Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Polizeivirus Österreich

Polizeivirus Österreich


Plagegeister aller Art und deren Bekämpfung: Polizeivirus Österreich

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.07.2012, 21:14   #1
Vecci
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich


Hallo liebe Helfer ! Erstmals finde ich es toll dass es euch gibt und ihr schon so viele User helfen konntet , echt toll von euch! Ich hab mir wie so viele andere , nun auch diesen Polizeitrojaner (Österreich Version mit der aufforderung 100 € einzuzahlen usw) eingefangen. Ich bitte euch um Hilfe, ich weiss nicht mehr weiter. In den eigentlichen Benutzer komm ich nicht mehr rein. Ich hab mir einen 2ten Benutzer via Abegsicherter Modus angelegt und bin jetzt hier drinnen habe aber viele wichtige Daten am befallenen Benutzerkonto die ich retten bzw nicht löschen möchte ! Ich wollte einfach Systemwiederherstellung machen doch das geht anscheinend bei mehreren Windows 7 Nutzer nicht.

Ich hab mir Malwarebytes und OTL bereits geladen..... Malwarebytes hat bei mir zwei Logdatein angegeben ?!? Ich häng mal an, lieben dank einstweil !

PHP-Code:
OTL logfile created on22.07.2012 21:29:19 Run 1
OTL by OldTimer Version 3.2.54.0     Folder C:\Users\Secure\Desktop
64bitHome Premium Edition Service Pack 1 (Version 6.1.7601) - Type NTWorkstation
Internet Explorer (Version 9.0.8112.16421)
Locale00000C07 CountryÖsterreich LanguageDEA Date Formatdd.MM.yyyy
 
3,95 Gb Total Physical Memory 2,34 Gb Available Physical Memory 59,20Memory free
7,90 Gb Paging File 6,08 Gb Available in Paging File 76,99Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,78 Gb Total Space 325,75 Gb Free Space 72,10Space Free Partition TypeNTFS
Drive D: | 268,30 Mb Total Space 0,00 Mb Free Space 0,00Space Free Partition TypeCDFS
 
Computer NameTHOMAS-VAIO User NameSecure Logged in as Administrator.
Boot ModeNormal Scan ModeCurrent user | Include 64bit Scans
Company Name WhitelistOff Skip Microsoft FilesOff No Company Name WhitelistOn File Age 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012.07.22 21:29:13 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Secure\Desktop\OTL.exe
PRC - [2012.07.03 13:46:44 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.07.03 13:46:42 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.04.29 17:20:18 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011.03.05 16:42:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2011.03.05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2011.03.01 21:23:36 | 000,391,432 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
PRC - [2011.03.01 21:23:36 | 000,259,336 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
PRC - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe
PRC - [2011.02.01 13:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.01 13:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.01.29 06:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe
PRC - [2010.11.27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010.09.13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2011.01.29 06:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV - [2012.07.12 11:57:38 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.13 10:55:10 001,256,040 | ---- | M] (Sony Corporation) [On_Demand Running] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV - [2011.10.01 09:30:22 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 000,508,776 | ---- | M] (Microsoft Corporation) [Auto Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.05.19 19:15:44 000,549,616 | ---- | M] (Sony Corporation) [On_Demand Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2011.04.29 17:20:18 000,146,592 | ---- | M] (Atheros) [Auto Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011.04.29 17:19:22 000,091,296 | ---- | M] (Atheros Commnucations) [Auto Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2011.03.29 08:13:25 002,361,344 | ---- | M] (Realsil Microelectronics Inc.) [Auto Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011.03.05 16:42:36 000,064,704 | ---- | M] (Sony Corporation) [Auto Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2011.03.01 21:23:36 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.28 10:29:18 000,852,160 | ---- | M] (Sony Corporation) [Auto Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2011.02.25 10:46:22 000,249,648 | ---- | M] (Microsoft Corporation) [Auto Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.02.23 14:05:04 000,105,024 | ---- | M] (ArcSoftInc.) [Auto Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2011.02.21 12:55:08 000,113,824 | ---- | M] (Sony Corporation) [On_Demand Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2011.02.21 12:55:08 000,067,232 | ---- | M] (Sony Corporation) [On_Demand Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2011.02.18 22:15:06 000,099,104 | ---- | M] (Sony Corporation) [On_Demand Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2011.02.18 22:02:08 000,385,336 | ---- | M] (Sony Corporation) [On_Demand Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2011.02.14 14:23:50 000,044,736 | ---- | M] (Sony Corporation) [On_Demand Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService)
SRV - [2011.02.01 13:20:48 002,656,280 | ---- | M] (Intel Corporation) [Auto Running] -- C:\Program Files (x86)\Intel\Intel(RManagement Engine Components\UNS\UNS.exe -- (UNSIntel(R)
SRV - [2011.02.01 13:20:46 000,326,168 | ---- | M] (Intel Corporation) [Auto Running] -- C:\Program Files (x86)\Intel\Intel(RManagement Engine Components\LMS\LMS.exe -- (LMSIntel(R)
SRV - [2011.01.20 12:27:18 000,286,936 | ---- | M] (Sony Corporation) [On_Demand Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV - [2011.01.20 12:16:26 000,887,000 | ---- | M] (Sony Corporation) [On_Demand Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010.11.27 00:55:42 000,398,176 | ---- | M] (Sony Corporation) [Auto Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010.09.22 18:10:10 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 14:49:00 002,286,976 | ---- | M] (Microsoft Corp.) [Auto Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.13 18:32:32 000,013,336 | ---- | M] (Intel Corporation) [Auto Running] -- C:\Program Files (x86)\Intel\Intel(RRapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvcIntel(R)
SRV - [2010.03.18 23:16:28 000,130,384 | ---- | M] (Microsoft Corporation) [Auto Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.01.09 22:34:24 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2012.07.18 16:28:27 000,834,544 | ---- | M] () [Kernel Boot Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2012.07.03 13:46:44 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System On_Demand Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2012.03.01 08:46:16 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer Boot Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012.02.15 11:01:50 000,052,736 | ---- | M] (AppleInc.) [Kernel On_Demand Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2011.12.29 01:57:26 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel On_Demand Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:[b]64bit:[/b] - [2011.10.01 09:30:22 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel On_Demand Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:[b]64bit:[/b] - [2011.10.01 09:30:18 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel On_Demand Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:[b]64bit:[/b] - [2011.10.01 09:30:18 000,025,960 | ---- | M] (Microsoft Corporation) [File_System On_Demand Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:[b]64bit:[/b] - [2011.10.01 09:30:10 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel On_Demand Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:[b]64bit:[/b] - [2011.04.29 17:19:36 000,288,416 | ---- | M] (Atheros) [Kernel On_Demand Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:[b]64bit:[/b] - [2011.04.29 17:19:36 000,283,296 | ---- | M] (Atheros) [Kernel On_Demand Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:[b]64bit:[/b] - [2011.04.29 17:19:36 000,166,048 | ---- | M] (Atheros) [Kernel On_Demand Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:[b]64bit:[/b] - [2011.04.29 17:19:36 000,109,216 | ---- | M] (Atheros) [Kernel On_Demand Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:[b]64bit:[/b] - [2011.04.29 17:19:36 000,059,040 | ---- | M] (Atheros) [Kernel On_Demand Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:[b]64bit:[/b] - [2011.04.29 17:19:36 000,036,000 | ---- | M] (Atheros) [Kernel On_Demand Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:[b]64bit:[/b] - [2011.04.29 17:19:36 000,029,344 | ---- | M] (Atheros) [Kernel On_Demand Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:[b]64bit:[/b] - [2011.04.29 17:19:34 000,259,232 | ---- | M] (Atheros) [Kernel On_Demand Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:[b]64bit:[/b] - [2011.04.29 17:19:34 000,051,872 | ---- | M] (Windows (RWin 7 DDK provider) [Kernel On_Demand Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:[b]64bit:[/b] - [2011.03.29 11:00:53 000,317,440 | ---- | M] (Intel(RCorporation) [Kernel On_Demand Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAudIntel(R)
DRV:[b]64bit:[/b] - [2011.03.29 10:55:05 012,273,408 | ---- | M] (Intel Corporation) [Kernel On_Demand Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2011.03.29 08:51:30 000,425,064 | ---- | M] (Realtek                                            ) [Kernel On_Demand Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2011.03.29 08:15:05 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel On_Demand Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:[b]64bit:[/b] - [2011.03.29 05:57:20 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel On_Demand Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:[b]64bit:[/b] - [2011.03.11 08:41:12 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel On_Demand Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011.03.11 08:41:12 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel Boot Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011.02.22 17:27:05 000,437,272 | ---- | M] (Intel Corporation) [Kernel Boot Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2011.02.17 05:06:44 000,316,024 | ---- | M] (Alps Electric Co., Ltd.) [Kernel On_Demand Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:[b]64bit:[/b] - [2011.02.16 14:50:45 002,377,216 | ---- | M] (Atheros CommunicationsInc.) [Kernel On_Demand Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:[b]64bit:[/b] - [2010.11.21 05:24:33 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel On_Demand Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010.11.21 05:23:47 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel On_Demand Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2010.11.21 05:23:47 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel On_Demand Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010.11.21 05:23:47 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel On_Demand Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010.10.19 16:34:26 000,056,344 | ---- | M] (Intel Corporation) [Kernel On_Demand Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64Intel(R)
DRV:[b]64bit:[/b] - [2010.07.20 15:49:32 000,123,648 | ---- | M] (D-Link Incorporated) [Kernel On_Demand Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser)
DRV:[b]64bit:[/b] - [2010.07.20 15:49:28 000,123,648 | ---- | M] (D-Link Incorporated) [Kernel On_Demand Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea)
DRV:[b]64bit:[/b] - [2010.07.20 15:49:16 000,123,648 | ---- | M] (D-Link Incorporated) [Kernel On_Demand Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm)
DRV:[b]64bit:[/b] - [2010.07.10 23:02:58 000,011,776 | ---- | M] (MBB Incorporated) [Kernel On_Demand Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:[b]64bit:[/b] - [2010.04.26 22:20:29 000,012,032 | ---- | M] (Sony Corporation) [Kernel On_Demand Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:[b]64bit:[/b] - [2009.07.14 03:52:20 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel On_Demand Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009.07.14 03:48:04 000,065,600 | ---- | M] (LSI Corporation) [Kernel On_Demand Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009.07.14 03:45:55 000,024,656 | ---- | M] (Promise Technology) [Kernel On_Demand Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009.06.10 22:35:02 000,281,088 | ---- | M] (Intel Corporation) [Kernel On_Demand Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpressIntel(R)
DRV:[b]64bit:[/b] - [2009.06.10 22:34:33 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel On_Demand Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009.06.10 22:34:28 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel On_Demand Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009.06.10 22:34:23 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel On_Demand Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009.06.10 22:31:59 000,031,232 | ---- | M] (Hauppauge Computer WorksInc.) [Kernel On_Demand Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009.05.26 14:32:04 000,019,968 | ---- | M] (ArcSoftInc.) [Kernel On_Demand Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:[b]64bit:[/b] - [2009.05.18 13:17:08 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel On_Demand Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009.07.14 03:19:10 000,019,008 | ---- | M] (Microsoft Corporation) [File_System On_Demand Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006.07.24 17:05:00 000,005,632 | ---- | M] () [File_System System Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1Qzu0AyCtAzy0EyD0AyEyEzztByD0E0FzzyCtN0D0TzutBtDtCtBtDyCtBtA&cr=13915486
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page hxxp://www.google.com
IE HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
IE HKLM\..\SearchScopes,Backup.Old.DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
IE HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE HKLM\..\SearchScopes\{6EBE8718-D052-3530-1F83-0FF35056FFC9}: "URL" hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
 
