GVU-Trojaner auf meinem Laptop

TGB87 · 16.09.2012, 08:57

Hallo zusammen,

schon seit längerem habe ich den GVU-Trojaner auf meinem Laptop. Fing ihn mir ein als ich einen Film streamen wollte, den ich in der google-suche gesucht habe. Habe einen x-beliebigen Link angeklickt und schon war er da.
Als ich meinen Laptop dann mal ohne Internetverbindung (fern ab von meinem Router) hochfuhr, hatte ich wieder zugriff und konnte mit dem Luke Filewalker (Avira) eine Systemüberprüfung durchführen. Diese hat mir dann auch etwas angezeigt, ich löschte es und dachte das Problem sei behoben. (Naiv wie ich jetzt weiß). Nun erhalte ich, wenn ich meinen Laptop starte zu Beginn immer eine Fehlermeldung das ein Modul nicht gefunden werden kann (c:\users\Tim\AppData\Local\Temp\fe0_zip.exe). Habe die ersten Schritte bereits durchgeführt und an diesen Beitrag angehangen.
Bin jetzt erst dazu gekommen, da ich, als ich, Dateinen auf eine externe Festplatte kopieren wollte Probleme hatte und glaube das es an besagtem Trojaner liegt. Kann das sein???

Ich bedanke mich schonmal herzlich bei Euch im voraus und hoffe hier eine Lösung für mein Problem zu finden!!!

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 15.09.2012 20:58:58 - Run 1
OTL by OldTimer - Version 3.2.61.5     Folder = C:\Users\Tim\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 64,10% Memory free
6,08 Gb Paging File | 4,95 Gb Available in Paging File | 81,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 36,56 Gb Free Space | 32,81% Space Free | Partition Type: NTFS
 
Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.15 20:51:18 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
PRC - [2012.07.18 18:04:42 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.18 18:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.01.10 20:02:56 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Tim\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2008.07.02 04:51:00 | 000,821,768 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2008.06.11 11:22:16 | 000,409,600 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008.05.14 18:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.05.14 18:05:22 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008.04.28 09:35:36 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.04.15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.04.15 18:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.03.21 14:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.03.18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.01.16 19:35:02 | 000,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.18 09:41:10 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll
MOD - [2012.06.18 09:38:24 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.18 09:37:51 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.05.12 13:38:19 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.11 03:55:43 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.11 03:52:40 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.11 03:52:12 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.06.11 11:21:46 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll
MOD - [2008.05.14 18:05:10 | 000,227,888 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2008.04.28 10:49:20 | 000,003,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
MOD - [2008.02.05 17:32:07 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll
MOD - [2008.02.05 17:32:07 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2008.02.05 17:32:07 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.05.14 18:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.04.15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008.03.21 14:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.03.18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 19:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Unknown] -- C:\Windows\system32\drivers\usb3jrcv.sys -- (usb3jrcv)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - [2012.07.18 18:04:42 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.07.18 18:04:42 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.07.18 18:04:42 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.28 09:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.05.09 13:03:58 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.04.21 05:07:00 | 000,081,296 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.03.21 11:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008.02.29 09:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.01.16 19:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0109&m=aspire_7730z
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2EB715F0-9BA0-444F-A8B4-9E0886E24F6C}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {2EB715F0-9BA0-444F-A8B4-9E0886E24F6C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0CA48AA3-0831-4924-940A-B9BE5A4242FF}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=de_DE
IE - HKCU\..\SearchScopes\{2EB715F0-9BA0-444F-A8B4-9E0886E24F6C}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}
IE - HKCU\..\SearchScopes\{514B8DFF-4823-46C0-8396-3E1D123EBF3E}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms}
IE - HKCU\..\SearchScopes\{92762EF5-0E23-4366-A6BA-1D1AE3D26D4C}: "URL" = hxxp://go.web.de/suchbox/amazon/?keywords={searchTerms}
IE - HKCU\..\SearchScopes\{C4E6FEF1-2855-4012-8907-5A90847CED85}: "URL" = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich
IE - HKCU\..\SearchScopes\{D81CF5C3-0D0B-4CF8-93AA-FC8EAAF70C93}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.12 20:12:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.12 20:12:25 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://startsear.ch/?aff=1
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll File not found
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [NWEReboot]  File not found
O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92ECCD73-3691-41A6-8106-001219538A6A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1C57539-2EA8-41B6-BAE9-091C9ADFD946}: DhcpNameServer = 192.168.178.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Tim\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tim\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{08707553-0ef7-11de-83ec-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{08707553-0ef7-11de-83ec-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{08707587-0ef7-11de-83ec-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{08707587-0ef7-11de-83ec-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{08707591-0ef7-11de-83ec-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{08707591-0ef7-11de-83ec-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{087075c6-0ef7-11de-83ec-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{087075c6-0ef7-11de-83ec-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1fda5aff-e266-11dd-ab38-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{1fda5aff-e266-11dd-ab38-00238b376914}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{1fda5b01-e266-11dd-ab38-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{1fda5b01-e266-11dd-ab38-00238b376914}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{2e04dd9a-0f01-11de-b8c3-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{2e04dd9a-0f01-11de-b8c3-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2e04dddd-0f01-11de-b8c3-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{2e04dddd-0f01-11de-b8c3-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{36d361a5-e0c0-11dd-aa46-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{36d361a5-e0c0-11dd-aa46-00238b376914}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{7a352ee6-e0ca-11dd-a9e1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7a352ee6-e0ca-11dd-a9e1-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{7a352f09-e0ca-11dd-a9e1-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{7a352f09-e0ca-11dd-a9e1-00238b376914}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{7a352f18-e0ca-11dd-a9e1-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{7a352f18