Seite 1 von 3 123 LetzteLetzte
Ergebnis 1 bis 10 von 26

Thema: Firefox leitet Google-Suchergebnisse um

  1. #1
    Einsteiger
    Registriert seit
    29.05.2011
    Beiträge
    14

    Böse Firefox leitet Google-Suchergebnisse um

    Hallo Leute,

    ich bin jetzt ganz neu im Forum und brauche eure Hilfe, da es scheint, dass ihr echt Ahnung habt.


    Folgende Probleme:

    1. Wenn ich mit meinem "Firefox 4" Ergebnisse einer Google-Suche anklicke, dann werde ich auf eine Werbepage, auf Ask.com oder wieder auf meine Startseite weiter-/zurückleitet/redirected.
    Selbiges passiert auch beim Internetexplorer 9.
    Unten links steht, das Firefox auf Seiten wie "searchfate.com", "searchhap.*" oder "Searchlookin.com" wartet.
    Als Test habe ich nachträglich "Google Chrome" installiert, um zu sehen ob dieses Problem auch bei einem neuinstallierten Browser auftritt, was aber nicht der Fall war.
    Das lässt mich zu dem Schluss kommen, dass diese Malware (oder Hijacker) nur für FF und IE greift, oder aber keinen Einfluss auf neue Dateien hat.

    2. Weiterer unangenehmer Nebeneffekt ist, dass meine Windows Firewall nicht mehr aktiv ist und sich nicht manuell einschalten lässt. (Spuckt nur "Einige Einstellungen können von der Windows-Firewall nicht geändert werden. Fehlercode 0x8007042c" aus)
    Kann es sein, dass sie durch Anti-Spyware und Anti-Malware tools ausgebootet wird? (habe im Akt der Verzweiflung Ad-Aware, SUPERAntiSpyware, Malwarebytes Anti Malware und OTL auf mein System gebraten)

    Hier mein HijackThis Logfile:

    Code:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 00:14:43, on 30.05.2011
    Platform: Windows 7  (WinNT 6.00.3504)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal
    
    Running processes:
    C:\Windows\PLFSetI.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe
    C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
    C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe
    C:\Users\Sacknase-Klaus\Downloads\OTL.exe
    C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
    C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
    C:\Users\Sacknase-Klaus\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Sacknase-Klaus\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Sacknase-Klaus\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\Sacknase-Klaus\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Sacknase-Klaus\Downloads\HiJackThis204.exe
    C:\Users\Sacknase-Klaus\AppData\Local\Google\Chrome\Application\chrome.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\Search Settings\SearchSettings.dll
    R3 - URLSearchHook: (no name) -  - (no file)
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (file missing)
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\Search Settings\SearchSettings.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files (x86)\Search Settings\SearchSettings.exe
    O4 - HKLM\..\Run: [VitaKeyPdtWzd] "C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe"
    O4 - HKLM\..\Run: [UIExec] "C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Sacknase-Klaus\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
    O8 - Extra context menu item: An OneNote s&enden - res://D:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://D:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe
    O9 - Extra 'Tools' menuitem: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe
    O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
    O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: CLHNService - Unknown owner - C:\Users\Sacknase-Klaus\Desktop\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe (file missing)
    O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: EgisTec Service (IGBASVC) - Egis Technology Inc. - C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
    O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    
    --
    End of file - 12997 bytes

    Ich danke im Voraus für eure Mühe.

    Gruß
    Ghost aka Malware und Hijacker-Hasser

  2. #2
    Moderator Team-Mitglied Avatar von Swisstreasure
    Registriert seit
    13.08.2009
    Ort
    Schweiz
    Beiträge
    3.660

    AW: Firefox leitet Google-Suchergebnisse um

    Willkommen im HijackThis.de Supportforum ,

    ein System zu bereinigen ist unter Umständen aufwändig und mit einiger Arbeit für Dich verbunden.
    Bitte folgende Punkte beachten:
    • Respektiere unsere Forenregeln und sei nicht zu ungeduldig, wenn es mal etwas länger dauert.
    • Während der Bereinigung alle vorhandenen externen Speichermedien (USB Sticks, Festplatten) anschließen,
    • und keine Programme ohne Absprache installieren oder deinstallieren.
    • Programme ausschließlich von den in unserer Anleitung angegebenen Links herunterladen!
    • Logfiles in Code-Tags posten und ggfs. persönliche Daten anonymisieren.
    • Arbeite jeden Punkt der Reihe nach ab und berichte, dass Du ihn erledigt hast.
    • Wenn es ein Problem gibt, stoppen und es so genau wie möglich beschreiben.


    • Achtung: Das Verschwinden der Symptome bedeutet nicht das Dein Rechner schon sauber ist.
      Bitte arbeite solange mit bis wir sagen, dass der Rechner sauber ist.
    • Nur Anleitungen/Anweisungen eines hier aufgeführten Team-Mitglieds ausführen.
    • Es gibt grundsätzlich keinen Support per PN oder Mail.
    • Wir bereinigen keine Rechner, die geschäftlich genutzt werden.
    • Der Besitz legaler Software ist Vorraussetzung für die Support.
      Sollten wir illegale Software finden, wird der Support eingestellt.

    Vista und Win7 User:
    • Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen.


    Schritt 1

    CustomScan mit OTL

    Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
    • Starte bitte die OTL.exe.
      Vista und Win7 User mit Rechtsklick "als Administrator starten"
    • Kopiere nun den Inhalt in die Textbox.
    Code:
    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    • Schliesse bitte nun alle Programme. (Wichtig)
    • Klicke nun bitte auf den Quick Scan Button.
    • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread


    Schritt 2

    Rootkit-Suche mit Gmer

    Was sind Rootkits?

    Wichtig: Bei jedem Rootkit-Scans soll/en:
    • Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
    • Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
    • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
    • nichts am Rechner getan werden,
    • nach jedem Scan der Rechner neu gestartet werden.
    • Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!


    Lade Dir Gmer von dieser Seite herunter
    (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
    • Alle anderen Programme sollen geschlossen sein.
    • Starte gmer.exe (hat einen willkürlichen Programm-Namen).
    • Vista-User mit Rechtsklick und als Administrator starten.
    • Gmer startet automatisch einen ersten Scan.
    • Sollte sich ein Fenster mit folgender Warnung öffnen:
      Code:
      WARNING !!!
      GMER has found system modification, which might have been caused by ROOTKIT activity.
      Do you want to fully scan your system?
    • Unbedingt auf "No" klicken,
      in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

      .
    • Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
    • Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
    • Wichtig: "Show all" darf nicht angehakt sein!
    • Starte den Scan durch Drücken des Buttons "Scan".
      Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
    • Wenn der Scan fertig ist, bleibt die Zeile leer.
      Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
      Mit "Ok" wird Gmer beendet.

    Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

    Nun das Logfile in Code-Tags posten.