IE HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL hxxp://vaioportal.sony.eu
IE HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL hxxp://sony.msn.com [binary data]
IE HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages hxxp://sony.msn.com [binary data]
IE HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page hxxp://www.google.com
IE HKCU\..\SearchScopes,DefaultScope = {2D6C0518-920E-41C0-83B1-7773B7A85754}
IE HKCU\..\SearchScopes\{2D6C0518-920E-41C0-83B1-7773B7A85754}: "URL" hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE HKCU\..\SearchScopes\{3F1E9CAF-5845-4881-90D7-256D0AF31ED6}: "URL" hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE HKCU\..\SearchScopes\{4CFF6993-C1B8-44B1-967A-C543696A9DD2}: "URL" hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
IE HKCU\..\SearchScopes\{52F54DBE-B9BA-4773-93FB-07C610A1796C}: "URL" hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE HKCU\..\SearchScopes\{54BBFBD3-67D3-4E30-8273-EB960405A670}: "URL" hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE HKCU\..\SearchScopes\{A3463F22-E1B5-4487-9EE9-C03FA7277086}: "URL" hxxp://rover.ebay.com/rover/1/5221-29898-16445-29/4?mpre=hxxp://shop.ebay.at/?oemInLn=ieSrch-Q311&_nkw={searchTerms}
IE HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"ProxyEnable" 0
IE HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"ProxyOverride" = <local>
 
[color=#E56717]========== FireFox ==========[/color]
 