-e0ca-11dd-a9e1-00238b376914}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{7a352f20-e0ca-11dd-a9e1-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{7a352f20-e0ca-11dd-a9e1-00238b376914}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{8b1f70fd-0f27-11de-bd85-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{8b1f70fd-0f27-11de-bd85-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8b1f7101-0f27-11de-bd85-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{8b1f7101-0f27-11de-bd85-00238b376914}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b298231c-0e51-11de-b6c9-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{b298231c-0e51-11de-b6c9-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b2982356-0e51-11de-b6c9-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{b2982356-0e51-11de-b6c9-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c5b7ab40-117a-11de-b4d2-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{c5b7ab40-117a-11de-b4d2-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c5b7ab41-117a-11de-b4d2-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{c5b7ab41-117a-11de-b4d2-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d74167de-0e58-11de-8fa2-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{d74167de-0e58-11de-8fa2-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d74167e6-0e58-11de-8fa2-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{d74167e6-0e58-11de-8fa2-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d74167e8-0e58-11de-8fa2-00238b376914}\Shell - "" = AutoRun
O33 - MountPoints2\{d74167e8-0e58-11de-8fa2-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e7ce5471-d877-11de-8b7f-00238b376914}\Shell\AutoRun\command - "" = F:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.15 20:50:39 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2012.09.15 14:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\AntiTwin
[2012.09.07 19:05:38 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play65
[2012.09.07 19:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Play65
[2012.09.07 19:02:21 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\Play65
[2012.09.07 19:01:33 | 000,261,224 | ---- | C] (Play65) -- C:\Users\Tim\Desktop\InstallPlay65.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.15 20:51:18 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2012.09.15 20:49:04 | 000,000,000 | ---- | M] () -- C:\Users\Tim\defogger_reenable
[2012.09.15 20:47:35 | 000,050,477 | ---- | M] () -- C:\Users\Tim\Desktop\Defogger.exe
[2012.09.15 20:36:46 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.15 19:08:17 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.15 19:08:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.15 19:08:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.15 19:08:06 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\RegistryDoktor.job
[2012.09.15 19:07:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.15 19:07:48 | 3144,589,312 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.15 17:02:51 | 000,093,696 | ---- | M] () -- C:\Users\Tim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.15 16:48:40 | 000,000,032 | ---- | M] () -- C:\Windows\CD_Start.INI
[2012.09.15 14:02:12 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\Anti-Twin.lnk
[2012.09.15 14:01:36 | 000,911,295 | ---- | M] () -- C:\Users\Tim\Desktop\AntiTwin_Setup.exe
[2012.09.15 13:56:36 | 000,628,914 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.15 13:56:36 | 000,596,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.15 13:56:36 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.15 13:56:36 | 000,104,242 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.07 19:05:38 | 000,000,851 | ---- | M] () -- C:\Users\Tim\Desktop\Play65.lnk
[2012.09.07 19:01:34 | 000,261,224 | ---- | M] (Play65) -- C:\Users\Tim\Desktop\InstallPlay65.exe
[2012.08.19 11:00:15 | 000,300,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.15 20:49:04 | 000,000,000 | ---- | C] () -- C:\Users\Tim\defogger_reenable
[2012.09.15 20:47:34 | 000,050,477 | ---- | C] () -- C:\Users\Tim\Desktop\Defogger.exe
[2012.09.15 14:02:13 | 000,000,782 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anti-Twin.lnk
[2012.09.15 14:02:12 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\Anti-Twin.lnk
[2012.09.15 14:01:35 | 000,911,295 | ---- | C] () -- C:\Users\Tim\Desktop\AntiTwin_Setup.exe
[2012.09.07 19:05:38 | 000,000,851 | ---- | C] () -- C:\Users\Tim\Desktop\Play65.lnk
[2012.07.23 15:29:28 | 004,503,728 | ---- | C] () -- C:\ProgramData\piz_0ef.pad
[2012.06.02 15:27:41 | 000,061,208 | ---- | C] () -- C:\Windows\System32\MPEG4E-uninstall.exe
[2011.08.12 16:24:23 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2009.03.13 11:54:19 | 022,102,584 | ---- | C] () -- C:\Program Files\antivir_workstation_winu_de_h337.exe
[2009.01.12 18:46:47 | 000,000,680 | ---- | C] () -- C:\Users\Tim\AppData\Local\d3d9caps.dat
[2009.01.10 20:57:46 | 000,093,696 | ---- | C] () -- C:\Users\Tim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2009.01.15 20:43:40 | 000,000,000 | -HSD | M] -- C:\Users\Tim\AppData\Roaming\.#
[2010.10.22 23:27:57 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Absolute Poker
[2008.02.05 17:53:18 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Acer GameZone Console
[2009.01.15 20:32:11 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Big Fish Games
[2009.01.11 02:30:54 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\eSobi
[2010.03.30 01:54:14 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Gaijin Ent
[2011.04.10 20:50:55 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\ICQ
[2009.10.13 19:18:54 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\LG Electronics
[2009.09.20 18:19:01 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\LGSync
[2012.07.09 18:05:00 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Nokia
[2012.07.09 18:05:00 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Nokia Ovi Suite
[2012.02.18 14:41:45 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\PacificPoker
[2011.02.16 14:06:53 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\PC Suite
[2010.04.16 13:04:34 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Uniblue
[2009.01.12 18:49:01 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Vodafone
[2012.09.15 19:08:06 | 000,000,328 | ---- | M] () -- C:\Windows\Tasks\RegistryDoktor.job
[2012.09.15 17:17:22 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:193426B4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:9E22BBE8

