GVU-Trojaner, Live-Security-Platinum und bestimmt noch einiges mehr... :(

jogi1988 · 30.07.2012, 16:29

Moin,

ich reihe mich jetzt auch ein, bei den gvu-geschädigten.
ich habe diesen virus wohl schon etwas länger auf dem rechner, habe ihn aber immer gekonnt ignoriert.

betriebssystem: windows 7 bei 64-bit

habe, wie der threadname ja schon verrät, mind. eine variante des gvu-trojaners auf dem rechner (habe 3 verschiedene darstellungsvarianten auf meinem computer gesehen), das problem mit "live security platinum" und mit sicherheit noch den ein oder anderen weiteren schädling.

malwarebtes hab ich mir bereits runtergeladen und habe einen scan durchgeführt. 20+ funde... nunja...

habe mich auch schon etwas über die misere informiert, bin allerdings nicht richtig draus schlau geworden. liegt wohl an der fachsprache^^

nunja, ich würde mich jetzt gerne mit eurer hilfe an die entfernung machen.

danke schonmal im voraus!

lg, jogi

markusg · 30.07.2012, 17:33

hi
wo ist das Malwarebytes log, wie sollen wir etwas analysieren, was uns nicht vor liegt?
:-)
öffne malwarebytes, berichte, dort ists zu finden.
wenn das bereits möglich ist, folgenes ausführen:
für eine weitere analyse benötige ich mal folgendes.
c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache
dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte
Trojaner-Board Upload Channel

jogi1988 · 30.07.2012, 18:03

OTL:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 30.07.2012 18:17:21 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Dr. Schlecht\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,84 Gb Available Physical Memory | 70,98% Memory free
7,99 Gb Paging File | 6,68 Gb Available in Paging File | 83,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,30 Gb Total Space | 175,02 Gb Free Space | 61,35% Space Free | Partition Type: NTFS
 
Computer Name: DRSCHLECHT-PC | User Name: Dr. Schlecht | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.30 18:07:14 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Dr. Schlecht\Desktop\OTL.exe
PRC - [2012.06.19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.05.08 09:24:44 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.06 12:17:56 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
PRC - [2011.07.04 14:52:13 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.08 00:49:41 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.09 16:10:50 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.06.04 08:51:14 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010.03.28 16:47:30 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.11.02 01:40:52 | 001,100,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009.10.06 14:18:26 | 000,419,112 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009.10.05 19:15:10 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009.09.25 00:42:32 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009.09.25 00:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009.09.11 07:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009.08.04 23:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.06.05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.30 16:27:56 | 000,278,440 | ---- | M] () -- C:\Users\DR28DB~1.SCH\AppData\Local\Temp\deo0_sar.exe
MOD - [2010.08.10 00:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010.06.04 08:51:14 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009.02.03 02:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.06.19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.06.17 11:31:48 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.07.04 14:52:13 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.08 00:49:41 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.28 16:47:30 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.09.30 14:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.09.25 00:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.09.11 07:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.10 23:15:04 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.07.04 14:52:14 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.04 14:52:14 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.05 19:42:34 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.09.21 21:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.18 06:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.08.21 23:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.07.21 07:13:12 | 000,006,656 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidshim.sys -- (hidshim)
DRV:64bit: - [2009.07.21 07:13:10 | 000,025,088 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuvotonhidgeneric.sys -- (nuvotonhidgeneric)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 13:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009.06.10 23:15:04 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2009.06.10 23:15:04 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.06.05 02:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.06.03 05:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 05:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 05:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.06 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009.02.13 08:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009.02.13 08:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009.02.13 08:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8735&r=27360810n806l0408z1k5t4651y149
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8735&r=27360810n806l0408z1k5t4651y149
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8735&r=27360810n806l0408z1k5t4651y149
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8735&r=27360810n806l0408z1k5t4651y149
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8735&r=27360810n806l0408z1k5t4651y149
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=110819&tt=060612_8_&babsrc=HP_ss&mntrId=d0f16059000000000000000000000000
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&tt=060612_8_&babsrc=SP_ss&mntrId=d0f16059000000000000000000000000
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE392
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Elf 1.15 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2866295&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=110819&tt=060612_8_&babsrc=HP_ss&mntrId=d0f16059000000000000000000000000"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.1.0
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.8.0191
FF - prefs.js..extensions.enabledItems: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}:3.6.0.10
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.5.1.00
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.11.0.9874
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=169&systemid=406&sr=0&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 11:31:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.08 11:38:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Dr. Schlecht\AppData\Roaming\13001.022 [2012.07.11 14:45:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 11:31:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.08 11:38:02 | 000,000,000 | ---D | M]
 