FF user.js File not found
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayerC:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPluginC:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun MicrosystemsInc.)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINEdisabled File not found
FF HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayerC:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayerC:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe SystemsInc.)
FF HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF HKLM\Software\MozillaPlugins\@java.com/JavaPluginC:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun MicrosystemsInc.)
FF HKLM\Software\MozillaPlugins\@microsoft.com/GENUINEdisabled File not found
FF HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll Microsoft Corporation)
FF HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\ComponentsC:\Program Files (x86)\Mozilla Firefox\components [2012.04.12 22:58:23 000,000,000 | ---M]
FF HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\PluginsC:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.07.19 11:06:51 000,000,000 | ---M] (No name found) -- C:\Users\Secure\AppData\Roaming\mozilla\Extensions
[2012.07.18 20:18:32 000,000,000 | ---M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.27 19:03:54 000,000,000 | ---M] (Controller) -- C:\Program Files (x86)\mozilla firefox\extensions\{B0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11}
[2012.04.12 22:58:23 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.29 16:02:49 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.29 15:50:55 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.29 16:02:49 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.29 16:02:49 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.29 16:02:49 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.29 16:02:49 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:[b]64bit:[/b] - BHO: (no name) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - No CLSID value found.
O2:[b]64bit:[/b] - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:[b]64bit:[/b] - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
O2 BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
O3 HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 HKLM\..\Toolbar: (no name) - Locked No CLSID value found.
O3 HKCU\..\Toolbar\WebBrowser: (BittorrentBar_DE Toolbar) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmdsC:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTrayC:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4 HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 HKCU..\Run: [DriverFinderC:\Program Files (x86)\DriverFinder\DriverFinder.exe ()
O4 HKLM..\RunOnce: [Malwarebytes Anti-MalwareC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23DE1942-ED20-4DCD-902C-54A192B2EFD3}: DhcpNameServer = 10.0.0.138
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{eecbccd5-d0e4-11e1-92fb-9439e5a44826}\Shell - "" = AutoRun
O33 - MountPoints2\{eecbccd5-d0e4-11e1-92fb-9439e5a44826}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012.07.22 21:29:01 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Secure\Desktop\OTL.exe
[2012.07.22 21:25:16 | 000,000,000 | ---D | C] -- C:\Users\Secure\AppData\Roaming\Malwarebytes
[2012.07.22 21:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.22 21:25:14 000,000,000 | ---C] -- C:\ProgramData\Malwarebytes
[2012.07.22 21:25:13 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.22 21:25:13 000,000,000 | ---C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.22 11:51:35 | 000,000,000 | ---D | C] -- C:\Users\Secure\AppData\Local\Sony Corporation
[2012.07.21 11:35:34 | 000,000,000 | ---D | C] -- C:\Users\Secure\AppData\Local\Microsoft Games
[2012.07.19 11:07:20 | 000,000,000 | ---D | C] -- C:\Users\Secure\AppData\Local\Macromedia
[2012.07.19 11:06:43 | 000,000,000 | ---D | C] -- C:\Users\Secure\AppData\Roaming\Mozilla
[2012.07.19 11:06:43 | 000,000,000 | ---D | C] -- C:\Users\Secure\AppData\Local\Mozilla
[2012.07.18 21:00:04 | 000,000,000 | ---D | C] -- C:\Users\Secure\AppData\Roaming\Canneverbe Limited
[2012.07.18 19:42:45 | 000,000,000 | ---D | C] -- C:\Users\Secure\Desktop\Neuer Ordner
[2012.07.18 19:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.07.18 19:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverFinder
[2012.07.18 19:31:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverFinder
[2012.07.18 19:31:28 | 000,000,000 | ---D | C] -- C:\Users\Secure\AppData\Roaming\DriverFinder
[2012.07.18 19:21:28 | 000,000,000 | ---D | C] -- C:\Users\Secure\AppData\Roaming\Adobe
[2012.07.18 18:59:25 | 000,000,000 | R--D | C] -- C:\Users\Secure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.07.18 18:59:25 | 000,000,000 | R--D | C] -- C:\Users\Secure\Searches
[2012.07.18 18:59:25 | 000,000,000 | R--D | C] -- C:\Users\Secure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.07.18 18:59:16 | 000,000,000 | ---D | C] -- C:\Users\Secure\AppData\Roaming\Sony Corporation
[2012.07.18 18:59:15 | 000,000,000 | ---D | C] -- C:\Users\Secure\AppData\Roaming\Identities
[2012.07.18 18:59:12 | 000,000,000 | R--D | C] -- C:\Users\Secure\Contacts
[2012.07.18 18:58:49 | 000,000,000 | -HSD | C] -- C:\Users\Secure\Vorlagen
[2012.07.18 18:58:49 | 000,000,000 | -HSD | C] -- C:\Users\Secure\AppData\Local\Verlauf
[2012.07.18 18:58:49 | 000,000,000 | -HSD | C] -- C:\Users\Secure\AppData\Local\Temporary Internet Files
[2012.07.18 18:58:49 | 000,000,000 | -HSD | C] -- C:\Users\Secure\Startmenü
[2012.07.18 18:58:49 | 000,000,000 | -HSD | C] -- C:\Users\Secure\SendTo
[2012.07.18 18:58:49 | 000,000,000 | -HSD | C] -- C:\Users\Secure\Recent
[2012.07.18 18:58:49 | 000,000,000 | -HSD | C] -- C:\Users\Secure\Netzwerkumgebung
[2012.07.18 18:58:49 | 000,000,000 | -HSD | C] -- C:\Users\Secure\Lokale Einstellungen
[2012.07.18 18:58:49 | 000,000,000 | -HSD | C] -- C:\Users\Secure\Documents\Eigene Videos
[2012.07.18 18:58:49 | 000,000,000 | -HSD | C] -- C:\Users\Secure\Documents\Eigene Musik
[2012.07.18 18:58:49 | 000,000,000 | -HSD | C] -- C:\Users\Secure\Eigene Dateien
[2012.07.18 18:58:49 | 000,000,000 | -HSD | C] -- C:\Users\Secure\Documents\Eigene Bilder
[2012.07.18 18:58:49 | 000,000,000 | -HSD | C] -- C:\Users\Secure\Druckumgebung
[2012.07.18 18:58:49 | 000,000,000 | -HSD | C] -- C:\Users\Secure\Cookies
[2012.07.18 18:58:49 | 000,000,000 | -HSD | C] -- C:\Users\Secure\AppData\Local\Anwendungsdaten
[2012.07.18 18:58:49 | 000,000,000 | -HSD | C] -- C:\Users\Secure\Anwendungsdaten
[2012.07.18 18:58:44 | 000,000,000 | R--D | C] -- C:\Users\Secure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.07.18 18:58:44 | 000,000,000 | R--D | C] -- C:\Users\Secure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.07.18 18:58:44 | 000,000,000 | ---D | C] -- C:\Users\Secure\AppData\Local\Temp
[2012.07.18 18:58:44 | 000,000,000 | ---D | C] -- C:\Users\Secure\AppData\Local\Microsoft
[2012.07.18 18:58:44 | 000,000,000 | ---D | C] -- C:\Users\Secure\AppData\Roaming\Media Center Programs
[2012.07.18 18:58:44 | 000,000,000 | ---D | C] -- C:\Users\Secure\AppData\Roaming\Macromedia
[2012.07.18 18:58:42 | 000,000,000 | --SD | C] -- C:\Users\Secure\AppData\Roaming\Microsoft
[2012.07.18 18:58:40 | 000,000,000 | R--D | C] -- C:\Users\Secure\Videos
[2012.07.18 18:58:40 | 000,000,000 | R--D | C] -- C:\Users\Secure\Saved Games
[2012.07.18 18:58:40 | 000,000,000 | R--D | C] -- C:\Users\Secure\Pictures
[2012.07.18 18:58:40 | 000,000,000 | R--D | C] -- C:\Users\Secure\Music
[2012.07.18 18:58:40 | 000,000,000 | R--D | C] -- C:\Users\Secure\Links
[2012.07.18 18:58:40 | 000,000,000 | R--D | C] -- C:\Users\Secure\Favorites
[2012.07.18 18:58:40 | 000,000,000 | R--D | C] -- C:\Users\Secure\Downloads
[2012.07.18 18:58:40 | 000,000,000 | R--D | C] -- C:\Users\Secure\Documents
[2012.07.18 18:58:40 | 000,000,000 | R--D | C] -- C:\Users\Secure\Desktop
[2012.07.18 18:58:40 | 000,000,000 | -H-D | C] -- C:\Users\Secure\AppData
[2012.07.18 16:28:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012.07.18 16:27:36 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012.07.13 06:25:23 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.13 06:25:23 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.13 06:25:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.13 06:25:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.13 06:25:21 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.13 06:25:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.13 06:25:21 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.13 06:25:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.13 06:25:20 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.13 06:25:20 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.13 06:25:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.13 06:25:20 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.13 06:25:20 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.12 10:06:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.12 10:06:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.12 10:06:53 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.12 10:06:47 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.12 10:06:47 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.10 08:46:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012.07.07 22:19:23 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012.06.27 13:19:09 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.27 13:19:09 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.27 13:19:09 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.27 13:18:59 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.27 13:18:59 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.27 13:18:59 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.27 13:18:49 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.27 13:18:49 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.25 21:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YourFileDownloader
[2012.06.25 21:33:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\intellidownload
[2012.06.25 16:04:24 | 001,394,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4.dll
[2012.06.23 23:32:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.06.23 23:32:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.06.23 23:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free RAR Extract Frog
[2012.06.23 23:21:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free RAR Extract Frog
[2012.06.23 22:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Double Top Deluxe
[2012.06.23 22:59:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Double Top Deluxe
[2012.06.23 22:43:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BittorrentBar_DE
[2012.06.23 22:42:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload
[2012.06.23 22:42:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012.07.22 21:29:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Secure\Desktop\OTL.exe
[2012.07.22 21:25:14 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.22 21:20:50 | 000,020,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 21:20:50 | 000,020,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 21:17:48 | 001,614,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.22 21:17:48 | 000,697,322 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.22 21:17:48 | 000,652,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.22 21:17:48 | 000,148,328 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.22 21:17:48 | 000,121,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.22 21:16:13 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.22 21:15:00 | 004,503,728 | ---- | M] () -- C:\ProgramData\kp_0loor.pad
[2012.07.22 21:13:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.22 21:13:20 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.22 16:01:39 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.22 16:01:34 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.22 11:52:40 | 000,031,980 | ---- | M] () -- C:\Windows\SysNative\s000001.dat
[2012.07.22 11:50:49 | 000,000,102 | ---- | M] () -- C:\Windows\SysNative\sstates.sdt
[2012.07.22 11:50:49 | 000,000,040 | ---- | M] () -- C:\Windows\SysNative\sstate_prev.sdt
[2012.07.18 21:02:39 | 000,002,162 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.07.18 19:37:28 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.18 19:32:02 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\DriverFinder.lnk
[2012.07.18 16:28:27 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2012.07.18 16:28:27 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.07.14 19:34:33 | 000,311,172 | ---- | M] () -- C:\test.xml
[2012.07.13 12:38:33 | 000,297,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.12 15:54:50 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.12 11:57:35 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.12 11:57:35 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.08 08:51:34 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.25 21:34:49 | 000,000,250 | ---- | M] () -- C:\user.js
[2012.06.25 21:34:37 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\YourFile Downloader.lnk
[2012.06.25 16:04:24 | 001,394,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4.dll
[2012.06.23 23:32:27 | 000,000,000 | ---- | M] () -- C:\ProgramData\039142067658bf8c5af309d9f90637f8_c
[2012.06.23 23:21:18 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Free RAR Extract Frog.lnk
[2012.06.23 22:42:42 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012.07.22 21:25:14 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.22 11:52:40 | 000,031,980 | ---- | C] () -- C:\Windows\SysNative\s000001.dat
[2012.07.21 18:11:01 | 004,503,728 | ---- | C] () -- C:\ProgramData\kp_0loor.pad
[2012.07.18 19:37:28 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.18 19:32:02 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\DriverFinder.lnk
[2012.07.18 18:59:29 | 000,001,405 | ---- | C] () -- C:\Users\Secure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.07.18 18:59:27 | 000,001,439 | ---- | C] () -- C:\Users\Secure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.07.18 16:28:27 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2012.07.18 16:28:27 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.07.08 08:51:34 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2012.06.25 21:34:48 | 000,000,250 | ---- | C] () -- C:\user.js
[2012.06.25 21:34:37 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\YourFile Downloader.lnk
[2012.06.23 23:32:27 | 000,000,000 | ---- | C] () -- C:\ProgramData\039142067658bf8c5af309d9f90637f8_c
[2012.06.23 23:21:18 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Free RAR Extract Frog.lnk
[2012.06.23 22:42:42 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2012.04.03 22:24:32 | 000,096,940 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.03.13 01:12:01 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2012.03.13 01:09:16 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2011.03.30 03:46:48 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.03.30 03:46:47 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.03.30 03:46:46 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.02.11 01:03:27 | 001,591,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2012.03.13 00:16:19 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??????) -- C:\Windows\SysWow64\ɇ筵Ɏ硎疔
[2012.03.13 00:16:19 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??????) -- C:\Windows\SysWow64\ɇ筵Ɏ硎疔
[2012.03.13 00:16:19 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??????) -- C:\Windows\SysWow64\ɇ筵Ɏ硎疔
[2012.03.13 00:16:19 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??????) -- C:\Windows\SysWow64\ɇ筵Ɏ硎疔