< End of report >

--- --- ---

t'john · 16.09.2012, 17:04

Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Code:

ATTFilter

:OTL
PRC - [2009.01.10 20:02:56 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Tim\AppData\Local\Temp\RtkBtMnt.exe 
IE - HKLM\..\URLSearchHook: - No CLSID value found 
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) 
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\InprocServer32 File not found 
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{2EB715F0-9BA0-444F-A8B4-9E0886E24F6C}: "URL" = http://startsear.ch/?aff=1&q={searchTerms} 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW 
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 
IE - HKCU\..\URLSearchHook: - No CLSID value found 
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) 
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) 
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\InprocServer32 File not found 
IE - HKCU\..\SearchScopes,DefaultScope = {2EB715F0-9BA0-444F-A8B4-9E0886E24F6C} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{0CA48AA3-0831-4924-940A-B9BE5A4242FF}: "URL" = http://go.web.de/suchbox/ebay?query={searchTerms} 
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=de_DE 
IE - HKCU\..\SearchScopes\{2EB715F0-9BA0-444F-A8B4-9E0886E24F6C}: "URL" = http://startsear.ch/?aff=1&q={searchTerms} 
IE - HKCU\..\SearchScopes\{514B8DFF-4823-46C0-8396-3E1D123EBF3E}: "URL" = http://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms} 
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd 
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://go.web.de/suchbox/google?q={searchTerms} 
IE - HKCU\..\SearchScopes\{92762EF5-0E23-4366-A6BA-1D1AE3D26D4C}: "URL" = http://go.web.de/suchbox/amazon/?keywords={searchTerms} 
IE - HKCU\..\SearchScopes\{C4E6FEF1-2855-4012-8907-5A90847CED85}: "URL" = http://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich 
IE - HKCU\..\SearchScopes\{D81CF5C3-0D0B-4CF8-93AA-FC8EAAF70C93}: "URL" = http://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. 
O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) 
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll File not found 
O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) 
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll File not found 
O3 - HKCU\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) 
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll File not found 
O4 - HKLM..\Run: [NWEReboot] File not found 
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found 
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe File not found 
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe File not found 
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () 
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) 
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 
O33 - MountPoints2\{08707553-0ef7-11de-83ec-00238b376914}\Shell - "" = AutoRun 
O33 - MountPoints2\{08707553-0ef7-11de-83ec-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{08707587-0ef7-11de-83ec-00238b376914}\Shell - "" = AutoRun 
O33 - MountPoints2\{08707587-0ef7-11de-83ec-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{08707591-0ef7-11de-83ec-00238b376914}\Shell - "" = AutoRun 
O33 - MountPoints2\{08707591-0ef7-11de-83ec-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{087075c6-0ef7-11de-83ec-00238b376914}\Shell - "" = AutoRun 
O33 - MountPoints2\{087075c6-0ef7-11de-83ec-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{1fda5aff-e266-11dd-ab38-00238b376914}\Shell - "" = AutoRun 
O33 - MountPoints2\{1fda5aff-e266-11dd-ab38-00238b376914}\Shell\AutoRun\command - "" = F:\setup.exe 
O33 - MountPoints2\{1fda5b01-e266-11dd-ab38-00238b376914}\Shell - "" = AutoRun 
O33 - MountPoints2\{1fda5b01-e266-11dd-ab38-00238b376914}\Shell\AutoRun\command - "" = F:\setup.exe 
O33 - MountPoints2\{2e04dd9a-0f01-11de-b8c3-00238b376914}\Shell - "" = AutoRun 
O33 - MountPoints2\{2e04dd9a-0f01-11de-b8c3-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{2e04dddd-0f01-11de-b8c3-00238b376914}\Shell - "" = AutoRun 
O33 - MountPoints2\{2e04dddd-0f01-11de-b8c3-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{36d361a5-e0c0-11dd-aa46-00238b376914}\Shell - "" = AutoRun 
O33 - MountPoints2\{36d361a5-e0c0-11dd-aa46-00238b376914}\Shell\AutoRun\command - "" = F:\setup.exe 
O33 - MountPoints2\{7a352ee6-e0ca-11dd-a9e1-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{7a352ee6-e0ca-11dd-a9e1-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe 
O33 - MountPoints2\{7a352f09-e0ca-11dd-a9e1-00238b376914}\Shell - "" = AutoRun 
O33 - MountPoints2\{7a352f09-e0ca-11dd-a9e1-00238b376914}\Shell\AutoRun\command - "" = G:\setup.exe 
O33 - MountPoints2\{7a352f18-e0ca-11dd-a9e1-00238b376914}\Shell - "" = AutoRun 
O33 - MountPoints2\{7a352f18-e0ca-11dd-a9e1-00238b376914}\Shell\AutoRun\command - "" = F:\setup.exe 
O33 - MountPoints2\{7a352f20-e0ca-11dd-a9e1-00238b376914}\Shell - "" = AutoRun 
O33 - MountPoints2\{7a352f20-e0ca-11dd-a9e1-00238b376914}\Shell\AutoRun\command - "" = F:\setup.exe 
O33 - MountPoints2\{8b1f70fd-0f27-11de-bd85-00238b376914}\Shell - "" = AutoRun 
O33 - MountPoints2\{8b1f70fd-0f27-11de-bd85-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{8b1f7101-0f27-11de-bd85-00238b376914}\Shell - "" = AutoRun 
O33 - MountPoints2\{8b1f7101-0f27-11de-bd85-00238b376914}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{b298231c-0e51-11de-b6c9-00238b376914}\Shell - "" = AutoRun 
O33 - MountPoints2\{b298231c-0e51-11de-b6c9-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{b2982356-0e51-11de-b6c9-00238b376914}\Shell - "" = AutoRun 
O33 - MountPoints2\{b2982356-0e51-11de-b6c9-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{c5b7ab40-117a-11de-b4d2-00238b376914}\Shell - "" = AutoRun 
O33 - MountPoints2\{c5b7ab40-117a-11de-b4d2-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{c5b7ab41-117a-11de-b4d2-00238b376914}\Shell - "" = AutoRun 
O33 - MountPoints2\{c5b7ab41-117a-11de-b4d2-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{d74167de-0e58-11de-8fa2-00238b376914}\Shell - "" = AutoRun 
O33 - MountPoints2\{d74167de-0e58-11de-8fa2-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{d74167e6-0e58-11de-8fa2-00238b376914}\Shell - "" = AutoRun 
O33 - MountPoints2\{d74167e6-0e58-11de-8fa2-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{d74167e8-0e58-11de-8fa2-00238b376914}\Shell - "" = AutoRun 
O33 - MountPoints2\{d74167e8-0e58-11de-8fa2-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{e7ce5471-d877-11de-8b7f-00238b376914}\Shell\AutoRun\command - "" = F:\Menu.exe 
[2012.07.23 15:29:28 | 004,503,728 | ---- | C] () -- C:\ProgramData\piz_0ef.pad 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:FC420CE6 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:FEBEC560 
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:E36F5B57 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:9F683177 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:193426B4 
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:B623B5B8 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:861A898F 
@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:4BB26BE9 
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:9E22BBE8 
[2012.09.15 19:08:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 
[2012.09.15 19:08:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 
[2012.09.15 19:08:06 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\RegistryDoktor.job 