  3. #3
    Einsteiger
    Registriert seit
    29.05.2011
    Beiträge
    14

    AW: Firefox leitet Google-Suchergebnisse um

    Danke für die schnelle Antwort,

    ich poste schonmal Schritt 1:

    OTL.Txt

    Code:
    OTL logfile created on: 30.05.2011 09:42:18 - Run 3
    OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Sacknase-Klaus\Downloads
    64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    4,00 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 57,64% Memory free
    7,99 Gb Paging File | 6,16 Gb Available in Paging File | 77,08% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 144,04 Gb Total Space | 11,69 Gb Free Space | 8,12% Space Free | Partition Type: NTFS
    Drive D: | 139,50 Gb Total Space | 33,49 Gb Free Space | 24,01% Space Free | Partition Type: NTFS
     
    Computer Name: SACKNASEKLAUS | User Name: Sacknase-Klaus | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2011.05.29 22:45:59 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Sacknase-Klaus\Downloads\OTL.exe
    PRC - [2011.04.27 17:35:47 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    PRC - [2011.04.17 23:01:04 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2011.03.25 19:37:48 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    PRC - [2010.11.13 15:52:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010.09.30 15:00:28 | 000,253,264 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
    PRC - [2010.09.30 15:00:28 | 000,139,088 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
    PRC - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
    PRC - [2010.03.11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2010.01.08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
    PRC - [2009.12.15 20:11:48 | 001,115,728 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
    PRC - [2009.11.20 15:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
    PRC - [2009.09.05 16:16:54 | 003,452,928 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
    PRC - [2009.09.05 16:16:52 | 003,622,912 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe
    PRC - [2009.09.05 16:16:48 | 004,245,504 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe
    PRC - [2009.09.05 16:16:40 | 003,407,360 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe
    PRC - [2009.06.04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    PRC - [2008.07.29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    PRC - [2008.07.29 18:52:56 | 000,454,704 | ---- | M] (Egis inc.) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
     
     
    ========== Modules (SafeList) ==========
     
    MOD - [2011.05.29 22:45:59 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Sacknase-Klaus\Downloads\OTL.exe
    MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
    MOD - [2009.07.14 03:15:21 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fontext.dll
    MOD - [2009.07.14 03:15:21 | 000,093,696 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWOW64\fms.dll
    MOD - [2009.07.14 03:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
     
     
    ========== Win32 Services (SafeList) ==========
     
    SRV:64bit: - [2011.05.04 19:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
    SRV:64bit: - [2010.08.26 14:40:32 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
    SRV:64bit: - [2010.08.19 18:43:24 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
    SRV:64bit: - [2010.07.25 00:13:40 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2009.06.03 02:13:02 | 000,721,712 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vfsFPService.exe -- (vfsFPService)
    SRV - [2011.04.27 17:35:47 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2011.04.17 23:01:04 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2011.03.28 15:41:12 | 002,111,368 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
    SRV - [2011.03.25 19:37:48 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2011.03.15 19:46:05 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2010.09.30 15:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service)
    SRV - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
    SRV - [2010.09.04 17:53:31 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
    SRV - [2010.08.26 14:45:00 | 001,403,200 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
    SRV - [2010.08.26 14:40:24 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
    SRV - [2010.07.25 00:13:36 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2010.03.25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010.03.11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2010.01.08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
    SRV - [2009.09.05 16:16:54 | 003,452,928 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe -- (IGBASVC)
    SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
    SRV - [2009.06.03 02:12:50 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vfsFPService.exe -- (vfsFPService)
    SRV - [2008.08.19 15:27:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
    SRV - [2008.07.29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV:64bit: - [2010.12.01 21:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
    DRV:64bit: - [2010.11.29 14:27:29 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
    DRV:64bit: - [2010.11.02 12:34:35 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
    DRV:64bit: - [2010.11.02 12:34:34 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
    DRV:64bit: - [2010.07.25 16:02:25 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
    DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
    DRV:64bit: - [2010.02.03 15:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV:64bit: - [2009.11.01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
    DRV:64bit: - [2009.10.29 20:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
    DRV:64bit: - [2009.10.29 20:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
    DRV:64bit: - [2009.10.29 20:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
    DRV:64bit: - [2009.10.29 20:28:24 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
    DRV:64bit: - [2009.10.19 05:32:40 | 000,511,232 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVerAF35.sys -- (AVerAF35)
    DRV:64bit: - [2009.09.15 20:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
    DRV:64bit: - [2009.08.23 06:08:10 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
    DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
    DRV:64bit: - [2009.07.14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
    DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
    DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2008.07.29 18:53:50 | 000,060,976 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSDVdisk.sys -- (psdvdisk)
    DRV:64bit: - [2008.07.29 18:53:50 | 000,021,040 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSDNServ.sys -- (PSDNServ)
    DRV:64bit: - [2008.07.29 18:53:48 | 000,022,064 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\psdfilter.sys -- (PSDFilter)
    DRV:64bit: - [2008.05.07 18:48:10 | 000,126,864 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
    DRV:64bit: - [2008.05.02 10:58:50 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
    DRV:64bit: - [2008.05.02 10:58:48 | 000,023,552 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
    DRV:64bit: - [2008.05.02 10:58:48 | 000,018,432 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
    DRV:64bit: - [2007.04.17 12:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
    DRV:64bit: - [2007.04.17 12:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (6077757b)
    DRV - [2010.12.01 21:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
    DRV - [2010.02.17 20:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV - [2010.02.17 20:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV - [2009.10.14 07:24:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
    DRV - [2008.08.19 15:23:00 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 89 E9 50 5E 7E 7E CB 01  [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
     
    ========== FireFox ==========
     
     
    FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.02.25 18:18:02 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.02.25 18:18:03 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.29 15:35:23 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
     
    [2011.05.29 15:35:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sacknase-Klaus\AppData\Roaming\mozilla\Extensions
    [2011.05.29 22:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sacknase-Klaus\AppData\Roaming\mozilla\Firefox\Profiles\79714rqi.default\extensions
    [2011.05.29 15:35:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
    File not found (No name found) -- 
    () (No name found) -- C:\USERS\SACKNASE-KLAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\79714RQI.DEFAULT\EXTENSIONS\{C1970C0D-DBE6-4D91-804F-C9C0DE643A57}.XPI
    () (No name found) -- C:\USERS\SACKNASE-KLAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\79714RQI.DEFAULT\EXTENSIONS\{FE0258AB-4F74-43A1-8781-BCDF340F9EE9}.XPI
    () (No name found) -- C:\USERS\SACKNASE-KLAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\79714RQI.DEFAULT\EXTENSIONS\REDIRECTCLEANER@EXAMPLE.NET.XPI
    [2011.04.14 18:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
     
