | 009,182,208 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2012.02.15 05:47:12 | 009,182,208 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2012.02.15 04:12:48 | 000,264,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2011.12.05 21:46:56 | 000,083,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService) DRV - [2011.11.17 21:14:36 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2009.12.09 15:51:48 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.11.26 01:06:34 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.01.16 20:53:32 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio) DRV - [2008.12.30 00:57:56 | 000,952,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.12.26 13:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM) DRV - [2008.12.04 18:34:34 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV - [2008.12.04 18:34:34 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV - [2008.12.04 18:34:34 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2008.11.12 04:29:42 | 000,154,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2008.09.04 06:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM) DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5738 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5738 IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5738 IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.linkury.com IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC&o=15000&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=PV&apn_dtid=&apn_uid=28A6E7D8-4CE1-44DA-8732-4624D117B7AD&apn_sauid=FD0D6661-8E96-4704-8BB3-384684DCF121 IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=w7cD6BnnfuVHOjUz6-hH5q7wNTA?q={searchTerms} IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=www-proxy.google.de:3128;http=www-proxy.google.de:3128 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Marcel Klahn\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.11.18 19:11:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.22 13:42:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.22 22:43:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.11.18 19:11:50 | 000,000,000 | ---D | M] [2012.06.22 13:42:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcel Klahn\AppData\Roaming\mozilla\Extensions [2012.06.23 13:46:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcel Klahn\AppData\Roaming\mozilla\Firefox\Profiles\balegvbu.default\extensions [2012.06.22 13:42:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.01.18 22:09:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.06.20 13:35:15 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de [2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Linkury Smartbar Search (Enabled) CHR - default_search_provider: search_url = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:5731629158&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Marcel Klahn\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Shockwave Flash = C:\Users\Marcel Klahn\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1010111618\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\Toolbar\WebBrowser: (Messenger Plus Live Germany Toolbar) - {542E4D79-1970-4E95-9862-FDB96F61B280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\Toolbar\WebBrowser: (MessengerPlusLive Germany TB Toolbar) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000..\Run: [Facebook Update] C:\Users\Marcel Klahn\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000..\Run: [Linkury Chrome Smartbar] C:\Program Files\Linkury\Linkury.exe startup File not found O4 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marcel Klahn\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BF6FFA2-68FE-46EF-86A5-EACA2BD2376E}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C50B5E64-FEB9-43A5-8D7F-A5168348F856}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Marcel Klahn\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Marcel Klahn\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{16bdb6e5-f5f2-11de-af79-001f16b62207}\Shell - "" = AutoRun O33 - MountPoints2\{16bdb6e5-f5f2-11de-af79-001f16b62207}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{977c12ef-ff54-11de-bcad-001f16b62207}\Shell - "" = AutoRun O33 - MountPoints2\{977c12ef-ff54-11de-bcad-001f16b62207}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error. ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.24 18:06:24 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Marcel Klahn\Desktop\OTL.exe [2012.06.22 14:11:06 | 000,000,000 | ---D | C] -- C:\Users\Marcel Klahn\AppData\Roaming\Malwarebytes [2012.06.22 13:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.06.22 13:40:07 | 000,000,000 | ---D | C] -- C:\Users\Marcel Klahn\AppData\Roaming\Mozilla [2012.06.21 23:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.06.06 13:18:41 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars [2012.06.06 13:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla ========== Files - Modified Within 30 Days ========== [2012.06.24 18:08:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.24 18:06:27 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel Klahn\Desktop\OTL.exe [2012.06.24 17:34:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.24 17:34:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.24 17:17:02 | 000,013,472 | ---- | M] () -- C:\Users\Marcel Klahn\Desktop\104598.jpg [2012.06.24 16:19:01 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-499933100-2867506379-2947858537-1000UA.job [2012.06.24 13:08:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.24 12:42:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.23 16:59:52 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.23 16:59:51 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.23 16:59:51 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.23 16:59:51 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.23 16:53:47 | 3215,810,560 | -HS- | M] () -- C:\hiberfil.sys [2012.06.22 14:06:59 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.22 13:42:17 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.06.22 13:24:41 | 000,000,104 | ---- | M] () -- C:\Users\Marcel Klahn\Desktop\Internet - Verknüpfung.lnk [2012.06.22 13:22:20 | 000,007,836 | ---- | M] () -- C:\Users\Marcel Klahn\AppData\Local\d3d9caps.dat ========== Files Created - No Company Name ========== [2012.06.24 17:17:01 | 000,013,472 | ---- | C] () -- C:\Users\Marcel Klahn\Desktop\104598.jpg [2012.06.22 14:06:59 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.22 13:42:17 | 000,000,822 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.06.22 13:42:17 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.06.22 13:24:41 | 000,000,104 | ---- | C] () -- C:\Users\Marcel Klahn\Desktop\Internet - Verknüpfung.lnk [2012.03.21 13:20:14 | 000,000,745 | ---- | C] () -- C:\Windows\CoD.INI [2012.02.14 23:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll [2012.01.10 23:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.03.22 02:29:15 | 000,022,836 | ---- | C] () -- C:\Users\Marcel Klahn\AppData\Roaming\3A92.424 [2010.11.18 18:55:02 | 000,181,716 | ---- | C] () -- C:\Windows\hpoins44.dat [2010.11.14 23:47:53 | 000,000,026 | ---- | C] () -- C:\Windows\NeoSetup.INI [2010.09.29 03:13:06 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2010.03.19 00:33:59 | 000,000,716 | ---- | C] () -- C:\Users\Marcel Klahn\AppData\Roaming\wklnhst.dat [2009.12.06 23:54:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.11.19 23:18:13 | 000,001,478 | ---- | C] () -- C:\Users\Marcel Klahn\AppData\Local\RecConfig.xml [2009.10.06 21:08:17 | 000,040,448 | ---- | C] () -- C:\Users\Marcel Klahn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.09.07 07:35:17 | 000,007,836 | ---- | C] () -- C:\Users\Marcel Klahn\AppData\Local\d3d9caps.dat [2008.01.21 04:25:01 | 000,002,048 | -HS- | C] () -- C:\Users\Marcel Klahn\AppData\Local\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\@ ========== LOP Check ========== [2009.07.25 21:24:09 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console [2009.07.25 21:24:09 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console [2010.03.03 12:01:07 | 000,000,000 | -HSD | M] -- C:\Users\Marcel Klahn\AppData\Roaming\.# [2009.07.25 21:24:09 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Acer GameZone Console [2010.06.19 17:58:00 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\avidemux [2010.01.04 15:54:28 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Avnex [2011.11.17 21:18:07 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\DAEMON Tools Lite [2011.04.25 19:25:38 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\DVDVideoSoftIEHelpers [2009.09.04 14:04:08 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\eSobi [2010.10.04 06:35:36 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Fuamy [2012.06.06 14:03:45 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\ICQ [2010.10.05 18:53:16 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Itixzu [2010.12.26 13:17:03 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\kikin [2011.11.17 21:16:50 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\OpenCandy [2009.12.08 15:24:19 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\PlayFirst [2012.04.05 22:37:30 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\PowerCinema [2010.07.10 17:20:01 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Qiupk [2010.06.21 13:58:13 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\QuickStoresToolbar [2010.01.04 16:00:53 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Screaming Bee [2012.04.05 22:34:45 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\SoftDMA [2011.03.24 16:52:59 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\TeamViewer [2010.03.19 00:34:02 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Template [2012.06.22 22:43:09 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\TS3Client [2010.07.09 12:06:10 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Uhdovy [2012.03.21 23:19:03 | 000,000,934 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-499933100-2867506379-2947858537-1000Core.job [2012.06.24 16:19:01 | 000,000,956 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-499933100-2867506379-2947858537-1000UA.job [2012.06.23 14:05:14 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.03.03 12:01:07 | 000,000,000 | -HSD | M] -- C:\Users\Marcel Klahn\AppData\Roaming\.