[2009.01.15 20:43:40 | 000,000,000 | -HSD | M] -- C:\Users\Tim\AppData\Roaming\.# 
:Files
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Tim\*.tmp
C:\Users\Tim\AppData\Local\{*}
C:\Users\Tim\AppData\Local\Temp\*.exe
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

2. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

3. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

4. Schritt

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

TGB87 · 16.09.2012, 21:44

Hallo,

hier die 4 Logdateien. Hoffe sie sin soweit richtig.

Viele Dank. Habe das Gefühl der Laptop läuft schon besser.

All processes killed
========== OTL ==========
No active process named RtkBtMnt.exe was found!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2EB715F0-9BA0-444F-A8B4-9E0886E24F6C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EB715F0-9BA0-444F-A8B4-9E0886E24F6C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0CA48AA3-0831-4924-940A-B9BE5A4242FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CA48AA3-0831-4924-940A-B9BE5A4242FF}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2EB715F0-9BA0-444F-A8B4-9E0886E24F6C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EB715F0-9BA0-444F-A8B4-9E0886E24F6C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{514B8DFF-4823-46C0-8396-3E1D123EBF3E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{514B8DFF-4823-46C0-8396-3E1D123EBF3E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{92762EF5-0E23-4366-A6BA-1D1AE3D26D4C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92762EF5-0E23-4366-A6BA-1D1AE3D26D4C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C4E6FEF1-2855-4012-8907-5A90847CED85}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4E6FEF1-2855-4012-8907-5A90847CED85}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D81CF5C3-0D0B-4CF8-93AA-FC8EAAF70C93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D81CF5C3-0D0B-4CF8-93AA-FC8EAAF70C93}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NWEReboot deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
C:\Programs\PartyGaming\PartyPoker\RunApp.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
File C:\Programs\PartyGaming\PartyPoker\RunApp.exe not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08707553-0ef7-11de-83ec-00238b376914}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08707553-0ef7-11de-83ec-00238b376914}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08707553-0ef7-11de-83ec-00238b376914}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08707553-0ef7-11de-83ec-00238b376914}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08707587-0ef7-11de-83ec-00238b376914}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08707587-0ef7-11de-83ec-00238b376914}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08707587-0ef7-11de-83ec-00238b376914}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08707587-0ef7-11de-83ec-00238b376914}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08707591-0ef7-11de-83ec-00238b376914}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08707591-0ef7-11de-83ec-00238b376914}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08707591-0ef7-11de-83ec-00238b376914}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08707591-0ef7-11de-83ec-00238b376914}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{087075c6-0ef7-11de-83ec-00238b376914}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{087075c6-0ef7-11de-83ec-00238b376914}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{087075c6-0ef7-11de-83ec-00238b376914}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{087075c6-0ef7-11de-83ec-00238b376914}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1fda5aff-e266-11dd-ab38-00238b376914}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1fda5aff-e266-11dd-ab38-00238b376914}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1fda5aff-e266-11dd-ab38-00238b376914}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1fda5aff-e266-11dd-ab38-00238b376914}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1fda5b01-e266-11dd-ab38-00238b376914}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1fda5b01-e266-11dd-ab38-00238b376914}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1fda5b01-e266-11dd-ab38-00238b376914}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1fda5b01-e266-11dd-ab38-00238b376914}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e04dd9a-0f01-11de-b8c3-00238b376914}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e04dd9a-0f01-11de-b8c3-00238b376914}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e04dd9a-0f01-11de-b8c3-00238b376914}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e04dd9a-0f01-11de-b8c3-00238b376914}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e04dddd-0f01-11de-b8c3-00238b376914}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e04dddd-0f01-11de-b8c3-00238b376914}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e04dddd-0f01-11de-b8c3-00238b376914}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e04dddd-0f01-11de-b8c3-00238b376914}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36d361a5-e0c0-11dd-aa46-00238b376914}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36d361a5-e0c0-11dd-aa46-00238b376914}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36d361a5-e0c0-11dd-aa46-00238b376914}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36d361a5-e0c0-11dd-aa46-00238b376914}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a352ee6-e0ca-11dd-a9e1-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a352ee6-e0ca-11dd-a9e1-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a352ee6-e0ca-11dd-a9e1-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a352ee6-e0ca-11dd-a9e1-806e6f6e6963}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a352f09-e0ca-11dd-a9e1-00238b376914}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a352f09-e0ca-11dd-a9e1-00238b376914}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a352f09-e0ca-11dd-a9e1-00238b376914}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a352f09-e0ca-11dd-a9e1-00238b376914}\ not found.
File G:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a352f18-e0ca-11dd-a9e1-00238b376914}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a352f18-e0ca-11dd-a9e1-00238b376914}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a352f18-e0ca-11dd-a9e1-00238b376914}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a352f18-e0ca-11dd-a9e1-00238b376914}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a352f20-e0ca-11dd-a9e1-00238b376914}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a352f20-e0ca-11dd-a9e1-00238b376914}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a352f20-e0ca-11dd-a9e1-00238b376914}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a352f20-e0ca-11dd-a9e1-00238b376914}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b1f70fd-0f27-11de-bd85-00238b376914}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b1f70fd-0f27-11de-bd85-00238b376914}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b1f70fd-0f27-11de-bd85-00238b376914}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b1f70fd-0f27-11de-bd85-00238b376914}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b1f7101-0f27-11de-bd85-00238b376914}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b1f7101-0f27-11de-bd85-00238b376914}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b1f7101-0f27-11de-bd85-00238b376914}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b1f7101-0f27-11de-bd85-00238b376914}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b298231c-0e51-11de-b6c9-00238b376914}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b298231c-0e51-11de-b6c9-00238b376914}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b298231c-0e51-11de-b6c9-00238b376914}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b298231c-0e51-11de-b6c9-00238b376914}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2982356-0e51-11de-b6c9-00238b376914}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2982356-0e51-11de-b6c9-00238b376914}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2982356-0e51-11de-b6c9-00238b376914}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2982356-0e51-11de-b6c9-00238b376914}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5b7ab40-117a-11de-b4d2-00238b376914}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c5b7ab40-117a-11de-b4d2-00238b376914}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5b7ab40-117a-11de-b4d2-00238b376914}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c5b7ab40-117a-11de-b4d2-00238b376914}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5b7ab41-117a-11de-b4d2-00238b376914}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c5b7ab41-117a-11de-b4d2-00238b376914}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5b7ab41-117a-11de-b4d2-00238b376914}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c5b7ab41-117a-11de-b4d2-00238b376914}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d74167de-0e58-11de-8fa2-00238b376914}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d74167de-0e58-11de-8fa2-00238b376914}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d74167de-0e58-11de-8fa2-00238b376914}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d74167de-0e58-11de-8fa2-00238b376914}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d74167e6-0e58-11de-8fa2-00238b376914}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d74167e6-0e58-11de-8fa2-00238b376914}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d74167e6-0e58-11de-8fa2-00238b376914}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d74167e6-0e58-11de-8fa2-00238b376914}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d74167e8-0e58-11de-8fa2-00238b376914}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d74167e8-0e58-11de-8fa2-00238b376914}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d74167e8-0e58-11de-8fa2-00238b376914}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d74167e8-0e58-11de-8fa2-00238b376914}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7ce5471-d877-11de-8b7f-00238b376914}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e7ce5471-d877-11de-8b7f-00238b376914}\ not found.
File F:\Menu.exe not found.
C:\ProgramData\piz_0ef.pad moved successfully.
ADS C:\ProgramData\Temp:FC420CE6 deleted successfully.
ADS C:\ProgramData\Temp:FEBEC560 deleted successfully.
ADS C:\ProgramData\Temp:E36F5B57 deleted successfully.
ADS C:\ProgramData\Temp:9F683177 deleted successfully.
ADS C:\ProgramData\Temp:193426B4 deleted successfully.
ADS C:\ProgramData\Temp:B623B5B8 deleted successfully.
ADS C:\ProgramData\Temp:861A898F deleted successfully.
ADS C:\ProgramData\Temp:4BB26BE9 deleted successfully.
ADS C:\ProgramData\Temp:9E22BBE8 deleted successfully.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
C:\Windows\Tasks\RegistryDoktor.job moved successfully.
C:\Users\Tim\AppData\Roaming\.# folder moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
C:\ProgramData\TEMP folder moved successfully.
File\Folder C:\Users\Tim\*.tmp not found.
C:\Users\Tim\AppData\Local\{DA6A30CA-2668-4F5F-93A5-9BDA19E3CCC4} folder moved successfully.
C:\Users\Tim\AppData\Local\Temp\RtkBtMnt.exe moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Tim\Desktop\cmd.bat deleted successfully.
C:\Users\Tim\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: acer