    O1 HOSTS File: ([2011.05.04 22:35:45 | 000,001,004 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 im.adtech.de
    O1 - Hosts: 127.0.0.1 adserver.adtech.de
    O1 - Hosts: 127.0.0.1 adtech.de
    O1 - Hosts: 127.0.0.1 atwola.com
    O1 - Hosts: 127.0.0.1 adserver.71i.de
    O1 - Hosts: 127.0.0.1 adicqserver.71i.de
    O1 - Hosts: 127.0.0.1 71i.de
    O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
    O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -  File not found
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -  File not found
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
    O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated)
    O4:64bit: - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
    O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8:64bit: - Extra context menu item: An OneNote s&enden - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: An OneNote s&enden - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O9:64bit: - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
    O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
    O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
    O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
    O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
    O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{70158ef3-82c7-11df-9afe-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{70158ef3-82c7-11df-9afe-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
    O33 - MountPoints2\{d1c86955-97f8-11df-a5c3-00a0d1a9b5a2}\Shell - "" = AutoRun
    O33 - MountPoints2\{d1c86955-97f8-11df-a5c3-00a0d1a9b5a2}\Shell\AutoRun\command - "" = G:\setup\rsrc\Autorun.exe
    O33 - MountPoints2\{d1c86955-97f8-11df-a5c3-00a0d1a9b5a2}\Shell\dinstall\command - "" = G:\Directx\dxsetup.exe
    O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2011.05.29 22:58:51 | 000,000,000 | ---D | C] -- C:\Users\Sacknase-Klaus\Desktop\Neuer Ordner
    [2011.05.29 22:52:58 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011.05.29 15:57:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
    [2011.05.29 15:57:06 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
    [2011.05.29 15:48:15 | 000,000,000 | ---D | C] -- C:\Users\Sacknase-Klaus\AppData\Local\Sunbelt Software
    [2011.05.29 15:47:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
    [2011.05.29 15:47:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
    [2011.05.29 15:35:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2011.05.29 14:07:13 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2011.05.29 12:55:00 | 000,000,000 | ---D | C] -- C:\Users\Sacknase-Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2011.05.29 12:53:26 | 000,000,000 | ---D | C] -- C:\Users\Sacknase-Klaus\AppData\Roaming\SUPERAntiSpyware.com
    [2011.05.29 12:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2011.05.29 12:53:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2011.05.29 12:53:22 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
    [2011.05.29 12:53:11 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
    [2011.05.29 05:19:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011.05.29 05:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011.05.29 05:19:50 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011.05.29 04:21:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011.05.29 04:21:42 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011.05.29 02:14:19 | 000,000,000 | ---D | C] -- C:\Users\Sacknase-Klaus\AppData\Roaming\Malwarebytes
    [2011.05.29 02:14:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011.05.29 02:14:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011.05.28 21:36:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
    [2011.05.28 21:31:31 | 000,000,000 | ---D | C] -- C:\Users\Sacknase-Klaus\Desktop\VA-Future_Trance_Vol.56-2CD-2011-VOiCE
    [2011.05.28 21:17:18 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
    [2011.05.28 20:49:31 | 000,000,000 | ---D | C] -- C:\Users\Sacknase-Klaus\Desktop\Call Of Duty 4
    [2011.05.28 18:48:55 | 000,000,000 | ---D | C] -- C:\Users\Sacknase-Klaus\AppData\Local\NFS Underground 2
    [2011.05.28 17:59:43 | 000,000,000 | ---D | C] -- C:\Users\Sacknase-Klaus\Desktop\CD1
    [2011.05.28 17:02:39 | 000,000,000 | ---D | C] -- C:\Users\Sacknase-Klaus\Desktop\Lan
    [2011.05.27 18:33:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2011.05.22 21:39:33 | 000,000,000 | ---D | C] -- C:\Users\Sacknase-Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft Beta
    [2011.05.22 21:39:31 | 000,000,000 | ---D | C] -- C:\Users\Sacknase-Klaus\AppData\Roaming\.minecraft
    [2011.05.21 02:23:06 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
    [2011.05.21 01:02:17 | 000,000,000 | ---D | C] -- C:\Users\Sacknase-Klaus\Desktop\Serdar
    [2011.05.12 17:37:59 | 000,000,000 | ---D | C] -- C:\Users\Sacknase-Klaus\Desktop\Rechnungen
    [2011.05.12 17:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mass Effect 2
    [2011.05.12 17:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
    [2011.05.10 17:39:15 | 000,511,232 | ---- | C] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Windows\SysNative\drivers\AVerAF35.sys
    [2011.05.10 17:39:15 | 000,000,000 | ---D | C] -- C:\Windows\Driver Cache
    [2011.05.10 17:36:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVerMedia
    [2011.05.08 21:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
    [2011.05.06 15:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
    [2011.05.04 22:29:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5
    [2011.05.04 22:28:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.5
     
    ========== Files - Modified Within 30 Days ==========
     
    [2011.05.30 09:42:26 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011.05.30 09:13:05 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011.05.30 09:13:05 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011.05.30 09:12:52 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011.05.30 09:12:52 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
    [2011.05.30 09:12:52 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011.05.30 09:12:52 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
    [2011.05.30 09:12:52 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011.05.30 09:12:13 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
    [2011.05.30 09:08:59 | 000,000,218 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
    [2011.05.30 09:08:57 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
    [2011.05.30 09:08:34 | 000,078,848 | ---- | M] () -- C:\Windows\KMSEmulator.exe
    [2011.05.30 09:08:27 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011.05.30 09:07:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011.05.30 09:07:54 | 3218,841,600 | -HS- | M] () -- C:\hiberfil.sys
    [2011.05.29 23:58:00 | 000,001,156 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3348480403-2323492961-213284728-1000UA.job
    [2011.05.29 16:09:57 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml
    [2011.05.29 16:09:57 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
    [2011.05.29 16:02:18 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
    [2011.05.29 16:02:18 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
    [2011.05.29 15:57:05 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
    [2011.05.29 15:35:24 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011.05.29 13:05:16 | 000,002,366 | ---- | M] () -- C:\Users\Sacknase-Klaus\Desktop\Google Chrome.lnk
    [2011.05.29 12:57:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3348480403-2323492961-213284728-1000Core.job
    [2011.05.29 12:53:22 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011.05.29 05:19:55 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011.05.27 18:33:02 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2011.05.22 21:39:33 | 000,001,053 | ---- | M] () -- C:\Users\Sacknase-Klaus\Desktop\Start Minecraft.lnk
    [2011.05.21 02:26:27 | 000,001,561 | ---- | M] () -- C:\Users\Sacknase-Klaus\Desktop\Crysis 2.lnk
    [2011.05.17 16:42:45 | 001,375,888 | ---- | M] () -- C:\Users\Sacknase-Klaus\Desktop\Ringtone.mp3
    [2011.05.13 15:21:58 | 000,000,622 | ---- | M] () -- C:\Users\Sacknase-Klaus\Desktop\Mass Effect 2.lnk
    [2011.05.10 18:13:44 | 003,033,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011.05.08 22:04:19 | 000,002,277 | ---- | M] () -- C:\Users\Sacknase-Klaus\Desktop\Far Cry COOP.lnk
    [2011.05.08 21:56:12 | 000,001,253 | ---- | M] () -- C:\Users\Public\Desktop\Far Cry.lnk
    [2011.05.04 22:35:45 | 000,001,004 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011.05.04 22:29:02 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.5.lnk
    [2011.04.30 14:46:06 | 001,435,671 | ---- | M] () -- C:\Users\Sacknase-Klaus\Documents\IMAG0043.jpg
    [2011.04.30 14:45:37 | 001,087,983 | ---- | M] () -- C:\Users\Sacknase-Klaus\Documents\IMAG0044.jpg
    [2011.04.30 14:45:21 | 000,914,554 | ---- | M] () -- C:\Users\Sacknase-Klaus\Documents\IMAG0037.jpg
    [2011.04.30 14:43:54 | 004,576,548 | ---- | M] () -- C:\Users\Sacknase-Klaus\Documents\VIDEO0010.3gp
    [2011.04.30 14:43:23 | 003,576,047 | ---- | M] () -- C:\Users\Sacknase-Klaus\Documents\VIDEO0008.3gp
    [2011.04.30 14:42:59 | 000,939,404 | ---- | M] () -- C:\Users\Sacknase-Klaus\Documents\IMAG0027.jpg
    [2011.04.30 14:41:12 | 026,569,189 | ---- | M] () -- C:\Users\Sacknase-Klaus\Documents\VIDEO0007.3gp
    [2011.04.30 14:38:14 | 007,060,236 | ---- | M] () -- C:\Users\Sacknase-Klaus\Documents\VIDEO0006.3gp
    [2011.04.30 14:37:27 | 015,799,345 | ---- | M] () -- C:\Users\Sacknase-Klaus\Documents\VIDEO0005.3gp
    [2011.04.30 14:35:04 | 026,405,190 | ---- | M] () -- C:\Users\Sacknase-Klaus\Documents\VIDEO0004.3gp
    [2011.04.30 12:14:52 | 000,000,032 | -H-- | M] () -- C:\Users\Sacknase-Klaus\Documents\.picasa.ini
     