[2012.01.30 21:52:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr. Schlecht\AppData\Roaming\mozilla\Extensions
[2012.06.09 10:53:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr. Schlecht\AppData\Roaming\mozilla\Firefox\Profiles\s8f7kfga.default\extensions
[2012.06.08 23:02:04 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Dr. Schlecht\AppData\Roaming\mozilla\Firefox\Profiles\s8f7kfga.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.01.30 21:51:58 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Dr. Schlecht\AppData\Roaming\mozilla\Firefox\Profiles\s8f7kfga.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012.06.08 23:02:07 | 000,000,000 | ---D | M] (Elf 1.15 Community Toolbar) -- C:\Users\Dr. Schlecht\AppData\Roaming\mozilla\Firefox\Profiles\s8f7kfga.default\extensions\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}
[2011.08.18 20:52:29 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Dr. Schlecht\AppData\Roaming\mozilla\Firefox\Profiles\s8f7kfga.default\extensions\DTToolbar@toolbarnet.com
[2010.12.30 18:16:58 | 000,000,919 | ---- | M] () -- C:\Users\Dr. Schlecht\AppData\Roaming\Mozilla\Firefox\Profiles\s8f7kfga.default\searchplugins\conduit.xml
[2010.09.05 19:42:52 | 000,002,059 | ---- | M] () -- C:\Users\Dr. Schlecht\AppData\Roaming\Mozilla\Firefox\Profiles\s8f7kfga.default\searchplugins\daemon-search.xml
[2012.07.04 23:55:55 | 000,000,950 | ---- | M] () -- C:\Users\Dr. Schlecht\AppData\Roaming\Mozilla\Firefox\Profiles\s8f7kfga.default\searchplugins\icqplugin-1.xml
[2011.08.18 16:28:21 | 000,000,950 | ---- | M] () -- C:\Users\Dr. Schlecht\AppData\Roaming\Mozilla\Firefox\Profiles\s8f7kfga.default\searchplugins\icqplugin-10.xml
[2011.09.02 15:10:29 | 000,000,950 | ---- | M] () -- C:\Users\Dr. Schlecht\AppData\Roaming\Mozilla\Firefox\Profiles\s8f7kfga.default\searchplugins\icqplugin-11.xml
[2011.09.08 03:10:03 | 000,000,950 | ---- | M] () -- C:\Users\Dr. Schlecht\AppData\Roaming\Mozilla\Firefox\Profiles\s8f7kfga.default\searchplugins\icqplugin-12.xml
[2011.12.28 22:20:24 | 000,000,950 | ---- | M] () -- C:\Users\Dr. Schlecht\AppData\Roaming\Mozilla\Firefox\Profiles\s8f7kfga.default\searchplugins\icqplugin-13.xml
[2012.01.31 01:15:17 | 000,000,950 | ---- | M] () -- C:\Users\Dr. Schlecht\AppData\Roaming\Mozilla\Firefox\Profiles\s8f7kfga.default\searchplugins\icqplugin-14.xml
[2012.02.20 10:03:49 | 000,000,950 | ---- | M] () -- C:\Users\Dr. Schlecht\AppData\Roaming\Mozilla\Firefox\Profiles\s8f7kfga.default\searchplugins\icqplugin-15.xml
[2012.06.08 11:38:53 | 000,000,950 | ---- | M] () -- C:\Users\Dr. Schlecht\AppData\Roaming\Mozilla\Firefox\Profiles\s8f7kfga.default\searchplugins\icqplugin-16.xml
[2010.11.01 22:19:14 | 000,000,950 | ---- | M] () -- C:\Users\Dr. Schlecht\AppData\Roaming\Mozilla\Firefox\Profiles\s8f7kfga.default\searchplugins\icqplugin-2.xml
[2010.11.01 22:20:42 | 000,000,950 | ---- | M] () -- C:\Users\Dr. Schlecht\AppData\Roaming\Mozilla\Firefox\Profiles\s8f7kfga.default\searchplugins\icqplugin-3.xml