# [2009.07.25 21:24:09 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Acer GameZone Console [2009.09.22 14:58:36 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Adobe [2009.11.04 15:20:20 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Apple Computer [2009.09.04 20:46:35 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\ATI [2010.06.19 17:58:00 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\avidemux [2010.01.04 15:54:28 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Avnex [2012.04.05 22:34:44 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\CyberLink [2011.11.17 21:18:07 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\DAEMON Tools Lite [2009.10.06 21:08:07 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\DivX [2011.04.25 19:25:38 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\DVDVideoSoftIEHelpers [2009.09.04 14:04:08 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\eSobi [2010.10.04 06:35:36 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Fuamy [2009.09.04 13:53:59 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Google [2010.11.18 19:23:38 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\HP [2012.06.06 14:03:45 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\ICQ [2009.09.04 20:45:24 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Identities [2010.10.05 18:53:16 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Itixzu [2010.12.26 13:17:03 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\kikin [2009.09.04 20:46:05 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Macromedia [2012.06.22 14:11:06 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Media Center Programs [2011.11.17 20:55:01 | 000,000,000 | --SD | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Microsoft [2012.06.22 13:42:20 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Mozilla [2011.11.17 21:16:50 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\OpenCandy [2009.12.08 15:24:19 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\PlayFirst [2012.04.05 22:37:30 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\PowerCinema [2010.07.10 17:20:01 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Qiupk [2010.06.21 13:58:13 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\QuickStoresToolbar [2010.01.04 16:00:53 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Screaming Bee [2010.05.04 14:39:57 | 000,000,000 | RH-D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\SecuROM [2010.10.02 19:39:05 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Skype [2010.10.02 19:32:16 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\skypePM [2012.04.05 22:34:45 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\SoftDMA [2012.03.20 21:14:55 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\teamspeak2 [2011.03.24 16:52:59 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\TeamViewer [2010.03.19 00:34:02 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Template [2012.06.22 22:43:09 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\TS3Client [2010.01.14 00:23:05 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\U3 [2010.07.09 12:06:10 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Uhdovy [2009.09.06 22:39:17 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.11.09 20:44:46 | 000,752,688 | ---- | M] () -- C:\Users\Marcel Klahn\AppData\Roaming\kikin\kikin_updater_2.4.15.exe [2010.12.26 13:17:13 | 000,228,657 | ---- | M] () -- C:\Users\Marcel Klahn\AppData\Roaming\kikin\kikin_updater_2.9.1.exe [2011.07.28 21:23:27 | 003,085,984 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Marcel Klahn\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe [2010.01.04 15:59:13 | 000,104,470 | R--- | M] () -- C:\Users\Marcel Klahn\AppData\Roaming\Microsoft\Installer\{5527CA99-AAEC-45E2-9EB9-CED0BB2FC2BD}\_6FEFF9B68218417F98F549.exe [2010.01.04 15:59:13 | 000,104,470 | R--- | M] () -- C:\Users\Marcel Klahn\AppData\Roaming\Microsoft\Installer\{5527CA99-AAEC-45E2-9EB9-CED0BB2FC2BD}\_BEBCCB425837855F193AE7.exe [2010.01.04 15:59:13 | 000,104,470 | R--- | M] () -- C:\Users\Marcel Klahn\AppData\Roaming\Microsoft\Installer\{5527CA99-AAEC-45E2-9EB9-CED0BB2FC2BD}\_F45B3AB76C8CE6133754A5.exe [2011.11.17 21:17:02 | 005,750,064 | ---- | M] () -- C:\Users\Marcel Klahn\AppData\Roaming\OpenCandy\CCD98C77DC1F4EC4AC65BD71C2D04232\LinkuryInstaller_p1v6.exe [2010.06.20 13:35:13 | 000,704,248 | ---- | M] () -- C:\Users\Marcel Klahn\AppData\Roaming\QuickStoresToolbar\unins000.exe [2010.03.03 15:00:50 | 000,045,304 | ---- | M] (Andreas Breitschopp - Softwareentwicklung und -vertrieb) -- C:\Users\Marcel Klahn\AppData\Roaming\QuickStoresToolbar\Update.exe [2007.10.23 10:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Marcel Klahn\AppData\Roaming\U3\087723163E535EA3\cleanup.exe [2008.05.02 11:41:48 | 003,493,888 | ---- | M] (SanDisk Corporation) -- C:\Users\Marcel Klahn\AppData\Roaming\U3\087723163E535EA3\Launchpad Removal.exe [2008.05.04 17:02:26 | 004,603,904 | ---- | M] () -- C:\Users\Marcel Klahn\AppData\Roaming\U3\087723163E535EA3\LaunchPad.exe [2007.10.23 10:44:48 | 000,054,584 | ---- | M] () -- C:\Users\Marcel Klahn\AppData\Roaming\U3\087723163E535EA3\U3AccessGrant.exe [2008.05.02 11:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\Marcel Klahn\AppData\Roaming\U3\temp\Launchpad Removal.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTOR.SYS > [2009.02.12 18:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Acer\Preload\Autorun\DRV\AHCI\X64\IaStor.sys [2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Acer\Preload\Autorun\DRV\AHCI\X86\IaStor.sys [2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys [2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys [2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_c491546e\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2012.02.15 05:13:56 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:B203B914 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:DCAF903C @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CDFF58FE @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3064D21D @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:798A3728 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:B623B5B8 @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:CE0A077E @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:9E22BBE8 @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:BB24555F < End of report > |