    ========== Files Created - No Company Name ==========
     
    [2011.05.30 09:08:34 | 000,078,848 | ---- | C] () -- C:\Windows\KMSEmulator.exe
    [2011.05.29 23:21:31 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
    [2011.05.29 16:02:18 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
    [2011.05.29 16:02:18 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
    [2011.05.29 16:00:25 | 000,001,443 | ---- | C] () -- C:\Users\Sacknase-Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2011.05.29 16:00:25 | 000,001,409 | ---- | C] () -- C:\Users\Sacknase-Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    [2011.05.29 15:35:24 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2011.05.29 15:35:24 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011.05.29 12:55:04 | 000,002,366 | ---- | C] () -- C:\Users\Sacknase-Klaus\Desktop\Google Chrome.lnk
    [2011.05.29 12:53:22 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011.05.29 12:53:00 | 000,001,156 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3348480403-2323492961-213284728-1000UA.job
    [2011.05.29 12:52:59 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3348480403-2323492961-213284728-1000Core.job
    [2011.05.29 05:19:55 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011.05.27 18:33:02 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2011.05.22 21:39:33 | 000,001,053 | ---- | C] () -- C:\Users\Sacknase-Klaus\Desktop\Start Minecraft Beta.lnk
    [2011.05.21 02:26:27 | 000,001,561 | ---- | C] () -- C:\Users\Sacknase-Klaus\Desktop\Crysis 2.lnk
    [2011.05.17 16:42:22 | 001,375,888 | ---- | C] () -- C:\Users\Sacknase-Klaus\Desktop\Ringtone.mp3
    [2011.05.13 15:21:58 | 000,000,622 | ---- | C] () -- C:\Users\Sacknase-Klaus\Desktop\Mass Effect 2.lnk
    [2011.05.08 21:56:12 | 000,001,253 | ---- | C] () -- C:\Users\Public\Desktop\Far Cry.lnk
    [2011.05.04 22:29:02 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.5.lnk
    [2011.04.30 14:45:55 | 001,435,671 | ---- | C] () -- C:\Users\Sacknase-Klaus\Documents\IMAG0043.jpg
    [2011.04.30 14:45:30 | 001,087,983 | ---- | C] () -- C:\Users\Sacknase-Klaus\Documents\IMAG0044.jpg
    [2011.04.30 14:45:15 | 000,914,554 | ---- | C] () -- C:\Users\Sacknase-Klaus\Documents\IMAG0037.jpg
    [2011.04.30 14:43:23 | 004,576,548 | ---- | C] () -- C:\Users\Sacknase-Klaus\Documents\VIDEO0010.3gp
    [2011.04.30 14:42:59 | 003,576,047 | ---- | C] () -- C:\Users\Sacknase-Klaus\Documents\VIDEO0008.3gp
    [2011.04.30 14:42:52 | 000,939,404 | ---- | C] () -- C:\Users\Sacknase-Klaus\Documents\IMAG0027.jpg
    [2011.04.30 14:38:14 | 026,569,189 | ---- | C] () -- C:\Users\Sacknase-Klaus\Documents\VIDEO0007.3gp
    [2011.04.30 14:37:27 | 007,060,236 | ---- | C] () -- C:\Users\Sacknase-Klaus\Documents\VIDEO0006.3gp
    [2011.04.30 14:35:42 | 015,799,345 | ---- | C] () -- C:\Users\Sacknase-Klaus\Documents\VIDEO0005.3gp
    [2011.04.30 14:32:13 | 026,405,190 | ---- | C] () -- C:\Users\Sacknase-Klaus\Documents\VIDEO0004.3gp
    [2011.04.30 12:14:52 | 000,000,032 | -H-- | C] () -- C:\Users\Sacknase-Klaus\Documents\.picasa.ini
    [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011.03.29 19:20:35 | 000,647,168 | ---- | C] () -- C:\Windows\AutoKMS.exe
    [2011.03.29 19:20:35 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
    [2011.02.13 01:32:35 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2011.02.13 01:32:35 | 000,000,088 | RHS- | C] () -- C:\ProgramData\45F7D358B4.sys
    [2011.02.13 00:23:09 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
    [2011.01.03 17:29:33 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2011.01.03 17:29:33 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
    [2011.01.03 17:29:31 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2011.01.03 17:29:31 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2011.01.03 17:29:31 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2010.11.18 11:09:56 | 000,002,385 | ---- | C] () -- C:\Windows\SysWow64\RDDlg.dat
    [2010.06.30 14:53:08 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2010.06.30 14:52:44 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2010.06.28 16:33:32 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
    [2010.06.28 16:33:32 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
    [2010.06.28 16:33:32 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
    [2010.06.28 16:33:32 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
    [2010.06.28 16:21:26 | 000,000,520 | ---- | C] () -- C:\Windows\SysWow64\drivers\RTEQEX1.dat
    [2010.06.28 16:21:26 | 000,000,520 | ---- | C] () -- C:\Windows\SysWow64\drivers\RTEQEX0.dat
    [2010.06.28 16:21:26 | 000,000,008 | ---- | C] () -- C:\Windows\SysWow64\drivers\rtkhdaud.dat
    [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2008.09.11 20:01:00 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\INT15.dll
    [2008.09.09 17:38:48 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\INT15_64.dll
    [2007.11.14 16:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\CogentBioSDK.dll
     