[2010.12.11 18:01:57 | 000,000,950 | ---- | M] () -- C:\Users\Dr. Schlecht\AppData\Roaming\Mozilla\Firefox\Profiles\s8f7kfga.default\searchplugins\icqplugin-4.xml
[2011.01.08 18:23:49 | 000,000,950 | ---- | M] () -- C:\Users\Dr. Schlecht\AppData\Roaming\Mozilla\Firefox\Profiles\s8f7kfga.default\searchplugins\icqplugin-5.xml
[2011.03.06 02:25:24 | 000,000,950 | ---- | M] () -- C:\Users\Dr. Schlecht\AppData\Roaming\Mozilla\Firefox\Profiles\s8f7kfga.default\searchplugins\icqplugin-6.xml
[2011.03.27 18:56:49 | 000,000,950 | ---- | M] () -- C:\Users\Dr. Schlecht\AppData\Roaming\Mozilla\Firefox\Profiles\s8f7kfga.default\searchplugins\icqplugin-7.xml
[2011.04.29 19:20:07 | 000,000,950 | ---- | M] () -- C:\Users\Dr. Schlecht\AppData\Roaming\Mozilla\Firefox\Profiles\s8f7kfga.default\searchplugins\icqplugin-8.xml
[2011.06.24 17:30:53 | 000,000,950 | ---- | M] () -- C:\Users\Dr. Schlecht\AppData\Roaming\Mozilla\Firefox\Profiles\s8f7kfga.default\searchplugins\icqplugin-9.xml
[2010.09.17 08:49:44 | 000,001,056 | ---- | M] () -- C:\Users\Dr. Schlecht\AppData\Roaming\Mozilla\Firefox\Profiles\s8f7kfga.default\searchplugins\icqplugin.xml
[2012.01.30 21:51:52 | 000,002,519 | ---- | M] () -- C:\Users\Dr. Schlecht\AppData\Roaming\Mozilla\Firefox\Profiles\s8f7kfga.default\searchplugins\Search_Results.xml
[2011.04.04 22:01:20 | 000,001,330 | ---- | M] () -- C:\Users\Dr. Schlecht\AppData\Roaming\Mozilla\Firefox\Profiles\s8f7kfga.default\searchplugins\wikipedia-en.xml
[2012.06.08 11:38:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.27 21:21:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.11 14:45:18 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\DR. SCHLECHT\APPDATA\ROAMING\13001.022
[2012.06.17 11:31:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.06.17 11:31:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.08 18:59:41 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.06.17 11:31:46 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.17 11:31:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.17 11:31:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.30 21:51:52 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012.06.17 11:31:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.17 11:31:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\BROWSE~1.DLL (Bandoo Media, inc)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI3C8A~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE (Bandoo Media, inc)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [scuti] C:\Users\Dr. Schlecht\AppData\Roaming\scuti.dll (Crytek)
O4 - Startup: C:\Users\Dr. Schlecht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2158599A-FF92-47F4-B7F3-A3617E6BEF72}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{619273B4-542A-467D-B32D-8F13E3A756FE}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll) - C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll) - C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5c09a89a-b916-11df-a674-00262dabfd7d}\Shell - "" = AutoRun