< End of report > 

Alt 22.07.2012, 22:44   #2
t'john
/// Helfer-Team
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich




Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
SRV - [2012.07.12 11:57:38 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) 
DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.) 
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} 
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKLM\..\SearchScopes\{6EBE8718-D052-3530-1F83-0FF35056FFC9}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms} 
IE - HKCU\..\SearchScopes,DefaultScope = {2D6C0518-920E-41C0-83B1-7773B7A85754} 
IE - HKCU\..\SearchScopes\{2D6C0518-920E-41C0-83B1-7773B7A85754}: "URL" = http://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} 
IE - HKCU\..\SearchScopes\{3F1E9CAF-5845-4881-90D7-256D0AF31ED6}: "URL" = http://go.web.de/tb/ie_searchplugin/?su={searchTerms} 
IE - HKCU\..\SearchScopes\{4CFF6993-C1B8-44B1-967A-C543696A9DD2}: "URL" = http://services.zinio.com/search?s={searchTerms}&rf=sonyslices 
IE - HKCU\..\SearchScopes\{52F54DBE-B9BA-4773-93FB-07C610A1796C}: "URL" = http://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} 
IE - HKCU\..\SearchScopes\{54BBFBD3-67D3-4E30-8273-EB960405A670}: "URL" = http://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie 
IE - HKCU\..\SearchScopes\{A3463F22-E1B5-4487-9EE9-C03FA7277086}: "URL" = http://rover.ebay.com/rover/1/5221-29898-16445-29/4?mpre=http://shop.ebay.at/?oemInLn=ieSrch-Q311&_nkw={searchTerms} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (BittorrentBar_DE Toolbar) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.) 
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) 
O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) 
O4 - HKCU..\Run: [DriverFinder] C:\Program Files (x86)\DriverFinder\DriverFinder.exe () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{eecbccd5-d0e4-11e1-92fb-9439e5a44826}\Shell - "" = AutoRun 
O33 - MountPoints2\{eecbccd5-d0e4-11e1-92fb-9439e5a44826}\Shell\AutoRun\command - "" = E:\autorun.exe 
[2012.07.18 19:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverFinder 
[2012.07.22 21:15:00 | 004,503,728 | ---- | M] () -- C:\ProgramData\kp_0loor.pad 
[2012.07.12 11:57:35 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe 
[2012.07.21 18:11:01 | 004,503,728 | ---- | C] () -- C:\ProgramData\kp_0loor.pad 
[2012.06.23 23:32:27 | 000,000,000 | ---- | M] () -- C:\ProgramData\039142067658bf8c5af309d9f90637f8_c 
[2012.07.22 16:01:39 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.07.22 16:01:34 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 

:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________
Alt 23.07.2012, 14:35   #3
Vecci
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich


Code:
ATTFilter
All processes killed
========== OTL ==========
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe moved successfully.
Service StarOpen stopped successfully!
Service StarOpen deleted successfully!
C:\Windows\SysWOW64\drivers\StarOpen.sys moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ deleted successfully.
C:\Program Files (x86)\BittorrentBar_DE\prxtbBitt.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6EBE8718-D052-3530-1F83-0FF35056FFC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EBE8718-D052-3530-1F83-0FF35056FFC9}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2D6C0518-920E-41C0-83B1-7773B7A85754}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D6C0518-920E-41C0-83B1-7773B7A85754}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3F1E9CAF-5845-4881-90D7-256D0AF31ED6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F1E9CAF-5845-4881-90D7-256D0AF31ED6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4CFF6993-C1B8-44B1-967A-C543696A9DD2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4CFF6993-C1B8-44B1-967A-C543696A9DD2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{52F54DBE-B9BA-4773-93FB-07C610A1796C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52F54DBE-B9BA-4773-93FB-07C610A1796C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{54BBFBD3-67D3-4E30-8273-EB960405A670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54BBFBD3-67D3-4E30-8273-EB960405A670}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A3463F22-E1B5-4487-9EE9-C03FA7277086}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3463F22-E1B5-4487-9EE9-C03FA7277086}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ not found.
File C:\Program Files (x86)\BittorrentBar_DE\prxtbBitt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ not found.
File C:\Program Files (x86)\BittorrentBar_DE\prxtbBitt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}\ not found.
File C:\Program Files (x86)\BittorrentBar_DE\prxtbBitt.dll not found.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ deleted successfully.
C:\Programme\WEB.DE Toolbar\IE\uitb.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ deleted successfully.
C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DriverFinder not found.
C:\Program Files (x86)\DriverFinder\DriverFinder.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eecbccd5-d0e4-11e1-92fb-9439e5a44826}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eecbccd5-d0e4-11e1-92fb-9439e5a44826}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eecbccd5-d0e4-11e1-92fb-9439e5a44826}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eecbccd5-d0e4-11e1-92fb-9439e5a44826}\ not found.
File E:\autorun.exe not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverFinder folder moved successfully.
C:\ProgramData\kp_0loor.pad moved successfully.
C:\Windows\SysWOW64\FlashPlayerApp.exe moved successfully.
File C:\ProgramData\kp_0loor.pad not found.
C:\ProgramData\039142067658bf8c5af309d9f90637f8_c moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Thomas\Desktop\cmd.bat deleted successfully.
C:\Users\Thomas\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Secure
->Temp folder emptied: 3509724 bytes
->Temporary Internet Files folder emptied: 108198914 bytes
->FireFox cache emptied: 17476873 bytes
->Flash cache emptied: 60593 bytes
 
User: Thomas
->Temp folder emptied: 88362365 bytes
->Temporary Internet Files folder emptied: 684016097 bytes
->Java cache emptied: 53468 bytes
->FireFox cache emptied: 1085647121 bytes
->Google Chrome cache emptied: 6333347 bytes
->Flash cache emptied: 103540 bytes
 
User: Valerie
->Temp folder emptied: 49533833 bytes
->Temporary Internet Files folder emptied: 347529628 bytes
->Java cache emptied: 11429040 bytes
->FireFox cache emptied: 689969291 bytes
->Flash cache emptied: 58624 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 447120 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 250211 bytes
RecycleBin emptied: 2557648605 bytes
 
Total Files Cleaned = 5.389,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Secure
->Flash cache emptied: 0 bytes
 
User: Thomas
->Flash cache emptied: 0 bytes
 
User: Valerie
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.54.0 log created on 07232012_152512

Files\Folders moved on Reboot...
C:\Users\Thomas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Thomas\AppData\Local\Temp\~DF3AEFA5C13F0132E8.TMP not found!
File\Folder C:\Users\Thomas\AppData\Local\Temp\~DF8315B4D03C7A07C4.TMP not found!
File\Folder C:\Users\Thomas\AppData\Local\Temp\~DFC719A06FE0C0EA84.TMP not found!
File\Folder C:\Users\Thomas\AppData\Local\Temp\~DFDDDEAC6CA26D6B80.TMP not found!
C:\Users\Thomas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Thomas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TGMSDLZK\afr[1].htm moved successfully.
C:\Users\Thomas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L066NMO0\120150-polizeivirus-osterreich[1].htm moved successfully.
C:\Users\Thomas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L066NMO0\ads[4].htm moved successfully.
C:\Users\Thomas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IRHE9VK2\affilinet_tpage[1].htm moved successfully.

PendingFileRenameOperations files...
File C:\Users\Thomas\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Thomas\AppData\Local\Temp\~DF3AEFA5C13F0132E8.TMP not found!
File C:\Users\Thomas\AppData\Local\Temp\~DF8315B4D03C7A07C4.TMP not found!
File C:\Users\Thomas\AppData\Local\Temp\~DFC719A06FE0C0EA84.TMP not found!
File C:\Users\Thomas\AppData\Local\Temp\~DFDDDEAC6CA26D6B80.TMP not found!
File C:\Users\Thomas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\Thomas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TGMSDLZK\afr[1].htm not found!
File C:\Users\Thomas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L066NMO0\120150-polizeivirus-osterreich[1].htm not found!
File C:\Users\Thomas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L066NMO0\ads[4].htm not found!
File C:\Users\Thomas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IRHE9VK2\affilinet_tpage[1].htm not found!