    ========== LOP Check ==========
     
    [2011.05.22 21:40:30 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\.minecraft
    [2010.07.17 19:06:49 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\bizarre creations
    [2010.07.26 20:07:36 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\DAEMON Tools Lite
    [2011.01.07 16:26:04 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\DVDVideoSoft
    [2010.10.28 20:38:33 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\DVDVideoSoftIEHelpers
    [2010.07.25 13:47:13 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\FreeFLVConverter
    [2011.04.09 21:43:33 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\HTC
    [2011.04.09 21:43:57 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
    [2011.05.29 20:39:49 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\ICQ
    [2010.12.29 01:40:48 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\NetMeter
    [2010.06.29 18:12:58 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\OCS
    [2010.06.29 18:13:02 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\Opera
    [2011.04.02 22:53:09 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\PunkBuster
    [2010.09.04 17:47:01 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\TuneUp Software
    [2010.12.02 19:27:55 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\Ubisoft
    [2010.06.28 17:12:53 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\Validity
    [2011.05.17 16:42:52 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\WaveMax Sound Editor
    [2011.05.30 09:12:13 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
    [2011.05.30 09:08:59 | 000,000,218 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
    [2011.05.30 09:08:57 | 000,000,202 | ---- | M] () -- C:\Windows\Tasks\AutoKMSDaily.job
    [2011.05.29 23:21:04 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
     
    ========== Purity Check ==========
     
     
     
    ========== Custom Scans ==========
     
     
    < %SYSTEMDRIVE%\*.* >
    [2011.05.30 09:07:53 | 000,001,641 | ---- | M] () -- C:\aaw7boot.log
    [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009.07.14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2010.06.28 15:44:07 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2011.05.29 04:55:08 | 000,026,318 | ---- | M] () -- C:\ComboFix.txt
    [2010.11.24 14:12:30 | 000,000,000 | ---- | M] () -- C:\Diagnostics.txt
    [2010.06.28 15:05:06 | 000,296,731 | RHS- | M] () -- C:\FULIM
    [2011.05.30 09:07:54 | 3218,841,600 | -HS- | M] () -- C:\hiberfil.sys
    [2011.05.29 22:59:19 | 000,054,473 | ---- | M] () -- C:\JavaRa.log
    [2010.06.23 19:25:01 | 000,000,020 | ---- | M] () -- C:\Medion.ini
    [2006.12.01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2010.09.07 07:11:03 | 000,000,557 | ---- | M] () -- C:\NetworkCfg.xml
    [2011.05.30 09:07:54 | 4291,788,800 | -HS- | M] () -- C:\pagefile.sys
    [2010.06.23 19:18:46 | 000,000,058 | ---- | M] () -- C:\Partition.txt
    [2001.01.08 16:21:16 | 000,000,477 | ---- | M] () -- C:\RHDSetup.log
    [2011.02.18 21:05:59 | 000,049,873 | ---- | M] () -- C:\temp.jpg
    [2010.06.28 14:59:47 | 000,171,136 | RHS- | M] () -- C:\w7ldr
    [2010.06.28 15:05:06 | 000,000,020 | RHS- | M] () -- C:\win7.ld
     
    < %systemroot%\system32\*.wt >
     
    < %systemroot%\system32\*.ruy >
     
    < %systemroot%\Fonts\*.com >
    [2009.07.14 07:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009.07.14 07:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009.07.14 07:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009.07.14 07:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
     
    < %systemroot%\Fonts\*.dll >
     
    < %systemroot%\Fonts\*.ini >
    [2009.06.10 22:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
     
    < %systemroot%\Fonts\*.ini2 >
     
    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
     
    < %systemroot%\REPAIR\*.bak1 >
     
    < %systemroot%\REPAIR\*.ini >
     
    < %systemroot%\system32\*.jpg >
    [2010.08.29 14:12:10 | 000,035,229 | ---- | M] () -- C:\Windows\SysWOW64\bottom_bg.jpg
    [2010.09.07 12:53:22 | 000,014,755 | ---- | M] () -- C:\Windows\SysWOW64\top_bg.jpg
     
    < %systemroot%\*.scr >
     
    < %systemroot%\*._sy >
     
    < %APPDATA%\Adobe\Update\*.* >
     
    < %ALLUSERSPROFILE%\Favorites\*.* >
     
    < %APPDATA%\Microsoft\*.* >
     
    < %PROGRAMFILES%\*.* >
    [2009.07.14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
     
    < %APPDATA%\Update\*.* >
     
    < %systemroot%\*. /mp /s >
     
    < %systemroot%\system32\*.dll /lockedfiles >
     
    < %systemroot%\Tasks\*.job /lockedfiles >
     
    < %systemroot%\System32\config\*.sav >
     
    < %systemroot%\system32\user32.dll /md5 >
    [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
     
    < %systemroot%\system32\ws2_32.dll /md5 >
    [2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
     
    < %systemroot%\system32\ws2help.dll /md5 >
    [2009.07.14 03:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll
     
     
    < MD5 for: EXPLORER.EXE  >
    [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
    [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
    [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
    [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
    [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
    [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
    [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
    [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
    [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
    [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
    [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
    [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
    [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
    [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
    [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
    [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
     
    < MD5 for: WININIT.EXE  >
    [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
    [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
    [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
    [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
     
    < MD5 for: WINLOGON.EXE  >
    [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
    [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
    [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
    [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
     
    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
     
    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
     
    ========== Files - Unicode (All) ==========
    [2011.05.30 00:33:12 | 000,000,000 | R--D | M](C:\Users\Sacknase-Klaus\Desktop\?STUFF?) -- C:\Users\Sacknase-Klaus\Desktop\♫STUFF♫
    [2011.05.30 00:31:40 | 000,000,000 | R--D | C](C:\Users\Sacknase-Klaus\Desktop\?STUFF?) -- C:\Users\Sacknase-Klaus\Desktop\♫STUFF♫
    [2010.10.24 14:33:23 | 000,000,841 | ---- | M] ()(C:\Users\Sacknase-Klaus\Desktop\?Filme?.lnk) -- C:\Users\Sacknase-Klaus\Desktop\☆Filme☆.lnk
    [2010.09.17 18:47:33 | 000,000,841 | ---- | C] ()(C:\Users\Sacknase-Klaus\Desktop\?Filme?.lnk) -- C:\Users\Sacknase-Klaus\Desktop\☆Filme☆.lnk
    
    < End of report >
    Eine Extra.txt spuckt OTL leider nicht aus.

    Bei GMER lassen sich die die Punkte System, Sections, Devices, Modules, Processes, Libraries nicht anklicken.
    Aber mit GMER Scans warte ich noch, bis du weitere Anweisungen bezüglich Schritt 1 hast.
    Geändert von GHOSTblezzed (30.05.2011 um 10:15 Uhr) Grund: Ergänzung

  4. #4
    Moderator Team-Mitglied Avatar von Swisstreasure
    Registriert seit
    13.08.2009
    Ort
    Schweiz
    Beiträge
    3.660

    AW: Firefox leitet Google-Suchergebnisse um

    Hab übersehen, dass Du ein 64er System hast. Da funktioniert GMER nicht.