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Tim
->Temp folder emptied: 9853583 bytes
->Google Chrome cache emptied: 6274184 bytes
->Flash cache emptied: 61630 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3737 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 15,00 mb

OTL by OldTimer - Version 3.2.61.5 log created on 09162012_191943

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.16.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Tim :: TIM-PC [Administrator]

Schutz: Aktiviert

16.09.2012 20:01:18
mbam-log-2012-09-16 (20-01-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 375672
Laufzeit: 2 Stunde(n), 12 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

# AdwCleaner v2.002 - Datei am 09/16/2012 um 22:19:25 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Tim - TIM-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Tim\Desktop\adwcleaner.exe
# Option [Suche]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Program Files\Ask.com
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Users\Tim\AppData\Local\AskToolbar
Ordner Gefunden : C:\Users\Tim\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Tim\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Tim\AppData\LocalLow\DVDVideoSoft
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\AskToolbarInfo
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\DVDVideoSoft
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{385D0FE8-D5D8-448B-8EDD-C63E6994CFD5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{385D0FE8-D5D8-448B-8EDD-C63E6994CFD5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\StartSearch
Schlüssel Gefunden : HKCU\Software\SweetIm
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{385D0FE8-D5D8-448B-8EDD-C63E6994CFD5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E5197F95-6783-4931-ACC4-7521C7AD6C8C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DVDVideoSoft
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E5197F95-6783-4931-ACC4-7521C7AD6C8C}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Software
Schlüssel Gefunden : HKLM\Software\SweetIm
Schlüssel Gefunden : HKU\S-1-5-21-1025877260-1875166848-722062197-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.31] : homepage = "hxxp://startsear.ch/?aff=1",

*************************

AdwCleaner[R1].txt - [5765 octets] - [16/09/2012 22:19:25]

########## EOF - C:\AdwCleaner[R1].txt - [5825 octets] ##########

# AdwCleaner v2.002 - Datei am 09/16/2012 um 22:22:09 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Tim - TIM-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Tim\Desktop\adwcleaner.exe
# Option [Löschen]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Users\Tim\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Tim\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Tim\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Tim\AppData\LocalLow\DVDVideoSoft
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\AskToolbarInfo
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoft
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{385D0FE8-D5D8-448B-8EDD-C63E6994CFD5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{385D0FE8-D5D8-448B-8EDD-C63E6994CFD5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\SweetIm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{385D0FE8-D5D8-448B-8EDD-C63E6994CFD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E5197F95-6783-4931-ACC4-7521C7AD6C8C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoft
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E5197F95-6783-4931-ACC4-7521C7AD6C8C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Schlüssel Gelöscht : HKLM\Software\SweetIm

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.31] : homepage = "hxxp://startsear.ch/?aff=1",

*************************

AdwCleaner[R1].txt - [5894 octets] - [16/09/2012 22:19:25]
AdwCleaner[S1].txt - [5502 octets] - [16/09/2012 22:22:09]

########## EOF - C:\AdwCleaner[S1].txt - [5562 octets] ##########

Nochmals

für die schnelle und unkomplizierte Hilfe!!!

MFG TGB87

t'john · 18.09.2012, 02:13

Sehr gut!

Wie laeuft der Rechner?

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

TGB87 · 19.09.2012, 18:00

Hallo,

der Rechner läuft auf jeden Fall besser als vorher

!!!

Ich hoffe das er jetzt auch besser mit meiner externen Festplatte kooperiert.
Falls das nicht der Fall sein sollte, kann mir hier ein bestimmtes subforum empfohlen werden? Sodass ich dort dann ein neues Thema erstellen kann.

Was ist mit der gesammelten Software die ich für diese ganze Aktion heruntergeladen habe? Kann ich diese wieder deinstallieren? Ich gehe einfach mal davon aus mir so schnell nichts mehr einzufangen, da sich das mit dem streamen für mich vorerst mal erledigt hat.

Eine Frage noch: welches ist Eurer Meinung nach das Beste Internet-Sicherheitsprogramm? Habe seit eh und je Avira.