O33 - MountPoints2\{5c09a89a-b916-11df-a674-00262dabfd7d}\Shell\AutoRun\command - "" = E:\_AUTORUN\AUTORUN.EXE
O33 - MountPoints2\{5c09a89a-b916-11df-a674-00262dabfd7d}\Shell\instDX\command - "" = E:\directX\dxsetup.exe
O33 - MountPoints2\{5c09a89a-b916-11df-a674-00262dabfd7d}\Shell\readme\command - "" = notepad readme.txt
O33 - MountPoints2\{5c09a89c-b916-11df-a674-00262dabfd7d}\Shell - "" = AutoRun
O33 - MountPoints2\{5c09a89c-b916-11df-a674-00262dabfd7d}\Shell\AutoRun\command - "" = F:\_AUTORUN\AUTORUN.EXE
O33 - MountPoints2\{5c09a89c-b916-11df-a674-00262dabfd7d}\Shell\instDX\command - "" = F:\directX\dxsetup.exe
O33 - MountPoints2\{5c09a89c-b916-11df-a674-00262dabfd7d}\Shell\readme\command - "" = notepad readme.txt
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.30 18:07:12 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Dr. Schlecht\Desktop\OTL.exe
[2012.07.29 15:52:24 | 000,142,848 | ---- | C] (Crytek) -- C:\Users\Dr. Schlecht\AppData\Roaming\scuti.dll
[2012.07.27 23:22:21 | 000,000,000 | ---D | C] -- C:\Users\Dr. Schlecht\AppData\Roaming\Leyf
[2012.07.27 16:21:43 | 000,000,000 | ---D | C] -- C:\Users\Dr. Schlecht\AppData\Local\ElevatedDiagnostics
[2012.07.26 13:56:50 | 000,000,000 | ---D | C] -- C:\Users\Dr. Schlecht\AppData\Roaming\Malwarebytes
[2012.07.26 13:49:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.26 13:49:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.26 13:49:41 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.26 13:49:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.26 13:04:43 | 000,000,000 | ---D | C] -- C:\ProgramData\tzbhrierjtmlgkd
[2012.07.12 13:33:35 | 000,000,000 | ---D | C] -- C:\Users\Dr. Schlecht\AppData\Roaming\xq3nfswvxyaewqxqpgigisvfldgfhwtm
[2012.07.12 11:29:07 | 000,000,000 | ---D | C] -- C:\Users\Dr. Schlecht\AppData\Roaming\xrswpvtwcffzjoincqtjdqrmr2tv3biq
[2012.07.11 16:38:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.07.11 14:45:18 | 000,000,000 | ---D | C] -- C:\Users\Dr. Schlecht\AppData\Roaming\13001.022
[2012.07.10 15:24:06 | 000,000,000 | ---D | C] -- C:\Users\Dr. Schlecht\AppData\Roaming\13001.021
[2012.07.09 14:21:07 | 000,000,000 | ---D | C] -- C:\Users\Dr. Schlecht\AppData\Roaming\UAs
[2012.07.09 13:07:41 | 000,000,000 | ---D | C] -- C:\Users\Dr. Schlecht\AppData\Roaming\13001.020
[2012.07.08 14:13:18 | 000,000,000 | ---D | C] -- C:\Users\Dr. Schlecht\AppData\Roaming\13001.019
[2012.07.07 17:26:18 | 000,000,000 | ---D | C] -- C:\Users\Dr. Schlecht\AppData\Roaming\13001.018
[2012.07.06 16:17:28 | 000,000,000 | ---D | C] -- C:\Users\Dr. Schlecht\AppData\Roaming\13001.017
[2012.07.06 05:10:01 | 000,000,000 | ---D | C] -- C:\Users\Dr. Schlecht\AppData\Roaming\13001.016
[2012.07.06 05:09:37 | 000,000,000 | ---D | C] -- C:\Users\Dr. Schlecht\AppData\Roaming\xmldm
[2012.07.06 05:09:36 | 000,000,000 | ---D | C] -- C:\Users\Dr. Schlecht\AppData\Roaming\kock
[2012.07.05 23:26:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.07.05 23:26:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.07.05 13:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012.07.05 13:41:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012.07.03 17:52:43 | 000,000,000 | ---D | C] -- C:\Users\Dr. Schlecht\AppData\Roaming\Help
[2012.07.03 17:48:30 | 000,000,000 | ---D | C] -- C:\Users\Dr. Schlecht\AppData\Roaming\TeamViewer
[2012.07.03 17:48:30 | 000,000,000 | ---D | C] -- C:\Users\Dr. Schlecht\AppData\Roaming\Opera
[2012.07.03 14:08:31 | 000,000,000 | ---D | C] -- C:\Users\Dr. Schlecht\AppData\Roaming\Avira
[2012.07.02 17:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows
[2009.10.29 07:58:47 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[1 C:\Users\Dr. Schlecht\AppData\Roaming\*.tmp files -> C:\Users\Dr. Schlecht\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.30 18:26:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.30 18:20:18 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.30 18:20:18 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.30 18:13:08 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.30 18:12:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.30 18:12:48 | 3217,235,968 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.30 18:11:44 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[2012.07.30 18:07:14 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Dr. Schlecht\Desktop\OTL.exe
[2012.07.30 17:57:29 | 000,000,020 | ---- | M] () -- C:\Users\Dr. Schlecht\defogger_reenable
[2012.07.30 16:27:57 | 000,001,899 | ---- | M] () -- C:\Users\Dr. Schlecht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.29 15:52:23 | 000,142,848 | ---- | M] (Crytek) -- C:\Users\Dr. Schlecht\AppData\Roaming\scuti.dll
[2012.07.26 13:58:04 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.26 13:30:17 | 000,000,000 | -H-- | M] () -- C:\Users\Dr. Schlecht\Documents\Default.rdp
[2012.07.26 13:04:44 | 000,000,051 | ---- | M] () -- C:\ProgramData\arxygjcwfkvmfhh
[2012.07.26 11:58:47 | 000,003,356 | ---- | M] () -- C:\Users\Dr. Schlecht\Documents\cc_20120726_115843.reg
[2012.07.16 05:46:54 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.16 05:46:54 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.16 05:46:54 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.16 05:46:54 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.16 05:46:54 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.12 11:25:21 | 000,000,051 | ---- | M] () -- C:\Users\Dr. Schlecht\AppData\Roaming\blckdom.res
[2012.07.12 01:30:51 | 000,007,849 | ---- | M] () -- C:\Users\Dr. Schlecht\Desktop\vwl-kiel.pdf
[2012.07.11 13:40:45 | 000,000,206 | ---- | M] () -- C:\Users\Dr. Schlecht\Documents\cc_20120711_134041.reg
[2012.07.11 03:24:23 | 000,366,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.10 23:30:31 | 000,001,328 | ---- | M] () -- C:\Users\Dr. Schlecht\Documents\cc_20120710_233024.reg
[2012.07.10 14:36:18 | 000,000,512 | ---- | M] () -- C:\Users\Dr. Schlecht\Documents\cc_20120710_143614.reg
[2012.07.09 21:53:39 | 000,000,025 | ---- | M] () -- C:\Users\Dr. Schlecht\AppData\Roaming\urhtps.dat
[2012.07.07 17:44:30 | 000,007,708 | ---- | M] () -- C:\Users\Dr. Schlecht\Documents\cc_20120707_174425.reg
[2012.07.05 23:50:18 | 000,289,072 | ---- | M] () -- C:\Users\Dr. Schlecht\Documents\cc_20120705_234958.reg
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.01 07:22:41 | 010,032,326 | ---- | M] () -- C:\Users\Dr. Schlecht\Desktop\MOV_0322.mp4
[1 C:\Users\Dr. Schlecht\AppData\Roaming\*.tmp files -> C:\Users\Dr. Schlecht\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.30 17:57:28 | 000,000,020 | ---- | C] () -- C:\Users\Dr. Schlecht\defogger_reenable
[2012.07.30 16:27:57 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2012.07.30 16:27:57 | 000,001,899 | ---- | C] () -- C:\Users\Dr. Schlecht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.26 13:49:45 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.26 13:30:17 | 000,000,000 | -H-- | C] () -- C:\Users\Dr. Schlecht\Documents\Default.rdp
[2012.07.26 13:04:36 | 000,000,051 | ---- | C] () -- C:\ProgramData\arxygjcwfkvmfhh
[2012.07.26 12:43:01 | 000,023,040 | ---- | C] () -- C:\Users\Dr. Schlecht\AppData\Local\{166ab7b6-4e68-97a3-e003-8929db1c84ae}\U\800000cb.@
[2012.07.26 12:34:07 | 000,001,712 | ---- | C] () -- C:\Users\Dr. Schlecht\AppData\Local\{166ab7b6-4e68-97a3-e003-8929db1c84ae}\U\00000001.@
[2012.07.26 11:58:45 | 000,003,356 | ---- | C] () -- C:\Users\Dr. Schlecht\Documents\cc_20120726_115843.reg
[2012.07.12 03:11:27 | 000,007,849 | ---- | C] () -- C:\Users\Dr. Schlecht\Desktop\vwl-kiel.pdf
[2012.07.11 13:40:43 | 000,000,206 | ---- | C] () -- C:\Users\Dr. Schlecht\Documents\cc_20120711_134041.reg
[2012.07.10 23:30:27 | 000,001,328 | ---- | C] () -- C:\Users\Dr. Schlecht\Documents\cc_20120710_233024.reg
[2012.07.10 14:36:16 | 000,000,512 | ---- | C] () -- C:\Users\Dr. Schlecht\Documents\cc_20120710_143614.reg
[2012.07.07 18:06:59 | 000,000,025 | ---- | C] () -- C:\Users\Dr. Schlecht\AppData\Roaming\urhtps.dat
[2012.07.07 17:44:28 | 000,007,708 | ---- | C] () -- C:\Users\Dr. Schlecht\Documents\cc_20120707_174425.reg
[2012.07.06 05:09:49 | 000,000,051 | ---- | C] () -- C:\Users\Dr. Schlecht\AppData\Roaming\blckdom.res
[2012.07.05 23:50:03 | 000,289,072 | ---- | C] () -- C:\Users\Dr. Schlecht\Documents\cc_20120705_234958.reg
[2012.07.01 07:22:39 | 010,032,326 | ---- | C] () -- C:\Users\Dr. Schlecht\Desktop\MOV_0322.mp4
[2012.01.30 21:52:05 | 000,002,048 | -HS- | C] () -- C:\Users\Dr. Schlecht\AppData\Local\{166ab7b6-4e68-97a3-e003-8929db1c84ae}\@
[2010.11.10 14:53:20 | 000,000,124 | ---- | C] () -- C:\Users\Dr. Schlecht\AppData\Roaming\wklnhst.dat
[2010.08.11 00:51:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
 
========== LOP Check ==========
 
[2010.09.08 18:14:42 | 000,000,000 | -HSD | M] -- C:\Users\Dr. Schlecht\AppData\Roaming\.#
[2011.08.09 22:30:57 | 000,000,000 | ---D | M] -- C:\Users\Dr. Schlecht\AppData\Roaming\.minecraft
[2012.07.06 05:10:01 | 000,000,000 | ---D | M] -- C:\Users\Dr. Schlecht\AppData\Roaming\13001.016
[2012.07.06 16:17:28 | 000,000,000 | ---D | M] -- C:\Users\Dr. Schlecht\AppData\Roaming\13001.017
[2012.07.07 17:42:30 | 000,000,000 | ---D | M] -- C:\Users\Dr. Schlecht\AppData\Roaming\13001.018
[2012.07.08 14:13:19 | 000,000,000 | ---D | M] -- C:\Users\Dr. Schlecht\AppData\Roaming\13001.019
[2012.07.09 13:07:41 | 000,000,000 | ---D | M] -- C:\Users\Dr. Schlecht\AppData\Roaming\13001.020
[2012.07.10 15:24:06 | 000,000,000 | ---D | M] -- C:\Users\Dr. Schlecht\AppData\Roaming\13001.021
[2012.07.11 14:45:18 | 000,000,000 | ---D | M] -- C:\Users\Dr. Schlecht\AppData\Roaming\13001.022
[2012.06.08 18:59:35 | 000,000,000 | ---D | M] -- C:\Users\Dr. Schlecht\AppData\Roaming\Babylon
[2012.06.08 18:59:50 | 000,000,000 | ---D | M] -- C:\Users\Dr. Schlecht\AppData\Roaming\BabylonToolbar
[2011.04.22 14:57:25 | 000,000,000 | ---D | M] -- C:\Users\Dr. Schlecht\AppData\Roaming\Canon
[2012.07.05 23:48:38 | 000,000,000 | ---D | M] -- C:\Users\Dr. Schlecht\AppData\Roaming\DAEMON Tools Lite
[2010.09.08 18:13:55 | 000,000,000 | ---D | M] -- C:\Users\Dr. Schlecht\AppData\Roaming\GameConsole
[2012.07.26 11:53:54 | 000,000,000 | ---D | M] -- C:\Users\Dr. Schlecht\AppData\Roaming\ICQ
[2012.07.06 05:09:36 | 000,000,000 | ---D | M] -- C:\Users\Dr. Schlecht\AppData\Roaming\kock
[2012.07.27 23:22:35 | 000,000,000 | ---D | M] -- C:\Users\Dr. Schlecht\AppData\Roaming\Leyf
[2011.01.03 16:12:13 | 000,000,000 | ---D | M] -- C:\Users\Dr. Schlecht\AppData\Roaming\OpenOffice.org
[2012.07.03 17:48:30 | 000,000,000 | ---D | M] -- C:\Users\Dr. Schlecht\AppData\Roaming\Opera
[2012.07.28 19:16:33 | 000,000,000 | ---D | M] -- C:\Users\Dr. Schlecht\AppData\Roaming\PowerCinema
[2012.07.28 19:16:33 | 000,000,000 | ---D | M] -- C:\Users\Dr. Schlecht\AppData\Roaming\SoftDMA
[2012.07.03 17:48:30 | 000,000,000 | ---D | M] -- C:\Users\Dr. Schlecht\AppData\Roaming\TeamViewer
[2010.11.10 14:53:21 | 000,000,000 | ---D | M] -- C:\Users\Dr. Schlecht\AppData\Roaming\Template
[2012.07.05 23:48:32 | 000,000,000 | ---D | M] -- C:\Users\Dr. Schlecht\AppData\Roaming\TS3Client
[2012.07.26 12:04:22 | 000,000,000 | ---D | M] -- C:\Users\Dr. Schlecht\AppData\Roaming\UAs
[2012.07.26 12:04:22 | 000,000,000 | ---D | M] -- C:\Users\Dr. Schlecht\AppData\Roaming\xmldm
[2012.07.26 12:29:08 | 000,000,000 | ---D | M] -- C:\Users\Dr. Schlecht\AppData\Roaming\xq3nfswvxyaewqxqpgigisvfldgfhwtm
[2012.07.26 14:53:50 | 000,000,000 | ---D | M] -- C:\Users\Dr. Schlecht\AppData\Roaming\xrswpvtwcffzjoincqtjdqrmr2tv3biq
[2012.07.17 14:22:07 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F

< End of report >

--- --- ---

defogger_disable:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:57 on 30/07/2012 (Dr. Schlecht)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)

-=E.O.F=-

ein malwarebytes-bericht und extras sind dem beitrag als anhang hinzugefügt.

einen weiteren malwarebytes-bericht und der java-cache, kommen gleich nach.

gruß, jogi

jogi1988 · 30.07.2012, 18:13

java-cache ist mittlerweile hochgeladen, allerdings weiß ich nicht, wie ich darauf zugreifen kann.

lg,jogi

markusg · 30.07.2012, 18:26

danke nutzt du den pc für onlinebanking, zum einkaufen, für sonstige zahlungsabwicklungen, oder ähnlich wichtiges, wie berufliches?

jogi1988 · 30.07.2012, 18:53

nein, soweit nicht... nur für facebook, mail, etc...nichts kostenpflichtiges.
bei 1 amazon bestellung habe ich den bestellstatus abgefragt, allerdings nicht die bestellung aufgegeben, oder bankdaten eingetippt.

passwörter aller accounts werde ich dann nach entfernung der viren, ggf systemneuaufsetzung, erneuern.

bis dato noch weitere instruktionen? :>

danke soweit

jogi

hier noch der neue malwarebytes-bericht... die funde vom alten malwarebytes-bericht sind in quarantäne verschoben worden!!!

lg, jogi

jogi1988 · 01.08.2012, 14:37

hm... die benutzung des computer wird immer eingeschränkter... bin leider auf ihn angewiesen, da ich fürs studium recherchieren muss... kenne mich auch nicht gut genug mit computern, bzw mit virenbekämpfung aus, um das ganze selbst aktiver in die hand zu nehmen... fühle mich etwas vergessen, da das forum ja ansonsten sehr belebt ist...

wäre für hilfe sehr dankbar

lg, jogi

zusätzlich gibt es folgende meldungen, beim start des computers:

Problem beim Starten von C:\DR28DB~1.SCH\AppData\Local\Temp\deo0_sar.exe
Das angegebene Modul wurde nicht gefunden.

Problem beim Starten von C:\Users\Dr.Schlecht\AppData\Roaming\scuti.dll
Zugriff verweigert

lg, jogi

markusg · 01.08.2012, 18:50

hi
du hast ein rootkit + banking trojaner, weswegen du neu aufsetzen solltest:
1. Datenrettung:

deaktiviere Autorun: http://www.trojaner-board.de/83238-a...sschalten.html
dann sichere Daten auf nen externen datenträger: http://www.trojaner-board.de/82533-d...ted-magic.html
Bilder, Dokumente, Musik Videos (persönliches) http://www.trojaner-board.de/71715-k...iendungen.html

2. Formatieren, Windows neu instalieren:

nutzt du eine Windows CD: http://www.trojaner-board.de/51262-a...sicherung.html
recovery cd oder recovery partition.
falls dies ein fertig pc ist, nenne hersteller + typ.
Keine Windows 7 DVD? http://www.trojaner-board.de/100776-...-download.html

3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

jogi1988 · 01.08.2012, 19:42

alles klar... dann werd ich mich da mal ran machen... danke !!!

bezüglich dem sichern der daten... ich hab ne 500er externe, allerdings war da auch mal n virus drauf und es kommt häufiger mal die fehlermeldung jamaican.??? wurde nicht gefunden...

markusg · 02.08.2012, 17:00

kannst du die platte formatieren?

jogi1988 · 02.08.2012, 17:22

naja, sind eigentlich daten drauf, die nicht alle entbehrlich sind.

hab das thema hier auch schon angesprochen:

http://www.trojaner-board.de/121029-...tml#post881194

lg, jogi

markusg · 02.08.2012, 19:31

dann kopiere runter, was du brauchst formatiere sie und kopiere unter linux alles zurüc

02.08.2012, 17:00	#10
markusg /// Malware-holic	GVU-Trojaner, Live-Security-Platinum und bestimmt noch einiges mehr... :( kannst du die platte formatieren? __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

GVU-Trojaner, Live-Security-Platinum und bestimmt noch einiges mehr... :(

Log-Analyse und Auswertung: GVU-Trojaner, Live-Security-Platinum und bestimmt noch einiges mehr... :(