    Downloade dir bitte GooredFix.exe auf Deinem Desktop.
    • Schliesse bitte alle laufenden Programme inklusive Browser.
    • Doppelklick auf die .exe
      Vista und Win7 User mit Rechtsklick "als Administrator starten"
    • Schließe nun den Firefox falls geöffnet
    • Bestätige die Frage mit Ja.
    • Klicke auf weiter.
    • Wenn der Scan beendet wurde, erstellt das Tool eine GooredLog.
      Diese ist auch auf Deinem Desktop zu finden.
    Poste mir bitte den Inhalt der GooredLog.txt

  5. #5
    Einsteiger
    Registriert seit
    29.05.2011
    Beiträge
    14

    AW: Firefox leitet Google-Suchergebnisse um

    So ich hab das ganze mit GooredFix durchgezogen.
    Der einzige Unterschied zu deiner Anleitung ist, dass die Log-Datei GooredFix heißt.

    Code:
    GooredFix by jpshortstuff (03.07.10.1)
    Log created at 12:18 on 30/05/2011 (Sacknase-Klaus)
    Firefox version 4.0.1 (en-US)
    
    ========== GooredScan ==========
    
    
    ========== GooredLog ==========
    
    C:\Program Files (x86)\Mozilla Firefox\extensions\
    {972ce4c6-7e08-4474-a285-3208198ce6fd} [13:35 29/05/2011]
    
    [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
    "{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video" [16:18 25/02/2011]
    "{6904342A-8307-11DF-A508-4AE2DFD72085}"="C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa" [16:18 25/02/2011]
    
    -=E.O.F=-

  6. #6
    Moderator Team-Mitglied Avatar von Swisstreasure
    Registriert seit
    13.08.2009
    Ort
    Schweiz
    Beiträge
    3.660

    AW: Firefox leitet Google-Suchergebnisse um

    Sind die Umleitungen weg?

  7. #7
    Einsteiger
    Registriert seit
    29.05.2011
    Beiträge
    14

    AW: Firefox leitet Google-Suchergebnisse um

    Nein immer noch nicht, wie gesagt, das passiert nur beim klicken auf Google-Suchergebnisse, Lesezeichen und Links funktionieren weiterhin...

    Hast du noch eine Idee?

  8. #8
    Moderator Team-Mitglied Avatar von Swisstreasure
    Registriert seit
    13.08.2009
    Ort
    Schweiz
    Beiträge
    3.660

    AW: Firefox leitet Google-Suchergebnisse um

    Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
    Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
    Lade ComboFix von einem dieser Download-Spiegel herunter:

    BleepingComputer - ForoSpyware

    * Wichtig !! Speichere ComboFix auf dem Desktop
    • Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
    • Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
    • ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
    • Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
    **Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.



    Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:



    Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

    Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.

  9. #9
    Einsteiger
    Registriert seit
    29.05.2011
    Beiträge
    14

    AW: Firefox leitet Google-Suchergebnisse um

    Danke, dass du dich wieder meinem Problem angenommen hast!
    Das sagt ComboFix:

    Code:
    ComboFix 11-06-02.02 - Sacknase-Klaus 03.06.2011   1:34.1.2 - x64
    Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.4093.2653 [GMT 2:00]
    ausgeführt von:: c:\users\Sacknase-Klaus\Downloads\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     * Neuer Wiederherstellungspunkt wurde erstellt
    .
    .
    ((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Acer Bio Protection\PwdFilterV64.dll
    c:\program files (x86)\Search Settings
    c:\program files (x86)\Search Settings\FF\chrome.manifest
    c:\program files (x86)\Search Settings\FF\chrome\content\plugin.js
    c:\program files (x86)\Search Settings\FF\chrome\content\protection.js
    c:\program files (x86)\Search Settings\FF\chrome\content\utils.js
    c:\program files (x86)\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
    c:\program files (x86)\Search Settings\SearchSettings.exe
    .
    .
    (((((((((((((((((((((((   Dateien erstellt von 2011-05-03 bis 2011-06-03  ))))))))))))))))))))))))))))))
    .
    .
    2011-06-02 23:57 . 2011-06-02 23:57	--------	d-----w-	c:\users\Gast\AppData\Local\temp
    2011-06-02 23:57 . 2011-06-02 23:57	--------	d-----w-	c:\users\Default\AppData\Local\temp
    2011-06-01 08:32 . 2011-05-09 22:00	8718160	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E9400BF-50CA-4434-B349-07ECA43398F7}\mpengine.dll
    2011-05-31 11:51 . 2011-05-31 11:51	--------	d-----w-	c:\program files (x86)\Common Files\Java
    2011-05-30 07:08 . 2011-06-02 23:59	78848	----a-w-	c:\windows\KMSEmulator.exe
    2011-05-29 13:57 . 2011-05-30 07:13	--------	dc----w-	c:\windows\system32\DRVSTORE
    2011-05-29 13:57 . 2011-05-29 13:57	49752	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
    2011-05-29 13:48 . 2011-05-29 13:48	--------	d-----w-	c:\users\Sacknase-Klaus\AppData\Local\Sunbelt Software
    2011-05-29 13:47 . 2011-05-30 07:13	--------	d-----w-	c:\programdata\Lavasoft
    2011-05-29 10:53 . 2011-05-29 10:53	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
    2011-05-29 03:19 . 2010-12-20 16:09	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-05-29 03:19 . 2010-12-20 16:08	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
    2011-05-29 00:14 . 2011-05-29 00:14	--------	d-----w-	c:\users\Sacknase-Klaus\AppData\Roaming\Malwarebytes
    2011-05-29 00:14 . 2011-05-29 00:14	--------	d-----w-	c:\programdata\Malwarebytes
    2011-05-29 00:14 . 2011-05-29 03:19	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-05-28 19:36 . 2011-05-28 19:36	--------	d-----w-	c:\program files (x86)\Activision
    2011-05-28 19:17 . 2011-05-28 19:17	--------	d-sh--w-	c:\windows\ftpcache
    2011-05-28 16:48 . 2011-05-28 17:00	--------	d-----w-	c:\users\Sacknase-Klaus\AppData\Local\NFS Underground 2
    2011-05-27 15:34 . 2011-05-27 15:34	404640	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-05-25 14:52 . 2011-04-22 20:18	27008	----a-w-	c:\windows\system32\drivers\Diskdump.sys
    2011-05-22 19:39 . 2011-05-22 19:40	--------	d-----w-	c:\users\Sacknase-Klaus\AppData\Roaming\.minecraft
    2011-05-21 00:23 . 2011-05-21 00:23	--------	d-----w-	c:\programdata\EA Core
    2011-05-12 16:53 . 2011-04-09 06:58	142336	----a-w-	c:\windows\system32\poqexec.exe
    2011-05-12 16:53 . 2011-04-09 05:56	123904	----a-w-	c:\windows\SysWow64\poqexec.exe
    2011-05-12 15:35 . 2011-04-09 06:45	5509504	----a-w-	c:\windows\system32\ntoskrnl.exe
    2011-05-12 15:35 . 2011-04-09 06:13	3957632	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
    2011-05-12 15:35 . 2011-04-09 06:13	3901824	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
    2011-05-12 15:30 . 2011-05-12 16:25	--------	d-----w-	c:\program files (x86)\Common Files\BioWare
    2011-05-12 15:30 . 2011-05-12 16:00	--------	d-----w-	c:\program files (x86)\Mass Effect 2
    2011-05-10 15:39 . 2011-05-10 16:33	--------	d-----w-	c:\windows\Driver Cache
    2011-05-10 15:39 . 2009-10-19 03:32	511232	----a-w-	c:\windows\system32\drivers\AVerAF35.sys
    2011-05-10 15:36 . 2011-05-10 16:35	--------	d-----w-	c:\program files (x86)\Common Files\AVerMedia
    2011-05-04 20:28 . 2011-05-04 20:29	--------	d-----w-	c:\program files (x86)\ICQ7.5
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-31 11:51 . 2010-10-19 18:46	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
    2011-04-30 06:17 . 2011-02-12 23:32	2828	--sha-w-	c:\programdata\KGyGaAvL.sys
    2011-04-17 21:14 . 2010-06-30 12:52	234768	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
    2011-04-09 16:55 . 2011-04-09 16:55	15453336	----a-w-	c:\windows\SysWow64\xlive.dll
    2011-04-09 16:55 . 2011-04-09 16:55	13642904	----a-w-	c:\windows\SysWow64\xlivefnt.dll
    2011-03-29 17:20 . 2011-03-29 17:20	647168	----a-w-	c:\windows\AutoKMS.exe
    2011-03-15 17:51 . 2011-03-15 17:51	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
    2011-03-15 17:51 . 2011-03-15 17:51	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
    2011-03-15 17:51 . 2011-03-15 17:51	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-03-15 17:51 . 2011-03-15 17:51	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-03-15 17:51 . 2011-03-15 17:51	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
    2011-03-15 17:51 . 2011-03-15 17:51	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
    2011-03-15 17:51 . 2011-03-15 17:51	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
    2011-03-15 17:51 . 2011-03-15 17:51	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
    2011-03-15 17:51 . 2011-03-15 17:51	367104	----a-w-	c:\windows\SysWow64\html.iec
    2011-03-15 17:51 . 2011-03-15 17:51	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
    2011-03-15 17:51 . 2011-03-15 17:51	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
    2011-03-15 17:51 . 2011-03-15 17:51	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
    2011-03-15 17:51 . 2011-03-15 17:51	222208	----a-w-	c:\windows\system32\msls31.dll
    2011-03-15 17:51 . 2011-03-15 17:51	1797632	----a-w-	c:\windows\SysWow64\jscript9.dll
    2011-03-15 17:51 . 2011-03-15 17:51	161792	----a-w-	c:\windows\SysWow64\msls31.dll
    2011-03-15 17:51 . 2011-03-15 17:51	152064	----a-w-	c:\windows\SysWow64\wextract.exe
    2011-03-15 17:51 . 2011-03-15 17:51	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
    2011-03-15 17:51 . 2011-03-15 17:51	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
    2011-03-15 17:51 . 2011-03-15 17:51	1427456	----a-w-	c:\windows\SysWow64\inetcpl.cpl
    2011-03-15 17:51 . 2011-03-15 17:51	11776	----a-w-	c:\windows\SysWow64\mshta.exe
    2011-03-15 17:51 . 2011-03-15 17:51	1126912	----a-w-	c:\windows\SysWow64\wininet.dll
    2011-03-15 17:51 . 2011-03-15 17:51	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
    2011-03-15 17:51 . 2011-03-15 17:51	101888	----a-w-	c:\windows\SysWow64\admparse.dll
    2011-03-15 17:51 . 2011-03-15 17:51	49664	----a-w-	c:\windows\system32\imgutil.dll
    2011-03-15 17:51 . 2011-03-15 17:51	2382848	----a-w-	c:\windows\system32\mshtml.tlb
    2011-03-15 17:51 . 2011-03-15 17:51	2303488	----a-w-	c:\windows\system32\jscript9.dll
    2011-03-15 17:51 . 2011-03-15 17:51	173056	----a-w-	c:\windows\system32\ieUnatt.exe
    2011-03-15 17:51 . 2011-03-15 17:51	1389056	----a-w-	c:\windows\system32\wininet.dll
    2011-03-15 17:51 . 2011-03-15 17:51	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
    2011-03-15 17:51 . 2011-03-15 17:51	12288	----a-w-	c:\windows\system32\mshta.exe
    2011-03-15 17:51 . 2011-03-15 17:51	114176	----a-w-	c:\windows\system32\admparse.dll
    2011-03-15 17:51 . 2011-03-15 17:51	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
    2011-03-15 17:51 . 2011-03-15 17:51	85504	----a-w-	c:\windows\system32\iesetup.dll
    2011-03-15 17:51 . 2011-03-15 17:51	76800	----a-w-	c:\windows\system32\tdc.ocx
    2011-03-15 17:51 . 2011-03-15 17:51	603648	----a-w-	c:\windows\system32\vbscript.dll
    2011-03-15 17:51 . 2011-03-15 17:51	48640	----a-w-	c:\windows\system32\mshtmler.dll
    2011-03-15 17:51 . 2011-03-15 17:51	448512	----a-w-	c:\windows\system32\html.iec
    2011-03-15 17:51 . 2011-03-15 17:51	30720	----a-w-	c:\windows\system32\licmgr10.dll
    2011-03-15 17:51 . 2011-03-15 17:51	165888	----a-w-	c:\windows\system32\iexpress.exe
    2011-03-15 17:51 . 2011-03-15 17:51	160256	----a-w-	c:\windows\system32\wextract.exe
    2011-03-15 17:51 . 2011-03-15 17:51	1492992	----a-w-	c:\windows\system32\inetcpl.cpl
    2011-03-15 17:51 . 2011-03-15 17:51	111616	----a-w-	c:\windows\system32\iesysprep.dll
    2011-03-12 12:03 . 2011-04-27 17:42	662528	----a-w-	c:\windows\system32\XpsPrint.dll
    2011-03-12 11:31 . 2011-04-27 17:42	442880	----a-w-	c:\windows\SysWow64\XpsPrint.dll
    2011-03-11 06:23 . 2011-04-27 17:40	187264	----a-w-	c:\windows\system32\drivers\storport.sys
    2011-03-11 06:23 . 2011-04-27 17:40	166272	----a-w-	c:\windows\system32\drivers\nvstor.sys
    2011-03-11 06:23 . 2011-04-27 17:40	1657216	----a-w-	c:\windows\system32\drivers\ntfs.sys
    2011-03-11 06:23 . 2011-04-27 17:40	148352	----a-w-	c:\windows\system32\drivers\nvraid.sys
    2011-03-11 06:23 . 2011-04-27 17:40	410496	----a-w-	c:\windows\system32\drivers\iaStorV.sys
    2011-03-11 06:22 . 2011-04-27 17:40	107904	----a-w-	c:\windows\system32\drivers\amdsata.sys
    2011-03-11 06:22 . 2011-04-27 17:40	27008	----a-w-	c:\windows\system32\drivers\amdxata.sys
    2011-03-11 06:19 . 2011-04-15 17:47	1395712	----a-w-	c:\windows\system32\mfc42.dll
    2011-03-11 06:19 . 2011-04-15 17:47	1359872	----a-w-	c:\windows\system32\mfc42u.dll
    2011-03-11 06:18 . 2011-04-27 17:40	2566144	----a-w-	c:\windows\system32\esent.dll
    2011-03-11 06:15 . 2011-04-27 17:40	96768	----a-w-	c:\windows\system32\fsutil.exe
    2011-03-11 05:40 . 2011-04-15 17:47	1164288	----a-w-	c:\windows\SysWow64\mfc42u.dll
    2011-03-11 05:40 . 2011-04-15 17:47	1137664	----a-w-	c:\windows\SysWow64\mfc42.dll
    2011-03-11 05:39 . 2011-04-27 17:40	1686016	----a-w-	c:\windows\SysWow64\esent.dll
    2011-03-11 05:37 . 2011-04-27 17:40	74240	----a-w-	c:\windows\SysWow64\fsutil.exe
    2011-03-08 06:14 . 2011-04-15 17:41	976896	----a-w-	c:\windows\system32\inetcomm.dll
    2011-03-08 05:38 . 2011-04-15 17:41	740864	----a-w-	c:\windows\SysWow64\inetcomm.dll
    .
    .
    ((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-07-29 16:52	121392	----a-w-	c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-13 281768]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-12-15 1115728]
    "VitaKeyPdtWzd"="c:\program files (x86)\Acer Bio Protection\PdtWzd.exe" [2009-09-05 3622912]
    "UIExec"="c:\program files (x86)\1&1 Surf-Stick\UIExec.exe" [2010-09-30 139088]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "BCSSync"="d:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    "HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
    .
    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\users\Sacknase-Klaus\Desktop\Acer Arcade Deluxe\PlayMovie\000.fcl [x]
    R2 CLHNService;CLHNService;c:\users\Sacknase-Klaus\Desktop\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-26 136176]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
    R3 AVerAF35;AVerMedia A835 USB DVB-T;c:\windows\system32\Drivers\AVerAF35.sys [x]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-07-24 1038088]
    R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-26 136176]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
    R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
    R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
    R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 6077757b;6077757b;c:\windows\system32\drivers\regi.sys [x]
    S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
    S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
    S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-08-19 24576]
    S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 2111368]
    S2 IGBASVC;EgisTec Service;c:\program files (x86)\Acer Bio Protection\BASVC.exe [2009-09-05 3452928]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-08-26 1403200]
    S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\1&1 Surf-Stick\AssistantServices.exe [2010-09-30 253264]
    S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2009-06-03 721712]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
    S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
    .
    .
    Inhalt des "geplante Tasks" Ordners
    .
    2011-06-03 c:\windows\Tasks\AutoKMS.job
    - c:\windows\AutoKMS.exe [2011-03-29 17:20]
    .
    2011-06-03 c:\windows\Tasks\AutoKMSDaily.job
    - c:\windows\AutoKMS.exe [2011-03-29 17:20]
    .
    2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-26 10:32]
    .
    2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-26 10:32]
    .
    2011-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3348480403-2323492961-213284728-1000Core.job
    - c:\users\Sacknase-Klaus\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-29 20:37]
    .
    2011-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3348480403-2323492961-213284728-1000UA.job
    - c:\users\Sacknase-Klaus\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-29 20:37]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-07-29 16:53	50736	----a-w-	c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "combofix"="c:\combofix\CF5834.cfxxe" [X]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 16334880]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-17 9608224]
    "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-09-23 486912]
    "eDataSecurity Loader"="c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe" [2008-07-29 561200]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
    UxTuneUp
    .
    ------- Zusätzlicher Suchlauf -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://google.de/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: An OneNote s&enden - d:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: Nach Microsoft E&xcel exportieren - d:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
    LSP: mswsock.dll
    TCP: DhcpNameServer = 192.168.2.1
    FF - ProfilePath - c:\users\Sacknase-Klaus\AppData\Roaming\Mozilla\Firefox\Profiles\79714rqi.default\
    .
    - - - - Entfernte verwaiste Registrierungseinträge - - - -
    .
    AddRemove-{7353BAE6-5E49-46C4-A9B5-8A269A313789} - c:\users\Sacknase-Klaus\AppData\Local\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe
    AddRemove-{C1080852-065E-4991-9260-F3756E3CC182} - c:\users\Sacknase-Klaus\AppData\Local\{DE032019-B933-4DF4-9174-48C52613DA13}\CursorFX_setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
    "ImagePath"="\??\c:\users\Sacknase-Klaus\Desktop\Acer Arcade Deluxe\PlayMovie\000.fcl"
    .
    --------------------- Gesperrte Registrierungsschluessel ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Weitere laufende Prozesse ------------------------
    .
    c:\program files (x86)\Acer Bio Protection\CompPtcVUI.exe
    c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
    c:\program files (x86)\Acer Bio Protection\PwdBank.exe
    .
    **************************************************************************
    .
    Zeit der Fertigstellung: 2011-06-03  02:03:40 - PC wurde neu gestartet
    ComboFix-quarantined-files.txt  2011-06-03 00:03
    .
    Vor Suchlauf: 7.917.744.128 Bytes frei
    Nach Suchlauf: 7.802.646.528 Bytes frei
    .
    - - End Of File - - 029434A578FD8AFD8BF3D2D243201FA6