Danke für Rat und Tat + die super unkomplizierte zusammenarbeit.

!!!!!
Es ergab sich folgendes Problem:
-Habe nach dem Scan (beim ersten und zweiten Mal) das Programm nicht korrekt schließen können.
-Als ich auf in Quarantäne verschieben klickte, reagierte das Programm nach wenigen Sekunden nicht mehr und ich konnte mir keinen Bericht anzeigen lassen(erster Versuch).
-Nun beim zweiten Versuch ist das gleiche Phänomen aufgetreten, nur das ich nun den Bericht einsehen konnte und dabei feststellte das beim ersten Versuch auch ein Bericht erstellt worden ist.
-ferner habe ich zwei verschiedene Ergebnisse erhalten.
-Also habe ich nun beide Berichte hier eingefügt.
!!!!!
Hier die beiden Emisoft-Berichte:

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 18.09.2012 22:09:18

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 18.09.2012 22:09:58

c:\program files\pacificpoker gefunden: Trace.File.pacific poker!E1
c:\users\tim\appdata\roaming\microsoft\windows\start menu\programs\partypoker gefunden: Trace.File.partypoker!E1
c:\program files\pacificpoker\ gefunden: Trace.File.pacificpoker!E1
c:\users\tim\appdata\roaming\pacificpoker\ gefunden: Trace.File.pacificpoker!E1
c:\program files\pacificpoker\processlist.txt gefunden: Trace.File.pacific poker!E1
c:\program files\pacificpoker\install.log gefunden: Trace.File.pacific poker!E1
c:\program files\pacificpoker\pv.exe gefunden: Trace.File.pacific poker!E1
c:\program files\pacificpoker\listproc.exe gefunden: Trace.File.pacific poker!E1
c:\users\tim\appdata\roaming\microsoft\internet explorer\quick launch\partypoker.lnk gefunden: Trace.File.partypoker!E1
Value: hkey_current_user\software\pacificpoker\poker\init --> ip gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\pacificpoker\poker\init --> reconnection_not_response gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\pacificpoker\poker\init --> mediapath gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\pacificpoker\poker\init --> serial gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\pacificpoker\poker\init --> test_data gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\pacificpoker\poker\sdl --> curr_ver gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\pacificpoker\poker\sdl --> s_ip gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\pacificpoker\poker\sdl --> upd_flag gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\pacificpoker\poker\init --> reconnection_timeout gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\pacificpoker\poker\init --> reconnection_elapse gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\pokerinstaller --> fullpath gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\pokerinstaller --> installer_guid gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\pokerinstaller --> url_casino_2 gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\pacificpoker\poker\init --> ip1 gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\pacificpoker\poker\sdl --> upd_ver gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 2 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 4 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 5 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 6 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 7 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 9 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> adslastknownstate gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> apppath gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> blackjacksounds gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> enablecongratulations gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> id gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> initialport gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> installstate gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> mucklosinghand gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> sl gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> tabletype gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> usecount gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> autologintoothergames gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> cfdialogshown gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> freshinstall gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> oldcfformat gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> displayicon gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> displayname gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> displayversion gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> installdate gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> installlocation gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> installsource gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> installsourcefile gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> publisher gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> silentsettings gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> uninstallstring gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 1 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 10 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\pacificpoker\poker\sdl --> upg_date gefunden: Trace.Registry.pacific poker!E1
Key: hkey_current_user\software\pacificpoker gefunden: Trace.Registry.pacificpoker!E1
Key: hkey_current_user\software\pacificpoker\casinopoker\casino\sdl gefunden: Trace.Registry.pacificpoker!E1
Key: hkey_current_user\software\pacificpoker\poker gefunden: Trace.Registry.pacificpoker!E1
Key: hkey_current_user\software\pacificpoker\poker\init gefunden: Trace.Registry.pacificpoker!E1
Key: hkey_current_user\software\pacificpoker\poker\sdl gefunden: Trace.Registry.pacificpoker!E1
Key: hkey_current_user\software\pokerinstaller gefunden: Trace.Registry.pacificpoker!E1
Key: hkey_current_user\software\pacificpoker\casinopoker\casino\init gefunden: Trace.Registry.pacificpoker!E1
Key: hkey_current_user\software\pacificpoker\casinopoker gefunden: Trace.Registry.pacificpoker!E1
Key: hkey_current_user\software\pacificpoker\casinopoker\casino gefunden: Trace.Registry.pacificpoker!E1

Gescannt 620722
Gefunden 67

Scan Ende: 18.09.2012 23:53:55
Scan Zeit: 1:43:57

Emsisoft Anti-Malware - Version 7.0
Letztes Update: 19.09.2012 16:15:33

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 19.09.2012 16:16:43

c:\users\tim\appdata\roaming\microsoft\windows\start menu\programs\partypoker gefunden: Trace.File.partypoker!E1
c:\users\tim\appdata\roaming\pacificpoker\ gefunden: Trace.File.pacificpoker!E1
c:\users\tim\appdata\roaming\microsoft\internet explorer\quick launch\partypoker.lnk gefunden: Trace.File.partypoker!E1
Value: hkey_current_user\software\pacificpoker\poker\init --> ip gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\pacificpoker\poker\init --> reconnection_not_response gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\pacificpoker\poker\init --> reconnection_timeout gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\pacificpoker\poker\init --> reconnection_elapse gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\pacificpoker\poker\init --> test_data gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\pacificpoker\poker\sdl --> curr_ver gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\pacificpoker\poker\sdl --> s_ip gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\pacificpoker\poker\sdl --> upd_flag gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\pacificpoker\poker\sdl --> upd_ver gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\pacificpoker\poker\sdl --> upg_date gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\pokerinstaller --> fullpath gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\pokerinstaller --> installer_guid gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\pokerinstaller --> url_casino_2 gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 1 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 10 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 2 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 4 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 5 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 6 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\pacificpoker\poker\init --> serial gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 9 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\pacificpoker\poker\init --> mediapath gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 7 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> blackjacksounds gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> enablecongratulations gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> id gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> initialport gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> adslastknownstate gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> mucklosinghand gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> sl gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> tabletype gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> apppath gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> autologintoothergames gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> cfdialogshown gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> freshinstall gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> oldcfformat gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> installstate gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> usecount gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\pacificpoker\poker\init --> ip1 gefunden: Trace.Registry.pacific poker!E1
Key: hkey_current_user\software\pacificpoker gefunden: Trace.Registry.pacificpoker!E1
Key: hkey_current_user\software\pacificpoker\casinopoker\casino\sdl gefunden: Trace.Registry.pacificpoker!E1
Key: hkey_current_user\software\pacificpoker\casinopoker\casino gefunden: Trace.Registry.pacificpoker!E1
Key: hkey_current_user\software\pacificpoker\casinopoker\casino\init gefunden: Trace.Registry.pacificpoker!E1
Key: hkey_current_user\software\pacificpoker\poker\sdl gefunden: Trace.Registry.pacificpoker!E1
Key: hkey_current_user\software\pokerinstaller gefunden: Trace.Registry.pacificpoker!E1
Key: hkey_current_user\software\pacificpoker\poker\init gefunden: Trace.Registry.pacificpoker!E1
Key: hkey_current_user\software\pacificpoker\casinopoker gefunden: Trace.Registry.pacificpoker!E1
Key: hkey_current_user\software\pacificpoker\poker gefunden: Trace.Registry.pacificpoker!E1

Gescannt 618832
Gefunden 51

Scan Ende: 19.09.2012 17:38:31
Scan Zeit: 1:21:48

Vielen, vielen DANK!!!

t'john · 19.09.2012, 18:11

Sehr gut!

Lasse die Funde in Quarantaene verschieben, dann:

Deinstalliere:
Emsisoft Anti-Malware

ESET Online Scanner

Vorbereitung

Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

Lade und starte Eset Smartinstaller
Haken setzen bei YES, I accept the Terms of Use.
Klick auf Start.
Haken setzen bei Remove found threads und Scan archives.
Klick auf Start.
Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

TGB87 · 19.09.2012, 22:13

Hi,

hier die Eset Log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=09b1311e7b72044bb1b702da0c69dd81
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-19 09:07:46
# local_time=2012-09-19 11:07:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 4513677 4513677 0 0
# compatibility_mode=5892 16776574 100 100 4521775 185612530 0 0
# compatibility_mode=8192 67108863 100 0 333 333 0 0
# scanned=190883
# found=0
# cleaned=0
# scan_time=9064

Bedankt, bedankt!!!

t'john · 21.09.2012, 12:05

Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 7 ) herunter laden.
Wenn die Installation beendet wurde
Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
Klicke auf Dateien löschen....
Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
Klicke erneut OK.

Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck

Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck

TGB87 · 21.09.2012, 16:44

Hi,

Nummer 1:

PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Internet Explorer 9.0 ist aktuell

Flash 10,1,53,64 ist veraltet!
Aktualisieren Sie bitte auf die neueste Version!

Java (1,7,0,7) ist aktuell.

Adobe Reader 8,2,6,0 ist veraltet!
Aktualisieren Sie bitte auf die neueste Version: 10,1,3

Zurück

Tools:

StartSeite
PluginCheck
Secunia Online Scan

Weiterführendes:

Java Updaten und Einstellen

Secunia Personal Software Inspector (PSI)

Family:

TR/Agent

Nummer 2:

PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Internet Explorer 9.0 ist aktuell

Flash 10,1,53,64 ist veraltet!
Aktualisieren Sie bitte auf die neueste Version!

Java ist nicht Installiert oder nicht aktiviert.

Adobe Reader 8,2,6,0 ist veraltet!
Aktualisieren Sie bitte auf die neueste Version: 10,1,3

Zurück

Tools:

StartSeite
PluginCheck
Secunia Online Scan

Weiterführendes:

Java Updaten und Einstellen

Secunia Personal Software Inspector (PSI)

Family:

TR/Agent

Danke schön!!!

t'john · 22.09.2012, 20:34

Sehr gut!

damit bist Du sauber und entlassen!

adwCleaner entfernen

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Uninstall.
Bestätige mit Ja.

Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
Doppelklick auf OTL.exe um das Programm auszuführen.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Klicke auf den Button "Bereinigung"
OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html

Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.

Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
temporäre Dateien löschen.

Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
PC wird immer langsamer - was tun?

GVU-Trojaner auf meinem Laptop

Log-Analyse und Auswertung: GVU-Trojaner auf meinem Laptop