Registry entries deleted on Reboot...
__________________
Alt 23.07.2012, 17:07   #4
t'john
/// Helfer-Team
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich


Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 23.07.2012, 19:14   #5
Vecci
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich


Vielen vielen dank bislang ! Computer läuft super .



Malwarebytes LOG

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.23.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Thomas :: THOMAS-VAIO [administrator]

Protection: Enabled

23.07.2012 19:09:53
mbam-log-2012-07-23 (20-02-13).txt

Scan type: Full scan (C:\|D:\|E:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 374470
Time elapsed: 49 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649} (Adware.Zwangi) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Thomas\AppData\Local\RavenBleuSA\bin\1.0.13.0\RavenBleuSACB.exe (Adware.HotBar.Gen) -> No action taken.

(end)
ADW Cleaner

Code:
ATTFilter
# AdwCleaner v1.703 - Logfile created 07/23/2012 at 20:10:09
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Thomas - THOMAS-VAIO
# Running from : C:\Users\Thomas\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\tdoscjxb.default\ConduitCommon
Folder Found : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\tdoscjxb.default\extensions\ffxtlbr@funmoods.com
Folder Found : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\tdoscjxb.default\extensions\plugin@yontoo.com
File Found : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\tdoscjxb.default\searchplugins\SweetIm.xml

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Funmoods
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods Web Search
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SweetIm
Key Found : HKLM\SOFTWARE\DT Soft
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong
[x64] Key Found : HKCU\Software\AppDataLow\Software\SmartBar
[x64] Key Found : HKCU\Software\AppDataLow\Toolbar
[x64] Key Found : HKCU\Software\Funmoods
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods Web Search
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKCU\Software\SweetIm

***** [Registre - GUID] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v11.0 (de)

Profile name : default 
File : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\tdoscjxb.default\prefs.js

Found : user_pref("CT2849855..clientLogIsEnabled", false);
Found : user_pref("CT2849855..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2849855..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2849855.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2849855.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2849855.BrowserCompStateIsOpen_129640009348738015", true);
Found : user_pref("CT2849855.CTID", "CT2849855");
Found : user_pref("CT2849855.CurrentServerDate", "12-7-2012");
Found : user_pref("CT2849855.DSInstall", false);
Found : user_pref("CT2849855.DialogsAlignMode", "LTR");
Found : user_pref("CT2849855.DialogsGetterLastCheckTime", "Thu Jul 12 2012 17:43:44 GMT+0200");
Found : user_pref("CT2849855.DownloadReferralCookieData", "");
Found : user_pref("CT2849855.EMailNotifierPollDate", "Thu Jul 12 2012 17:43:38 GMT+0200");
Found : user_pref("CT2849855.FeedLastCount129349796701375473", 352);
Found : user_pref("CT2849855.FeedPollDate129313974171006416", "Thu Jul 12 2012 17:43:38 GMT+0200");
Found : user_pref("CT2849855.FeedPollDate129313975698350231", "Thu Jul 12 2012 17:43:38 GMT+0200");
Found : user_pref("CT2849855.FeedPollDate129313976370850190", "Thu Jul 12 2012 17:43:38 GMT+0200");
Found : user_pref("CT2849855.FeedPollDate129313976648818968", "Thu Jul 12 2012 17:43:38 GMT+0200");
Found : user_pref("CT2849855.FeedPollDate129313977444757117", "Thu Jul 12 2012 17:43:39 GMT+0200");
Found : user_pref("CT2849855.FeedPollDate129313980389131455", "Thu Jul 12 2012 17:43:39 GMT+0200");
Found : user_pref("CT2849855.FeedPollDate129313980655381977", "Thu Jul 12 2012 17:43:39 GMT+0200");
Found : user_pref("CT2849855.FeedPollDate129313980886163259", "Thu Jul 12 2012 17:43:39 GMT+0200");
Found : user_pref("CT2849855.FeedPollDate129313981234756535", "Thu Jul 12 2012 17:43:39 GMT+0200");
Found : user_pref("CT2849855.FeedPollDate129313983226631720", "Thu Jul 12 2012 17:43:39 GMT+0200");
Found : user_pref("CT2849855.FeedPollDate129313983607725691", "Thu Jul 12 2012 17:43:39 GMT+0200");
Found : user_pref("CT2849855.FeedTTL129313974171006416", 10);
Found : user_pref("CT2849855.FeedTTL129313977444757117", 15);
Found : user_pref("CT2849855.FeedTTL129313980655381977", 5);
Found : user_pref("CT2849855.FeedTTL129313981234756535", 5);
Found : user_pref("CT2849855.FirstServerDate", "25-6-2012");
Found : user_pref("CT2849855.FirstTime", true);
Found : user_pref("CT2849855.FirstTimeFF3", true);
Found : user_pref("CT2849855.FirstTimeHiddenVer", true);
Found : user_pref("CT2849855.FixPageNotFoundErrors", true);
Found : user_pref("CT2849855.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2849855.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2849855.HPInstall", false);
Found : user_pref("CT2849855.HasUserGlobalKeys", true);
Found : user_pref("CT2849855.HomePageProtectorEnabled", false);
Found : user_pref("CT2849855.HomepageBeforeUnload", "hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzutA[...]
Found : user_pref("CT2849855.Initialize", true);
Found : user_pref("CT2849855.InitializeCommonPrefs", true);
Found : user_pref("CT2849855.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2849855.InstallationId", "fft8D92.tmp.exe");
Found : user_pref("CT2849855.InstallationType", "XPE");
Found : user_pref("CT2849855.InstalledDate", "Mon Jun 25 2012 21:35:01 GMT+0200");
Found : user_pref("CT2849855.IsAlertDBUpdated", true);
Found : user_pref("CT2849855.IsGrouping", false);
Found : user_pref("CT2849855.IsInitSetupIni", true);
Found : user_pref("CT2849855.IsMulticommunity", false);
Found : user_pref("CT2849855.IsOpenThankYouPage", true);
Found : user_pref("CT2849855.IsOpenUninstallPage", false);
Found : user_pref("CT2849855.LanguagePackLastCheckTime", "Thu Jul 12 2012 17:43:45 GMT+0200");
Found : user_pref("CT2849855.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2849855.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2849855.LastLogin_3.13.0.6", "Thu Jul 12 2012 17:43:46 GMT+0200");
Found : user_pref("CT2849855.LatestVersion", "3.13.0.6");
Found : user_pref("CT2849855.Locale", "de");
Found : user_pref("CT2849855.MCDetectTooltipHeight", "83");
Found : user_pref("CT2849855.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2849855.MCDetectTooltipWidth", "295");
Found : user_pref("CT2849855.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2849855.OriginalFirstVersion", "3.13.0.6");
Found : user_pref("CT2849855.SearchCaption", "BittorrentBar_DE Customized Web Search");
Found : user_pref("CT2849855.SearchEngineBeforeUnload", "Search");
Found : user_pref("CT2849855.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2849855.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284[...]
Found : user_pref("CT2849855.SearchInNewTabEnabled", true);
Found : user_pref("CT2849855.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2849855.SearchInNewTabLastCheckTime", "Thu Jul 12 2012 17:43:38 GMT+0200");
Found : user_pref("CT2849855.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2849855.SearchProtectorEnabled", false);
Found : user_pref("CT2849855.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT2849855.SendProtectorDataViaLogin", true);
Found : user_pref("CT2849855.ServiceMapLastCheckTime", "Thu Jul 12 2012 17:43:42 GMT+0200");
Found : user_pref("CT2849855.SettingsLastCheckTime", "Thu Jul 12 2012 17:43:37 GMT+0200");
Found : user_pref("CT2849855.SettingsLastUpdate", "1337169810");
Found : user_pref("CT2849855.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2849855&SearchSource=13");
Found : user_pref("CT2849855.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2849855.ThirdPartyComponentsLastCheck", "Mon Jun 25 2012 21:35:00 GMT+0200");
Found : user_pref("CT2849855.ThirdPartyComponentsLastUpdate", "1331806000");
Found : user_pref("CT2849855.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2849855.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2849855");
Found : user_pref("CT2849855.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2849855.UserID", "UN34272293393319106");
Found : user_pref("CT2849855.WeatherNetwork", "");
Found : user_pref("CT2849855.WeatherPollDate", "Thu Jul 12 2012 17:43:39 GMT+0200");
Found : user_pref("CT2849855.WeatherUnit", "C");
Found : user_pref("CT2849855.alertChannelId", "1241896");
Found : user_pref("CT2849855.autoDisableScopes", 0);
Found : user_pref("CT2849855.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Found : user_pref("CT2849855.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Found : user_pref("CT2849855.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Found : user_pref("CT2849855.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262[...]
Found : user_pref("CT2849855.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Found : user_pref("CT2849855.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Found : user_pref("CT2849855.backendstorage./9b+7e06cg5el8:", "6E6D6D7072746E6E7377");
Found : user_pref("CT2849855.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737376787A7474797D242F4B4947[...]
Found : user_pref("CT2849855.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Found : user_pref("CT2849855.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Found : user_pref("CT2849855.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Found : user_pref("CT2849855.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Found : user_pref("CT2849855.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Found : user_pref("CT2849855.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Found : user_pref("CT2849855.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Found : user_pref("CT2849855.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Found : user_pref("CT2849855.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Found : user_pref("CT2849855.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Found : user_pref("CT2849855.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Found : user_pref("CT2849855.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Found : user_pref("CT2849855.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Found : user_pref("CT2849855.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Found : user_pref("CT2849855.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Found : user_pref("CT2849855.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Found : user_pref("CT2849855.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Found : user_pref("CT2849855.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Found : user_pref("CT2849855.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Found : user_pref("CT2849855.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Found : user_pref("CT2849855.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Found : user_pref("CT2849855.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Found : user_pref("CT2849855.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Found : user_pref("CT2849855.backendstorage./9b-0?3g>d", "3A68406F6D3F6E447A42487746207B4C4A7D2520217C542A24[...]
Found : user_pref("CT2849855.backendstorage./9b-0?3g@6:5;", "");
Found : user_pref("CT2849855.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Found : user_pref("CT2849855.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Found : user_pref("CT2849855.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484779213F3E484F4E4D464[...]
Found : user_pref("CT2849855.backendstorage./9b5ba==9cjag", "663A6A69717475767A6F71777B7A744A202120237E");
Found : user_pref("CT2849855.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6D7072746E6E7477787578");
Found : user_pref("CT2849855.backendstorage./9b9643g3/9e", "6A");
Found : user_pref("CT2849855.backendstorage./9b<:222h64<", "393F352F3E");
Found : user_pref("CT2849855.backendstorage./9b=+03eh8h8j?:", "4443");
Found : user_pref("CT2849855.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Found : user_pref("CT2849855.backendstorage./9b?b0d:8aj62<h", "6D");
Found : user_pref("CT2849855.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Found : user_pref("CT2849855.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2849855.globalFirstTimeInfoLastCheckTime", "Sun Jul 08 2012 08:53:37 GMT+0200");
Found : user_pref("CT2849855.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2849855.initDone", true);
Found : user_pref("CT2849855.isAppTrackingManagerOn", true);
Found : user_pref("CT2849855.myStuffEnabled", true);
Found : user_pref("CT2849855.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2849855.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2849855.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2849855.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2849855.navigateToUrlOnSearch", false);
Found : user_pref("CT2849855.revertSettingsEnabled", true);
Found : user_pref("CT2849855.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2849855.searchProtectorEnableByLogin", true);
Found : user_pref("CT2849855.testingCtid", "");
Found : user_pref("CT2849855.toolbarAppMetaDataLastCheckTime", "Thu Jul 12 2012 17:43:45 GMT+0200");
Found : user_pref("CT2849855.toolbarContextMenuLastCheckTime", "Thu Jul 12 2012 17:43:44 GMT+0200");
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2849855/CT2849855[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2849855", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2849855",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"b57[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Thomas\\AppData\\Roaming\\Mozilla\\[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.babylon.com/?affID=112555&[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2849855");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2849855");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2849855");
Found : user_pref("CommunityToolbar.globalUserId", "8a1d7155-6756-4a12-9f0b-fda345736bdb");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2849855");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Jul 12 2012 17:43:4[...]
Found : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Jul 12 2012 17:43:39 GMT+0200");
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "950b7dd4-f9e1-441f-b25f-5d7014166a07");
Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2Xz[...]
Found : user_pref("CommunityToolbar.originalSearchEngine", "Search");
Found : user_pref("backup.old.browser.search.defaultenginename", "SweetIM Search");
Found : user_pref("backup.old.browser.search.selectedEngine", "SweetIM Search");
Found : user_pref("backup.old.browser.startup.homepage", "hxxp://home.sweetim.com/?crg=3.1010000&st=10");
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("browser.startup.homepage", "hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L[...]
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112555&tt=060612_8_");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "6662ef86000000000000a639e5a44825");
Found : user_pref("extensions.BabylonToolbar_i.id", "6662ef86000000000000a639e5a44825");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15516");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112555&tt=06061[...]
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1721:34:47");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("extensions.enabledAddons", "OneClickDownload@OneClickDownload.com:1.0,plugin@yontoo.com:1[...]
Found : user_pref("extensions.funmoods.aflt", "nv1");
Found : user_pref("extensions.funmoods.autoRvrt", false);
Found : user_pref("extensions.funmoods.cntry", "AT");
Found : user_pref("extensions.funmoods.dfltLng", "");
Found : user_pref("extensions.funmoods.dfltSrch", true);
Found : user_pref("extensions.funmoods.dnsErr", true);
Found : user_pref("extensions.funmoods.envrmnt", "production");
Found : user_pref("extensions.funmoods.excTlbr", false);
Found : user_pref("extensions.funmoods.hdrMd5", "C557C6F03B6BD234B8D9DAAC215952A6");
Found : user_pref("extensions.funmoods.hmpg", true);
Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzutAtN2[...]
Found : user_pref("extensions.funmoods.id", "6662ef86000000000000a639e5a44825");
Found : user_pref("extensions.funmoods.instlDay", "15514");
Found : user_pref("extensions.funmoods.instlRef", "nv1");
Found : user_pref("extensions.funmoods.isdcmntcmplt", true);
Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2222:43:56");
Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Found : user_pref("extensions.funmoods.newTab", true);
Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzutAt[...]
Found : user_pref("extensions.funmoods.prdct", "funmoods");
Found : user_pref("extensions.funmoods.prtnrId", "funmoods");
Found : user_pref("extensions.funmoods.sg", "none");
Found : user_pref("extensions.funmoods.smplGrp", "none");
Found : user_pref("extensions.funmoods.srchPrvdr", "Search");
Found : user_pref("extensions.funmoods.tlbrId", "base");
Found : user_pref("extensions.funmoods.tlbrSrchUrl", "");
Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Found : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2222:43:56");
Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Found : user_pref("extensions.funmoods_i.newTab", true);
Found : user_pref("extensions.funmoods_i.smplGrp", "none");
Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2222:43:56");
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=2&q=[...]
Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Found : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000&st=10");

Profile name : default 
File : C:\Users\Valerie\AppData\Roaming\Mozilla\Firefox\Profiles\z9c16o70.default\prefs.js

[OK] File is clean.

Profile name : default 
File : C:\Users\Secure\AppData\Roaming\Mozilla\Firefox\Profiles\b7fzas7v.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found :    "homepage": "hxxp://search.babylon.com/?affID=112555&tt=060612_8_&babsrc=HP_ss&mntrId=6662ef86000[...]
Found :       "name": "Web Search",
Found :       "search_url": "hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2Xz[...]
Found :    "homepage": "hxxp://home.sweetim.com/?crg=3.1010000&st=10",
Found :    "urls_to_restore_on_startup": ["hxxp://search.babylon.com/?affID=112555&tt=060612_8_&babsrc=HP_ss[...]

*************************

AdwCleaner[R1].txt - [15516 octets] - [18/07/2012 20:18:08]
AdwCleaner[S1].txt - [12744 octets] - [18/07/2012 20:18:24]
AdwCleaner[R2].txt - [25127 octets] - [23/07/2012 17:51:59]
AdwCleaner[R3].txt - [24863 octets] - [23/07/2012 20:10:09]

########## EOF - C:\AdwCleaner[R3].txt - [24992 octets] ##########


Alt 23.07.2012, 22:16   #6
t'john
/// Helfer-Team
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich


Warum wurden die Funde in MBAM nicht geloescht?

Neues MBAM-Log!
__________________
--> Polizeivirus Österreich

Alt 24.07.2012, 16:20   #7
Vecci
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich


Code:
ATTFilter
alwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.24.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Thomas :: THOMAS-VAIO [administrator]

Protection: Enabled

24.07.2012 16:12:55
mbam-log-2012-07-24 (16-12-55).txt

Scan type: Full scan (C:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 376187
Time elapsed: 46 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Alt 24.07.2012, 23:42   #8
t'john
/// Helfer-Team
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich


Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 25.07.2012, 19:11   #9
Vecci
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich


0
Code:
ATTFilter
# AdwCleaner v1.703 - Logfile created 07/25/2012 at 17:38:25
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Thomas - THOMAS-VAIO
# Running from : C:\Users\Thomas\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\tdoscjxb.default\ConduitCommon
Folder Deleted : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\tdoscjxb.default\extensions\ffxtlbr@funmoods.com
Folder Deleted : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\tdoscjxb.default\extensions\plugin@yontoo.com
File Deleted : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\tdoscjxb.default\searchplugins\SweetIm.xml

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Funmoods
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods Web Search
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKLM\SOFTWARE\DT Soft

***** [Registre - GUID] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v11.0 (de)

Profile name : default 
File : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\tdoscjxb.default\prefs.js

C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\tdoscjxb.default\user.js ... Deleted !

Deleted : user_pref("CT2849855..clientLogIsEnabled", false);
Deleted : user_pref("CT2849855..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2849855..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2849855.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2849855.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2849855.BrowserCompStateIsOpen_129640009348738015", true);
Deleted : user_pref("CT2849855.CTID", "CT2849855");
Deleted : user_pref("CT2849855.CurrentServerDate", "12-7-2012");
Deleted : user_pref("CT2849855.DSInstall", false);
Deleted : user_pref("CT2849855.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2849855.DialogsGetterLastCheckTime", "Thu Jul 12 2012 17:43:44 GMT+0200");
Deleted : user_pref("CT2849855.DownloadReferralCookieData", "");
Deleted : user_pref("CT2849855.EMailNotifierPollDate", "Thu Jul 12 2012 17:43:38 GMT+0200");
Deleted : user_pref("CT2849855.FeedLastCount129349796701375473", 352);
Deleted : user_pref("CT2849855.FeedPollDate129313974171006416", "Thu Jul 12 2012 17:43:38 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313975698350231", "Thu Jul 12 2012 17:43:38 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313976370850190", "Thu Jul 12 2012 17:43:38 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313976648818968", "Thu Jul 12 2012 17:43:38 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313977444757117", "Thu Jul 12 2012 17:43:39 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313980389131455", "Thu Jul 12 2012 17:43:39 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313980655381977", "Thu Jul 12 2012 17:43:39 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313980886163259", "Thu Jul 12 2012 17:43:39 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313981234756535", "Thu Jul 12 2012 17:43:39 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313983226631720", "Thu Jul 12 2012 17:43:39 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313983607725691", "Thu Jul 12 2012 17:43:39 GMT+0200");
Deleted : user_pref("CT2849855.FeedTTL129313974171006416", 10);
Deleted : user_pref("CT2849855.FeedTTL129313977444757117", 15);
Deleted : user_pref("CT2849855.FeedTTL129313980655381977", 5);
Deleted : user_pref("CT2849855.FeedTTL129313981234756535", 5);
Deleted : user_pref("CT2849855.FirstServerDate", "25-6-2012");
Deleted : user_pref("CT2849855.FirstTime", true);
Deleted : user_pref("CT2849855.FirstTimeFF3", true);
Deleted : user_pref("CT2849855.FirstTimeHiddenVer", true);
Deleted : user_pref("CT2849855.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2849855.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2849855.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2849855.HPInstall", false);
Deleted : user_pref("CT2849855.HasUserGlobalKeys", true);
Deleted : user_pref("CT2849855.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2849855.HomepageBeforeUnload", "hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzutA[...]
Deleted : user_pref("CT2849855.Initialize", true);
Deleted : user_pref("CT2849855.InitializeCommonPrefs", true);
Deleted : user_pref("CT2849855.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2849855.InstallationId", "fft8D92.tmp.exe");
Deleted : user_pref("CT2849855.InstallationType", "XPE");
Deleted : user_pref("CT2849855.InstalledDate", "Mon Jun 25 2012 21:35:01 GMT+0200");
Deleted : user_pref("CT2849855.IsAlertDBUpdated", true);
Deleted : user_pref("CT2849855.IsGrouping", false);
Deleted : user_pref("CT2849855.IsInitSetupIni", true);
Deleted : user_pref("CT2849855.IsMulticommunity", false);
Deleted : user_pref("CT2849855.IsOpenThankYouPage", true);
Deleted : user_pref("CT2849855.IsOpenUninstallPage", false);
Deleted : user_pref("CT2849855.LanguagePackLastCheckTime", "Thu Jul 12 2012 17:43:45 GMT+0200");
Deleted : user_pref("CT2849855.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2849855.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2849855.LastLogin_3.13.0.6", "Thu Jul 12 2012 17:43:46 GMT+0200");
Deleted : user_pref("CT2849855.LatestVersion", "3.13.0.6");
Deleted : user_pref("CT2849855.Locale", "de");
Deleted : user_pref("CT2849855.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2849855.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2849855.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2849855.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2849855.OriginalFirstVersion", "3.13.0.6");
Deleted : user_pref("CT2849855.SearchCaption", "BittorrentBar_DE Customized Web Search");
Deleted : user_pref("CT2849855.SearchEngineBeforeUnload", "Search");
Deleted : user_pref("CT2849855.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2849855.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284[...]
Deleted : user_pref("CT2849855.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2849855.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2849855.SearchInNewTabLastCheckTime", "Thu Jul 12 2012 17:43:38 GMT+0200");
Deleted : user_pref("CT2849855.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2849855.SearchProtectorEnabled", false);
Deleted : user_pref("CT2849855.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2849855.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2849855.ServiceMapLastCheckTime", "Thu Jul 12 2012 17:43:42 GMT+0200");
Deleted : user_pref("CT2849855.SettingsLastCheckTime", "Thu Jul 12 2012 17:43:37 GMT+0200");
Deleted : user_pref("CT2849855.SettingsLastUpdate", "1337169810");
Deleted : user_pref("CT2849855.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2849855&SearchSource=13");
Deleted : user_pref("CT2849855.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2849855.ThirdPartyComponentsLastCheck", "Mon Jun 25 2012 21:35:00 GMT+0200");
Deleted : user_pref("CT2849855.ThirdPartyComponentsLastUpdate", "1331806000");
Deleted : user_pref("CT2849855.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2849855.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2849855");
Deleted : user_pref("CT2849855.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2849855.UserID", "UN34272293393319106");
Deleted : user_pref("CT2849855.WeatherNetwork", "");
Deleted : user_pref("CT2849855.WeatherPollDate", "Thu Jul 12 2012 17:43:39 GMT+0200");
Deleted : user_pref("CT2849855.WeatherUnit", "C");
Deleted : user_pref("CT2849855.alertChannelId", "1241896");
Deleted : user_pref("CT2849855.autoDisableScopes", 0);
Deleted : user_pref("CT2849855.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Deleted : user_pref("CT2849855.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Deleted : user_pref("CT2849855.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Deleted : user_pref("CT2849855.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262[...]
Deleted : user_pref("CT2849855.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Deleted : user_pref("CT2849855.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Deleted : user_pref("CT2849855.backendstorage./9b+7e06cg5el8:", "6E6D6D7072746E6E7377");
Deleted : user_pref("CT2849855.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737376787A7474797D242F4B4947[...]
Deleted : user_pref("CT2849855.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Deleted : user_pref("CT2849855.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Deleted : user_pref("CT2849855.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Deleted : user_pref("CT2849855.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Deleted : user_pref("CT2849855.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Deleted : user_pref("CT2849855.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Deleted : user_pref("CT2849855.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Deleted : user_pref("CT2849855.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Deleted : user_pref("CT2849855.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Deleted : user_pref("CT2849855.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Deleted : user_pref("CT2849855.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Deleted : user_pref("CT2849855.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Deleted : user_pref("CT2849855.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Deleted : user_pref("CT2849855.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Deleted : user_pref("CT2849855.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Deleted : user_pref("CT2849855.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Deleted : user_pref("CT2849855.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Deleted : user_pref("CT2849855.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Deleted : user_pref("CT2849855.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Deleted : user_pref("CT2849855.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Deleted : user_pref("CT2849855.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Deleted : user_pref("CT2849855.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Deleted : user_pref("CT2849855.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Deleted : user_pref("CT2849855.backendstorage./9b-0?3g>d", "3A68406F6D3F6E447A42487746207B4C4A7D2520217C542A24[...]
Deleted : user_pref("CT2849855.backendstorage./9b-0?3g@6:5;", "");
Deleted : user_pref("CT2849855.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Deleted : user_pref("CT2849855.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Deleted : user_pref("CT2849855.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484779213F3E484F4E4D464[...]
Deleted : user_pref("CT2849855.backendstorage./9b5ba==9cjag", "663A6A69717475767A6F71777B7A744A202120237E");
Deleted : user_pref("CT2849855.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6D7072746E6E7477787578");
Deleted : user_pref("CT2849855.backendstorage./9b9643g3/9e", "6A");
Deleted : user_pref("CT2849855.backendstorage./9b<:222h64<", "393F352F3E");
Deleted : user_pref("CT2849855.backendstorage./9b=+03eh8h8j?:", "4443");
Deleted : user_pref("CT2849855.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Deleted : user_pref("CT2849855.backendstorage./9b?b0d:8aj62<h", "6D");
Deleted : user_pref("CT2849855.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Deleted : user_pref("CT2849855.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2849855.globalFirstTimeInfoLastCheckTime", "Sun Jul 08 2012 08:53:37 GMT+0200");
Deleted : user_pref("CT2849855.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2849855.initDone", true);
Deleted : user_pref("CT2849855.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2849855.myStuffEnabled", true);
Deleted : user_pref("CT2849855.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2849855.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2849855.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2849855.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2849855.navigateToUrlOnSearch", false);
Deleted : user_pref("CT2849855.revertSettingsEnabled", true);
Deleted : user_pref("CT2849855.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2849855.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2849855.testingCtid", "");
Deleted : user_pref("CT2849855.toolbarAppMetaDataLastCheckTime", "Thu Jul 12 2012 17:43:45 GMT+0200");
Deleted : user_pref("CT2849855.toolbarContextMenuLastCheckTime", "Thu Jul 12 2012 17:43:44 GMT+0200");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2849855/CT2849855[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2849855", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2849855",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"b57[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Thomas\\AppData\\Roaming\\Mozilla\\[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.babylon.com/?affID=112555&[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2849855");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2849855");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2849855");
Deleted : user_pref("CommunityToolbar.globalUserId", "8a1d7155-6756-4a12-9f0b-fda345736bdb");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2849855");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Jul 12 2012 17:43:4[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Jul 12 2012 17:43:39 GMT+0200");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "950b7dd4-f9e1-441f-b25f-5d7014166a07");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2Xz[...]
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Search");
Deleted : user_pref("backup.old.browser.search.defaultenginename", "SweetIM Search");
Deleted : user_pref("backup.old.browser.search.selectedEngine", "SweetIM Search");
Deleted : user_pref("backup.old.browser.startup.homepage", "hxxp://home.sweetim.com/?crg=3.1010000&st=10");
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.startup.homepage", "hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L[...]
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112555&tt=060612_8_");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "6662ef86000000000000a639e5a44825");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "6662ef86000000000000a639e5a44825");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15516");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112555&tt=06061[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1721:34:47");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.enabledAddons", "OneClickDownload@OneClickDownload.com:1.0,plugin@yontoo.com:1[...]
Deleted : user_pref("extensions.funmoods.aflt", "nv1");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.cntry", "AT");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "C557C6F03B6BD234B8D9DAAC215952A6");
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzutAtN2[...]
Deleted : user_pref("extensions.funmoods.id", "6662ef86000000000000a639e5a44825");
Deleted : user_pref("extensions.funmoods.instlDay", "15514");
Deleted : user_pref("extensions.funmoods.instlRef", "nv1");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2222:43:56");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", true);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzutAt[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "");
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2222:43:56");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2222:43:56");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=2&q=[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000&st=10");

Profile name : default 
File : C:\Users\Valerie\AppData\Roaming\Mozilla\Firefox\Profiles\z9c16o70.default\prefs.js

[OK] File is clean.

Profile name : default 
File : C:\Users\Secure\AppData\Roaming\Mozilla\Firefox\Profiles\b7fzas7v.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted :    "homepage": "hxxp://search.babylon.com/?affID=112555&tt=060612_8_&babsrc=HP_ss&mntrId=6662ef86000[...]
Deleted :       "name": "Web Search",
Deleted :       "search_url": "hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2Xz[...]
Deleted :    "homepage": "hxxp://home.sweetim.com/?crg=3.1010000&st=10",
Deleted :    "urls_to_restore_on_startup": ["hxxp://search.babylon.com/?affID=112555&tt=060612_8_&babsrc=HP_ss[...]

*************************

AdwCleaner[R1].txt - [15516 octets] - [18/07/2012 20:18:08]
AdwCleaner[S1].txt - [12744 octets] - [18/07/2012 20:18:24]
AdwCleaner[R2].txt - [25127 octets] - [23/07/2012 17:51:59]
AdwCleaner[R3].txt - [24968 octets] - [23/07/2012 20:10:09]
AdwCleaner[S2].txt - [24541 octets] - [25/07/2012 17:38:25]

########## EOF - C:\AdwCleaner[S2].txt - [24670 octets] ##########
Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 25.07.2012 17:46:37

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, Q:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	25.07.2012 19:21:20

C:\Users\Thomas\Documents\cs1.5\hlds.exe 	gefunden: Win32.Malware!E2
C:\Users\Thomas\Documents\cs1.5\Half Life CDkeygen.exe 	gefunden: Riskware.Keygen.halflife!E2
C:\Users\Thomas\Desktop\Thomas\cs1.5\Half Life CDkeygen.exe 	gefunden: Riskware.Keygen.halflife!E2
C:\Users\Thomas\Desktop\Thomas\cs1.5\hlds.exe 	gefunden: Win32.Malware!E2

Gescannt	598500
Gefunden	4

Scan Ende:	25.07.2012 19:57:24
Scan Zeit:	0:36:04

Alt 25.07.2012, 19:31   #10
t'john
/// Helfer-Team
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich


Lasse die Funde loeschen, dann:

Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 29.07.2012, 18:05   #11
Vecci
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich


Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=cce46db0ef4cfc4799fc486e049e95cb
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-27 04:37:38
# local_time=2012-07-27 06:37:38 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 106447 94967810 0 0
# compatibility_mode=8192 67108863 100 0 2553 2553 0 0
# scanned=165892
# found=2
# cleaned=2
# scan_time=25899
C:\Program Files (x86)\intellidownload\torrent.exe	Win32/BundleInstaller application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Thomas\Downloads\Verified_3d_darts_professional.exe	Win32/BundleInstaller application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=cce46db0ef4cfc4799fc486e049e95cb
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-29 04:08:53
# local_time=2012-07-29 06:08:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 82490 95201737 0 0
# compatibility_mode=8192 67108863 100 0 236480 236480 0 0
# scanned=168008
# found=0
# cleaned=0
# scan_time=6245

Alt 29.07.2012, 18:16   #12
t'john
/// Helfer-Team
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich


Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 19.08.2012, 18:53   #13
t'john
/// Helfer-Team
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich


Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Polizeivirus Österreich
.dll, adobe, adobe flash player, bho, bingbar, bonjour, conduit, error, explorer, firefox, flash player, format, home, logfile, löschen, malwarebytes, microsoft, origin, plug-in, programme, realtek, registry, scan, searchscopes, secure, symantec, wichtige daten, windows, winlogon, wlan


« Computer gesperrt mit der Nachricht: Der Computer ist für die Verletzung der BRD wurde bockiert! | Sperrtrojaner - Der Computer ist für die Verletzung der Gesetze... »

Ähnliche Themen: Polizeivirus Österreich


  1. Polizeivirus Österreich
    Plagegeister aller Art und deren Bekämpfung - 10.06.2013 (13)
  2. Polizeivirus Österreich
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (17)
  3. Polizeivirus Österreich
    Alles rund um Windows - 30.03.2013 (1)
  4. Polizeivirus Österreich
    Log-Analyse und Auswertung - 07.02.2013 (9)
  5. Polizeivirus Österreich
    Plagegeister aller Art und deren Bekämpfung - 13.12.2012 (3)
  6. polizeivirus! österreich
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (10)
  7. Polizeivirus (Österreich)
    Plagegeister aller Art und deren Bekämpfung - 27.10.2012 (2)
  8. Polizeivirus Österreich, 20.08.12
    Log-Analyse und Auswertung - 05.10.2012 (4)
  9. Polizeivirus Österreich
    Plagegeister aller Art und deren Bekämpfung - 22.09.2012 (23)
  10. Polizeivirus Österreich
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (11)
  11. Polizeivirus österreich
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (2)
  12. Polizeivirus Österreich
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (4)
  13. Polizeivirus Österreich...
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (14)
  14. Polizeivirus Österreich
    Log-Analyse und Auswertung - 02.09.2012 (13)
  15. Polizeivirus Österreich, 20.08.12
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (2)
  16. Polizeivirus Österreich vom 2.8.12
    Log-Analyse und Auswertung - 16.08.2012 (49)
  17. Polizeivirus Österreich
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (13)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Polizeivirus Österreich - Hallo liebe Helfer ! Erstmals finde ich es toll dass es euch gibt und ihr schon so viele User helfen konntet , echt toll von euch! Ich hab mir wie - Polizeivirus Österreich...
Archiv
Du betrachtest: Polizeivirus Österreich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129