25.06.2012, 10:35 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | - Rookit und Sirefef -Malwarebytes Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5738 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5738 IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5738 IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data] IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.linkury.com IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=SPC&o=15000&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=PV&apn_dtid=&apn_uid=28A6E7D8-4CE1-44DA-8732-4624D117B7AD&apn_sauid=FD0D6661-8E96-4704-8BB3-384684DCF121 IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=w7cD6BnnfuVHOjUz6-hH5q7wNTA?q={searchTerms} IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=www-proxy.google.de:3128;http=www-proxy.google.de:3128 [2010.01.18 22:09:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.06.20 13:35:15 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de CHR - default_search_provider: Linkury Smartbar Search (Enabled) CHR - default_search_provider: search_url = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:5731629158&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1010111618\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\Toolbar\WebBrowser: (Messenger Plus Live Germany Toolbar) - {542E4D79-1970-4E95-9862-FDB96F61B280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\Toolbar\WebBrowser: (MessengerPlusLive Germany TB Toolbar) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000..\Run: [Linkury Chrome Smartbar] C:\Program Files\Linkury\Linkury.exe startup File not found O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{16bdb6e5-f5f2-11de-af79-001f16b62207}\Shell - "" = AutoRun O33 - MountPoints2\{16bdb6e5-f5f2-11de-af79-001f16b62207}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{977c12ef-ff54-11de-bcad-001f16b62207}\Shell - "" = AutoRun O33 - MountPoints2\{977c12ef-ff54-11de-bcad-001f16b62207}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a [2011.03.22 02:29:15 | 000,022,836 | ---- | C] () -- C:\Users\Marcel Klahn\AppData\Roaming\3A92.424 [2010.03.03 12:01:07 | 000,000,000 | -HSD | M] -- C:\Users\Marcel Klahn\AppData\Roaming\.# [2010.12.26 13:17:03 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\kikin [2010.10.05 18:53:16 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Itixzu [2010.07.09 12:06:10 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Uhdovy [2010.10.04 06:35:36 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Fuamy [2010.07.10 17:20:01 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Qiupk @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:B203B914 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:DCAF903C @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CDFF58FE @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3064D21D @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:798A3728 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:B623B5B8 @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:CE0A077E @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:9E22BBE8 @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:BB24555F :Files C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache :Commands [purity] [emptytemp] [emptyflash] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
25.06.2012, 15:32 | #15 |
| - Rookit und Sirefef -Malwarebytes Hat geklappt, PC hat sich neugestartet OGL-Fix: Code:
ATTFilter All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{542e4d79-1970-4e95-9862-fdb96f61b280} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{542e4d79-1970-4e95-9862-fdb96f61b280}\ deleted successfully. C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{76aeea42-e04a-4b62-83ab-df4b2be2541e} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76aeea42-e04a-4b62-83ab-df4b2be2541e}\ deleted successfully. C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully. C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll moved successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully! HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully! HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully! HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully! HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully! HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully! HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found. Registry key HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found. Registry key HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found. Registry key HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found. HKU\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de\chrome folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de folder moved successfully. Unable to fix default_search_provider items. Unable to fix default_search_provider items. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully. C:\Program Files\ConduitEngine\prxConduitEngine.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{542e4d79-1970-4e95-9862-fdb96f61b280}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{542e4d79-1970-4e95-9862-fdb96f61b280}\ not found. File C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76aeea42-e04a-4b62-83ab-df4b2be2541e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76aeea42-e04a-4b62-83ab-df4b2be2541e}\ not found. File C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found. File C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully. C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E601996F-E400-41CA-804B-CD6373A7EEE2}\ deleted successfully. C:\Program Files\kikin\ie_kikin.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{542e4d79-1970-4e95-9862-fdb96f61b280} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{542e4d79-1970-4e95-9862-fdb96f61b280}\ not found. File C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{76aeea42-e04a-4b62-83ab-df4b2be2541e} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76aeea42-e04a-4b62-83ab-df4b2be2541e}\ not found. File C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully. C:\Program Files\ICQ6Toolbar\1010111618\ICQToolBar.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found. File C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{542E4D79-1970-4E95-9862-FDB96F61B280} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{542E4D79-1970-4E95-9862-FDB96F61B280}\ not found. File C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll not found. Registry value HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76AEEA42-E04A-4B62-83AB-DF4B2BE2541E}\ not found. File C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll not found. Registry value HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found. File C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll not found. Registry value HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Linkury Chrome Smartbar deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65}\ not found. File C:\Program Files\kikin\ie_kikin.dll not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16bdb6e5-f5f2-11de-af79-001f16b62207}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16bdb6e5-f5f2-11de-af79-001f16b62207}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16bdb6e5-f5f2-11de-af79-001f16b62207}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16bdb6e5-f5f2-11de-af79-001f16b62207}\ not found. File E:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{977c12ef-ff54-11de-bcad-001f16b62207}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{977c12ef-ff54-11de-bcad-001f16b62207}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{977c12ef-ff54-11de-bcad-001f16b62207}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{977c12ef-ff54-11de-bcad-001f16b62207}\ not found. File F:\LaunchU3.exe -a not found. C:\Users\Marcel Klahn\AppData\Roaming\3A92.424 moved successfully. C:\Users\Marcel Klahn\AppData\Roaming\.# folder moved successfully. C:\Users\Marcel Klahn\AppData\Roaming\kikin folder moved successfully. C:\Users\Marcel Klahn\AppData\Roaming\Itixzu folder moved successfully. C:\Users\Marcel Klahn\AppData\Roaming\Uhdovy folder moved successfully. C:\Users\Marcel Klahn\AppData\Roaming\Fuamy folder moved successfully. C:\Users\Marcel Klahn\AppData\Roaming\Qiupk folder moved successfully. ADS C:\ProgramData\Temp:B203B914 deleted successfully. ADS C:\ProgramData\Temp:DCAF903C deleted successfully. ADS C:\ProgramData\Temp:CDFF58FE deleted successfully. ADS C:\ProgramData\Temp:3064D21D deleted successfully. ADS C:\ProgramData\Temp:798A3728 deleted successfully. ADS C:\ProgramData\Temp:B623B5B8 deleted successfully. ADS C:\ProgramData\Temp:CE0A077E deleted successfully. ADS C:\ProgramData\Temp:9E22BBE8 deleted successfully. ADS C:\ProgramData\Temp:BB24555F deleted successfully. ========== FILES ========== C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\6baea4fe-37166f99-n folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\1a209876-5aa34940-n folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\5535ab32-339a3541-n folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\f84c6ae-43f11994-n folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\759e98ee-11ccc2f1-n folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\4f710eed-7b0aebee-n folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\14e5d595-24e5ba32-n folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\6d0ad391-639b839c-n folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully. C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 75 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Marcel Klahn ->Temp folder emptied: 2958623579 bytes ->Temporary Internet Files folder emptied: 166080469 bytes ->FireFox cache emptied: 2306488915 bytes ->Google Chrome cache emptied: 6364879 bytes ->Flash cache emptied: 3834252 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1140553856 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 6.277,00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Marcel Klahn ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.53.0 log created on 06252012_161719 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... |
Themen zu - Rookit und Sirefef -Malwarebytes |
80000000.@, 800000cb.@, administrator, anti-malware, antivir, appdata, autostart, code, dateien, dateisystem, ebanking, explorer, firefox, folge, frage, gelöscht, google, heuristiks/extra, heuristiks/shuriken, hotmail, mail, problem, rootkit, scan, seite, seiten, software, trojaner, virus, vista, wichtig |