  10. #10
    Moderator Team-Mitglied Avatar von Swisstreasure
    Registriert seit
    13.08.2009
    Ort
    Schweiz
    Beiträge
    3.660

    AW: Firefox leitet Google-Suchergebnisse um

    Weiterer Support fraglich

    Code:
    C:\Windows\KMSEmulator.exe
    Die Nutzung von Cracks, Keygens und/oder Patchs, die das Ziel haben, Bezahlsoftware ohne Bezahlung nutzbar zu machen, ist illegal und wir haben uns darauf geeinigt, dass wir uns nicht der Beihilfe schuldig machen werden. Dieses Forum unterliegt deutschen Gesetzen und die sind diesbezüglich sehr streng.

    Dass Cracks und Keygens im Wesentlichen dazu dienen, um auf den Computern Malware und Backdoors unterzubringen, ist kein Geheimnis und muss jedem klar sein.

    Du hast jetzt zwei Möglichkeiten: Entweder Du entfernst konsequent und rückstandlos jede Software, die auf diese Weise genutzt wird und verzichtest in Zukunft darauf, oder ich stelle den Support an dieser Stelle komplett ein.

Seite 1 von 3 123 LetzteLetzte

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. google suchergebnisse wereden umgeleidet
    Von Berndjf4 im Forum Archiv
    Antworten: 4
    Letzter Beitrag: 22.04.2011, 06:04
  2. Antworten: 8
    Letzter Beitrag: 04.12.2010, 20:31
  3. Antworten: 1
    Letzter Beitrag: 14.02.2010, 17:07
  4. Antworten: 13
    Letzter Beitrag: 28.11.2008, 15:33
  5. Google Suchergebnisse führen zu falschen Seiten
    Von Alex-Munro im Forum Archiv
    Antworten: 7
    Letzter Beitrag: 08.03.2007, 09:20

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •