Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Probleme mit Bundespolizei-Virus Österreich

Probleme mit Bundespolizei-Virus Österreich


Plagegeister aller Art und deren Bekämpfung: Probleme mit Bundespolizei-Virus Österreich

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 25.07.2012, 23:45   #1
PrisMaster
 
Probleme mit Bundespolizei-Virus Österreich - Frage

Probleme mit Bundespolizei-Virus Österreich


Guten Abend!

Also, wie der Titel schon sagt geht es um den Polizei-Virus. Nach sieben Stunden vergeblichen Versuchen, den Virus loszuwerden wende ich mich an euch. Normalerweise versuche ich Computerprobleme selbst mithilfe von Foren, Google etc. selbst zu lösen. Was bis heute auch immer gut geklappt hat, aber diesmal stehe ich vor einer Wand.

Ich habe schon alle möglichen Programme wie Malwarebytes, CCleaner, Norton Power Eraser, Kaspersky Windowsunlocker, Trojan Remover (mit dem ich den Virus früher schon mal losgeworden bin) drüberlaufen lassen doch nichts hat positive Ergebnisse gebracht. Systemwiederherstellung ist nicht möglich, da ich, warum auch immer, keine Wiederherstellungspunkte habe.

Anfangs habe ich versucht, das Problem wie letztens (hatte den Virus schon mal) loszuwerden, indem ich im "regedit" den Pfad von der "shell"-Datei auf explorer.exe ändere. Nix da, der ist schon auf der explorer.exe.

Ich benutze Windows Vista 32 Bit und schreibe derzeit im abgesicherten Modus mit euch.

Ich hoffe ich habe nicht schon zu viel herumgepfuscht, doch dieses herumpfuschen hat bisher immer gut geklappt.

Im Anhang der Log.

Danke schon mal für eure Antworten.

Lg

Alt 26.07.2012, 15:02   #2
PrisMaster
 
Probleme mit Bundespolizei-Virus Österreich - Standard

Probleme mit Bundespolizei-Virus Österreich


Habe ich irgendetwas vergessen anzugeben? Malwarebytes durchsucht gerade, poste dann gleich den log.

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.25.08

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.6001.19272
Kev :: PETER [Administrator]

Schutz: Deaktiviert

26.07.2012 15:14:24
mbam-log-2012-07-26 (16-54-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 551788
Laufzeit: 1 Stunde(n), 39 Minute(n), 

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 11
C:\ProgramData\MPK (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\ProgramData\MPK\1 (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\ProgramData\MPK\CPDA (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\ProgramData\MPK\REFOG Free Keylogger (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\WINDOWS\System32\MPK (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\WINDOWS\System32\MPK\Help (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\WINDOWS\System32\MPK\Help\English (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\WINDOWS\System32\MPK\Help\German (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\WINDOWS\System32\MPK\Help\Spanish (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\WINDOWS\System32\MPK\Images (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\WINDOWS\System32\MPK\Lang (Refog.Keylogger) -> Keine Aktion durchgeführt.

Infizierte Dateien: 62
C:\Users\Kev\Downloads\pass\astlog.exe (HackTool.Asterisk) -> Keine Aktion durchgeführt.
C:\Users\Kev\Downloads\pass\ChromePass.exe (PUP.ChromePasswordTool) -> Keine Aktion durchgeführt.
C:\Users\Kev\Downloads\pass\dialupass.exe (PUP.Dialupass) -> Keine Aktion durchgeführt.
C:\Users\Kev\Downloads\pass\iepv.exe (PUP.PSW.Passview) -> Keine Aktion durchgeführt.
C:\Users\Kev\Downloads\pass\mailpv.exe (PUP.MailPassView) -> Keine Aktion durchgeführt.
C:\Users\Kev\Downloads\pass\mspass.exe (PUP.PSW.MessenPass) -> Keine Aktion durchgeführt.
C:\Users\Kev\Downloads\pass\netpass.exe (PUP.NetworkPasswordTool) -> Keine Aktion durchgeführt.
C:\Users\Kev\Downloads\pass\OperaPassView.exe (PUP.OperaPasswordTool) -> Keine Aktion durchgeführt.
C:\Users\Kev\Downloads\pass\PasswordFox.exe (PUP.PSW.PassFox) -> Keine Aktion durchgeführt.
C:\Users\Kev\Downloads\pass\pspv.exe (PUP.Passview) -> Keine Aktion durchgeführt.
C:\Users\Kev\Downloads\pass\PstPassword.exe (PUP.MailPassView) -> Keine Aktion durchgeführt.
C:\Users\Kev\Downloads\pass\rdpv.exe (Password.Tool) -> Keine Aktion durchgeführt.
C:\Users\Kev\Downloads\pass\SniffPass.exe (PUP.PswdSniffer) -> Keine Aktion durchgeführt.
C:\Users\Kev\Downloads\pass\WebBrowserPassView.exe (PUP.PassView) -> Keine Aktion durchgeführt.
C:\Users\Kev\Downloads\pass\WirelessKeyView.exe (PUP.WirelessKeyView) -> Keine Aktion durchgeführt.
C:\Users\Kev\AppData\Roaming\wiaservg.log (Malware.Trace) -> Keine Aktion durchgeführt.
C:\Users\Kev\ms.exe (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\ProgramData\MPK\REFOG Free Keylogger.lnk (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\ProgramData\MPK\1\I40899_9617393518 (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\ProgramData\MPK\1\I40909_9365062037 (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\ProgramData\MPK\1\I40915_6610535648 (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\ProgramData\MPK\1\I40922_8263523958 (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\ProgramData\MPK\1\I40922_8263578356 (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\ProgramData\MPK\1\I40922_8263633565 (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\ProgramData\MPK\1\I40922_8263685995 (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\ProgramData\MPK\1\I40922_9324764236 (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\ProgramData\MPK\1\I40928_3996460648 (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\ProgramData\MPK\1\I40937_7138603935 (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\ProgramData\MPK\1\I40942_3949491898 (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\ProgramData\MPK\1\I40942_5187015162 (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\ProgramData\MPK\1\I40942_5187804630 (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\ProgramData\MPK\1\I40945_8290590509 (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\ProgramData\MPK\1\I40945_8395442245 (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\ProgramData\MPK\1\I40948_7902674768 (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\ProgramData\MPK\1\I40948_7974099074 (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\ProgramData\MPK\1\I40961_4822645370 (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\ProgramData\MPK\1\I40974_7808886806 (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\ProgramData\MPK\1\I40974_7812624653 (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\ProgramData\MPK\1\I40980_3966206481 (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\ProgramData\MPK\1\I40984_3897572107 (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\WINDOWS\System32\MPK\icon_1.ico (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\WINDOWS\System32\MPK\lnkmst.exe (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\WINDOWS\System32\MPK\Mpk.dll (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\WINDOWS\System32\MPK\MPK64.exe (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\WINDOWS\System32\MPK\unins000.exe (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\WINDOWS\System32\MPK\Help\English\alarms.htm (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\WINDOWS\System32\MPK\Help\English\clipboard.htm (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\WINDOWS\System32\MPK\Help\English\delivery.htm (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\WINDOWS\System32\MPK\Help\English\keyboard.htm (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\WINDOWS\System32\MPK\Help\English\logging.htm (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\WINDOWS\System32\MPK\Help\English\need_update_net.htm (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\WINDOWS\System32\MPK\Help\English\update.htm (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\WINDOWS\System32\MPK\Help\German\filters.htm (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\WINDOWS\System32\MPK\Help\German\imhelp.htm (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\WINDOWS\System32\MPK\Help\German\log_size.htm (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\WINDOWS\System32\MPK\Help\German\password.htm (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\WINDOWS\System32\MPK\Help\German\settings_node.htm (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\WINDOWS\System32\MPK\Help\Spanish\clipboard.htm (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\WINDOWS\System32\MPK\Help\Spanish\computer.htm (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\WINDOWS\System32\MPK\Help\Spanish\logging.htm (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\WINDOWS\System32\MPK\Lang\German.frc (Refog.Keylogger) -> Keine Aktion durchgeführt.
C:\WINDOWS\System32\MPK\Lang\Russian.frc (Refog.Keylogger) -> Keine Aktion durchgeführt.

(Ende)
so, das wäre der log von malwarebytes (Refog habe ich immer aus diversen Gründen im Hintergrund mitlaufen. Passview habe ich mir downgeloadet, weil ich in einem Thread gelesen habe, dass man damit gespeicherte Passwörter aus dem IE auslesen könnte. Hätte diese nämlich gebraucht.)

lg

Habe ich was falsch gemacht, was vergessen oder ist mein computer unrettbar weil sich keiner meinem beitrag annimmt?

lg
__________________

Geändert von PrisMaster (26.07.2012 um 15:57 Uhr)

Alt 27.07.2012, 11:37   #3
t'john
/// Helfer-Team
 
Probleme mit Bundespolizei-Virus Österreich - Standard

Probleme mit Bundespolizei-Virus Österreich




Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:Processes
killallprocesses

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Kev\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132) 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=dpg&s={searchTerms}&f=4 
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} 
IE - HKLM\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=dpg&s={searchTerms}&f=4&hl={language}&src=chrm 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.defaultenginename: "foxsearch" 
FF - prefs.js..browser.search.defaultthis.engineName: "Search" 
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" 
FF - prefs.js..browser.search.order.1: "foxsearch" 
FF - prefs.js..browser.search.selectedEngine: "foxsearch" 
FF - prefs.js..browser.search.update: false 
FF - prefs.js..browser.startup.homepage: "google.at" 
FF - prefs.js..extensions.enabledItems: {6aefa029-2d13-465f-ae31-203fc5b98897}:2.6.0.15 
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 
FF - prefs.js..extensions.enabledItems: info@djzig.com:1.2.8 
FF - prefs.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" 
FF - prefs.js..network.proxy.backup.ftp: "proxy.salzburg.at" 
FF - prefs.js..network.proxy.backup.ftp_port: 82 
FF - prefs.js..network.proxy.backup.gopher: "proxy.salzburg.at" 
FF - prefs.js..network.proxy.backup.gopher_port: 82 
FF - prefs.js..network.proxy.backup.socks: "proxy.salzburg.at" 
FF - prefs.js..network.proxy.backup.socks_port: 82 
FF - prefs.js..network.proxy.backup.ssl: "proxy.salzburg.at" 
FF - prefs.js..network.proxy.backup.ssl_port: 82 
FF - prefs.js..network.proxy.ftp: "proxy.salzburg.at" 
FF - prefs.js..network.proxy.ftp_port: 82 
FF - prefs.js..network.proxy.gopher: "proxy.salzburg.at" 
FF - prefs.js..network.proxy.gopher_port: 82 
FF - prefs.js..network.proxy.http: "proxy.salzburg.at" 
FF - prefs.js..network.proxy.http_port: 82 
FF - prefs.js..network.proxy.no_proxies_on: "" 
FF - prefs.js..network.proxy.share_proxy_settings: true 
FF - prefs.js..network.proxy.socks: "proxy.salzburg.at" 
FF - prefs.js..network.proxy.socks_port: 82 
FF - prefs.js..network.proxy.ssl: "proxy.salzburg.at" 
FF - prefs.js..network.proxy.ssl_port: 82 
FF - prefs.js..network.proxy.type: 4 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Kev\AppData\Roaming\11019 [2012.04.25 13:56:14 | 000,000,000 | ---D | M] 
[2012.04.25 13:56:14 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\KEV\APPDATA\ROAMING\11019 
[2012.02.16 02:43:13 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P39CL31U.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} 
[2010.07.30 17:54:39 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P39CL31U.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C} 
[2012.01.05 20:26:13 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P39CL31U.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI 
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll 
CHR - Extension: Google-Suche = \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ 
CHR - Extension: Skype Click to Call = \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\ 
Hosts file not found 
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) 
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.1\bh\facemoods.dll (facemoods.com BHO) 
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) 
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.1\facemoodsTlbr.dll (facemoods.com) 
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O4 - HKLM..\Run: [NvCplDaemonTool] rundll32.exe File not found 
O4 - HKLM..\Run: [TaskTray] File not found 
O4 - HKLM..\Run: [vhwsegjrixjfspp] C:\ProgramData\vhwsegjr.exe () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 

[2012.07.25 14:22:30 | 000,000,000 | ---D | C] -- C:\ProgramData\quqamxrziscidlk 
 
[2012.07.25 14:22:32 | 000,000,051 | ---- | M] () -- C:\ProgramData\tmmrfcpeajljyms 
[2012.07.25 14:22:26 | 000,061,440 | ---- | M] () -- C:\ProgramData\vhwsegjr.exe 
 
@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:E6E3D650 
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:CB0AACC9 
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:0A8E2C33 


[2012.07.25 15:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover 
 
[2012.07.25 22:07:59 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{948AEFEC-15A1-4427-89E8-4A5DDA048B7C}.job 
[2012.07.25 21:57:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.07.25 21:13:27 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012.07.25 21:13:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 
[2012.07.25 21:13:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 
[2012.07.25 13:11:14 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1005906689-2894697080-478407817-1000UA.job 
[2012.07.25 01:11:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1005906689-2894697080-478407817-1000Core.job 
:Files

C:\USERS\KEV\APPDATA\ROAMING\11019

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1005906689-2894697080-478407817-1000UA.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1005906689-2894697080-478407817-1000Core.job
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
__________________
Alt 27.07.2012, 18:47   #4
PrisMaster
 
Probleme mit Bundespolizei-Virus Österreich - Standard

Probleme mit Bundespolizei-Virus Österreich


So, habe das nun alles gemacht. Ich musste meinen Product Key eingeben aber konnte wieder hochfahren.

Hier der log

Code:
ATTFilter
All processes killed
========== PROCESSES ==========
========== OTL ==========
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys not found.
Service cpuz132 stopped successfully!
Service cpuz132 deleted successfully!
File C:\Users\Kev\AppData\Local\Temp\cpuz132\cpuz132_x32.sys not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Programme\DVDVideoSoftTB\tbDVDV.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Kev\AppData\Roaming\11019 not found.
C:\USERS\KEV\APPDATA\ROAMING\11019\components folder moved successfully.
C:\USERS\KEV\APPDATA\ROAMING\11019 folder moved successfully.
C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P39CL31U.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\searchplugin folder moved successfully.
C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P39CL31U.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\modules folder moved successfully.
C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P39CL31U.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\META-INF folder moved successfully.
C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P39CL31U.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\defaults folder moved successfully.
C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P39CL31U.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\components folder moved successfully.
C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P39CL31U.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\chrome folder moved successfully.
C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P39CL31U.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} folder moved successfully.
C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P39CL31U.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P39CL31U.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C} folder moved successfully.
C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P39CL31U.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI moved successfully.
File C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\zh_TW scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\zh_CN scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\vi scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\uk scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\tr scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\th scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sv scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sr scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sl scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sk scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ru scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ro scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pt_PT scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pt_BR scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pl scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\no scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\nl scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\lv scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\lt scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ko scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ja scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\it scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\id scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hu scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hr scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hi scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\he scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fr scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fil scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fi scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\et scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\es_419 scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\es scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en_US scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en_GB scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\el scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\de scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\da scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\cs scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ca scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\bg scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ar scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0 scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ not found.
File move failed. C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
C:\Programme\facemoods.com\facemoods\1.4.17.1\bh\facemoods.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.
C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ deleted successfully.
C:\Programme\facemoods.com\facemoods\1.4.17.1\facemoodsTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ deleted successfully.
File C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NvCplDaemonTool deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TaskTray deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vhwsegjrixjfspp deleted successfully.
C:\ProgramData\vhwsegjr.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\ProgramData\quqamxrziscidlk folder moved successfully.
C:\ProgramData\tmmrfcpeajljyms moved successfully.
File C:\ProgramData\vhwsegjr.exe not found.
ADS C:\ProgramData\TEMP:E6E3D650 deleted successfully.
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
ADS C:\ProgramData\TEMP:0A8E2C33 deleted successfully.
C:\Program Files\Trojan Remover\%APPDATA%\Microsoft\Windows\IETldCache folder moved successfully.
C:\Program Files\Trojan Remover\%APPDATA%\Microsoft\Windows folder moved successfully.
C:\Program Files\Trojan Remover\%APPDATA%\Microsoft folder moved successfully.
C:\Program Files\Trojan Remover\%APPDATA% folder moved successfully.
C:\Program Files\Trojan Remover folder moved successfully.
C:\WINDOWS\Tasks\User_Feed_Synchronization-{948AEFEC-15A1-4427-89E8-4A5DDA048B7C}.job moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 moved successfully.
C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 moved successfully.
C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1005906689-2894697080-478407817-1000UA.job moved successfully.
C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1005906689-2894697080-478407817-1000Core.job moved successfully.
========== FILES ==========
File\Folder C:\USERS\KEV\APPDATA\ROAMING\11019 not found.
File\Folder C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1005906689-2894697080-478407817-1000UA.job not found.
File\Folder C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1005906689-2894697080-478407817-1000Core.job not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Windows\system32\config\systemprofile\Desktop\cmd.bat deleted successfully.
C:\Windows\system32\config\systemprofile\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Journal
-> No Temporary Internet Files cache folder defined!
 
User: RegBack
-> No Temporary Internet Files cache folder defined!
 
User: systemprofile
-> No Temporary Internet Files cache folder defined!
 
User: TxR
-> No Temporary Internet Files cache folder defined!
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 23314476 bytes
 
Total Files Cleaned = 22,00 mb
 
 
[EMPTYFLASH]
 
User: Journal
 
User: RegBack
 
User: systemprofile
 
User: TxR
 
Total Flash Files Cleaned = 0,00 mb
 
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.55.0 log created on 07272012_124153

Files\Folders moved on Reboot...
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\zh_TW scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\zh_CN scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\vi scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\uk scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\tr scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\th scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sv scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sr scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sl scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sk scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ru scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ro scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pt_PT scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pt_BR scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pl scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\no scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\nl scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\lv scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\lt scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ko scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ja scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\it scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\id scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hu scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hr scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hi scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\he scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fr scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fil scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fi scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\et scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\es_419 scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\es scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en_US scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en_GB scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\el scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\de scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\da scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\cs scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ca scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\bg scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ar scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\zh_TW scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\zh_CN scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\vi scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\uk scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\tr scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\th scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sv scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sr scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sl scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sk scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ru scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ro scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pt_PT scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pt_BR scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pl scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\no scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\nl scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\lv scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\lt scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ko scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ja scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\it scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\id scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hu scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hr scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hi scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\he scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fr scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fil scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fi scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\et scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\es_419 scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\es scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en_US scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en_GB scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\el scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\de scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\da scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\cs scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ca scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\bg scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ar scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\zh_TW scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\zh_CN scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\vi scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\uk scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\tr scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\th scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sv scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sr scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sl scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sk scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ru scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ro scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pt_PT scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pt_BR scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pl scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\no scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\nl scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\lv scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\lt scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ko scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ja scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\it scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\id scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hu scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hr scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hi scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\he scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fr scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fil scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fi scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\et scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\es_419 scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\es scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en_US scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en_GB scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\el scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\de scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\da scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\cs scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ca scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\bg scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ar scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 scheduled to be moved on reboot.
Folder move failed. \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0 scheduled to be moved on reboot.
File move failed. C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\zh_TW not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\zh_CN not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\vi not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\uk not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\tr not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\th not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sv not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sr not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sl not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sk not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ru not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ro not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pt_PT not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pt_BR not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pl not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\no not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\nl not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\lv not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\lt not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ko not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ja not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\it not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\id not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hu not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hr not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hi not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\he not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fr not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fil not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fi not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\et not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\es_419 not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\es not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en_US not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en_GB not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\el not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\de not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\da not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\cs not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ca not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\bg not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ar not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 not found!
File \Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0 not found!
[2006.10.22 23:08:42 | 000,062,080 | ---- | M] (Adobe Systems Incorporated) C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll : MD5=C11F6A1F61481E24BE3FDC06EA6F7D2A

Registry entries deleted on Reboot...
lg

Alt 27.07.2012, 18:49   #5
t'john
/// Helfer-Team
 
Probleme mit Bundespolizei-Virus Österreich - Standard

Probleme mit Bundespolizei-Virus Österreich


Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

__________________
Mfg, t'john
Das TB unterstützen

Alt 28.07.2012, 09:08   #6
PrisMaster
 
Probleme mit Bundespolizei-Virus Österreich - Standard

Probleme mit Bundespolizei-Virus Österreich


So habe das jetzt alles gemacht. Hier die Logs:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.27.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19272
Kev :: PETER [administrator]

Protection: Enabled

27.07.2012 19:52:31
mbam-log-2012-07-27 (19-52-31).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 556617
Time elapsed: 4 hour(s), 32 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\CLSID\{F99BD4F5-D402-4c21-A8BC-510830B6BE37} (Trojan.Banker) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F99BD4F5-D402-4C21-A8BC-510830B6BE37} (Trojan.Banker) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{482EA34C-7FDE-7E9C-981A-8543B4578B13} (Trojan.ZbotR.Gen) -> Data: C:\Users\Kev\AppData\Roaming\Iwacy\azvir.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\_OTL\MovedFiles\07272012_124153\C_ProgramData\vhwsegjr.exe (Trojan.Winlock) -> Quarantined and deleted successfully.

(end)

Code:
ATTFilter
# AdwCleaner v1.703 - Logfile created 07/28/2012 at 10:04:12
# Updated 20/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Kev - PETER
# Running from : C:\Users\Kev\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Kev\AppData\Local\SanctionedMedia
Folder Found : C:\Users\Kev\AppData\Local\TempDir
Folder Found : C:\Users\Kev\AppData\LocalLow\Conduit
Folder Found : C:\Users\Kev\AppData\LocalLow\DVDVideoSoftTB
Folder Found : C:\Users\Kev\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\Kev\AppData\Roaming\instplugin
Folder Found : C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\p39cl31u.default\Conduit
Folder Found : C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\p39cl31u.default\ConduitCommon
Folder Found : C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\p39cl31u.default\ConduitEngine
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\DVDVideoSoftTB
Folder Found : C:\Program Files\facemoods.com
File Found : C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\p39cl31u.default\searchplugins\Conduit.xml

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\facemoods.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Smad
Key Found : HKCU\Software\SanctionedMedia
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Key Found : HKLM\SOFTWARE\Classes\facemoods.dskBnd
Key Found : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Found : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Key Found : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Key Found : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Key Found : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\DVDVideoSoftTB
Key Found : HKLM\SOFTWARE\facemoods.com
Key Found : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Found : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Key Found : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-89AF-189327213627}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19272

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.facemoods.com/?a=dpg

-\\ Mozilla Firefox v11.0 (de)

Profile name : default 
File : C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\p39cl31u.default\prefs.js

Found : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2269050.CTID", "CT2269050");
Found : user_pref("CT2269050.CurrentServerDate", "27-9-2010");
Found : user_pref("CT2269050.DialogsAlignMode", "LTR");
Found : user_pref("CT2269050.DownloadReferralCookieData", "");
Found : user_pref("CT2269050.EMailNotifierPollDate", "Mon Sep 27 2010 21:30:13 GMT+0200");
Found : user_pref("CT2269050.FirstServerDate", "27-9-2010");
Found : user_pref("CT2269050.FirstTime", true);
Found : user_pref("CT2269050.FirstTimeFF3", true);
Found : user_pref("CT2269050.FirstTimeSettingsDone", true);
Found : user_pref("CT2269050.FixPageNotFoundErrors", true);
Found : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2269050.Initialize", true);
Found : user_pref("CT2269050.InitializeCommonPrefs", true);
Found : user_pref("CT2269050.InstallationAndCookieDataSentCount", 1);
Found : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Found : user_pref("CT2269050.InstalledDate", "Mon Sep 27 2010 21:30:13 GMT+0200");
Found : user_pref("CT2269050.InvalidateCache", false);
Found : user_pref("CT2269050.IsGrouping", false);
Found : user_pref("CT2269050.IsMulticommunity", false);
Found : user_pref("CT2269050.IsOpenThankYouPage", false);
Found : user_pref("CT2269050.IsOpenUninstallPage", false);
Found : user_pref("CT2269050.LanguagePackLastCheckTime", "Mon Sep 27 2010 21:30:16 GMT+0200");
Found : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2269050.LastLogin_2.7.0.14", "Mon Sep 27 2010 21:30:14 GMT+0200");
Found : user_pref("CT2269050.LatestVersion", "2.7.2.0");
Found : user_pref("CT2269050.Locale", "en");
Found : user_pref("CT2269050.LoginCache", 4);
Found : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Found : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Found : user_pref("CT2269050.RadioIsPodcast", false);
Found : user_pref("CT2269050.RadioLastCheckTime", "Mon Sep 27 2010 21:30:15 GMT+0200");
Found : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Found : user_pref("CT2269050.RadioMediaID", "12473383");
Found : user_pref("CT2269050.RadioMediaType", "Media Player");
Found : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Found : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Found : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Found : user_pref("CT2269050.SavedHomepage", "google.at");
Found : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Found : user_pref("CT2269050.SearchInNewTabEnabled", true);
Found : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Mon Sep 27 2010 21:30:15 GMT+0200");
Found : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2269050.SettingsLastCheckTime", "Mon Sep 27 2010 21:30:11 GMT+0200");
Found : user_pref("CT2269050.SettingsLastUpdate", "1285583098");
Found : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Mon Sep 27 2010 21:30:11 GMT+0200");
Found : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Found : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Found : user_pref("CT2269050.UserID", "UN13250458163620826");
Found : user_pref("CT2269050.WeatherNetwork", "");
Found : user_pref("CT2269050.WeatherPollDate", "Mon Sep 27 2010 21:30:14 GMT+0200");
Found : user_pref("CT2269050.WeatherUnit", "C");
Found : user_pref("CT2269050.alertChannelId", "666138");
Found : user_pref("CT2269050.clientLogIsEnabled", false);
Found : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2269050.myStuffEnabled", true);
Found : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CT484075.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT484075.DSInstall", false);
Found : user_pref("CT484075.DialogsAlignMode", "LTR");
Found : user_pref("CT484075.DialogsGetterLastCheckTime", "Tue Jan 31 2012 08:29:27 GMT+0100");
Found : user_pref("CT484075.FirstTimeFF3", true);
Found : user_pref("CT484075.HPInstall", false);
Found : user_pref("CT484075.HasUserGlobalKeys", true);
Found : user_pref("CT484075.Initialize", true);
Found : user_pref("CT484075.InitializeCommonPrefs", true);
Found : user_pref("CT484075.InstalledDate", "Tue Jan 31 2012 08:29:28 GMT+0100");
Found : user_pref("CT484075.IsGrouping", false);
Found : user_pref("CT484075.IsInitSetupIni", true);
Found : user_pref("CT484075.IsMulticommunity", false);
Found : user_pref("CT484075.IsOpenThankYouPage", true);
Found : user_pref("CT484075.IsOpenUninstallPage", true);
Found : user_pref("CT484075.LanguagePackLastCheckTime", "Tue Jan 31 2012 08:29:28 GMT+0100");
Found : user_pref("CT484075.Locale", "de");
Found : user_pref("CT484075.MCDetectTooltipHeight", "83");
Found : user_pref("CT484075.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT484075.MCDetectTooltipWidth", "295");
Found : user_pref("CT484075.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT484075.SearchCaption", "Bofanz Customized Web Search");
Found : user_pref("CT484075.SearchFromAddressBarIsInit", true);
Found : user_pref("CT484075.SendProtectorDataViaLogin", true);
Found : user_pref("CT484075.ServiceMapLastCheckTime", "Tue Jan 31 2012 08:29:26 GMT+0100");
Found : user_pref("CT484075.SettingsLastCheckTime", "Tue Jan 31 2012 08:29:26 GMT+0100");
Found : user_pref("CT484075.SettingsLastUpdate", "1323179912");
Found : user_pref("CT484075.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT484075&SearchSource=13");
Found : user_pref("CT484075.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT484075.ThirdPartyComponentsLastCheck", "Tue Jan 31 2012 08:29:26 GMT+0100");
Found : user_pref("CT484075.ThirdPartyComponentsLastUpdate", "1255344657");
Found : user_pref("CT484075.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT484075.Uninstall", true);
Found : user_pref("CT484075.alertChannelId", "70019");
Found : user_pref("CT484075.globalFirstTimeInfoLastCheckTime", "Tue Jan 31 2012 08:29:27 GMT+0100");
Found : user_pref("CT484075.initDone", true);
Found : user_pref("CT484075.isAppTrackingManagerOn", true);
Found : user_pref("CT484075.revertSettingsEnabled", true);
Found : user_pref("CT484075.testingCtid", "");
Found : user_pref("CT484075.toolbarAppMetaDataLastCheckTime", "Tue Jan 31 2012 08:29:26 GMT+0100");
Found : user_pref("CT484075.toolbarContextMenuLastCheckTime", "Tue Jan 31 2012 08:29:28 GMT+0100");
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT484075/CT484075",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=70019&fid=69447", "\"0\"");
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/70019/69447/AT", "\"0\"");
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/AT", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT484075", "[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT484075", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT484075&octid=C[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT484075/CT484075",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"420[...]
Found : user_pref("CommunityToolbar.EngineOwner", "CT484075");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{6aefa029-2d13-465f-ae31-203fc5b98897}");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "bofanz");
Found : user_pref("CommunityToolbar.IsEngineShown", true);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Kev\\AppData\\Roaming\\Mozilla\\Fir[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT484075");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{6aefa029-2d13-465f-ae31-203fc5b98897}");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "bofanz");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,ConduitEngine,CT484075");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT484075");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun May 29 2011 08:23:55 GMT+02[...]
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Jun 25 2011 18:36:11 GMT+0200");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jun 25 2011 16:51:00 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "{8a3ae335-f78f-4113-af77-0cd488290871}");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Sep 27 2010 21:30:15 GMT+0200");
Found : user_pref("CommunityToolbar.globalUserId", "8a0612b8-f295-46ab-8b9e-1a22283283cc");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Jan 31 2012 08:29:2[...]
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Jan 29 2012 18:29:22 GMT+010[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Jan 31 2012 08:29:28 GMT+0100");
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "4762ac89-ed2a-4ac2-88d1-6c14045a6fce");
Found : user_pref("CommunityToolbar.originalHomepage", "google.at");
Found : user_pref("CommunityToolbar.originalSearchEngine", "foxsearch");
Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Wed Jun 22 2011 16:13:49 GMT+0200");
Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Thu Jun 23 2011 19:16:24 GMT+0200");
Found : user_pref("ConduitEngine.FirstServerDate", "05/07/2011 01");
Found : user_pref("ConduitEngine.FirstTime", true);
Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Found : user_pref("ConduitEngine.HideEngineAfterRestart", true);
Found : user_pref("ConduitEngine.Initialize", true);
Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Found : user_pref("ConduitEngine.InstalledDate", "Sat May 07 2011 00:46:12 GMT+0200");
Found : user_pref("ConduitEngine.IsMulticommunity", false);
Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Jun 25 2011 18:35:49 GMT+0200");
Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat Jun 25 2011 16:35:45 GMT+0200");
Found : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Jun 25 2011 16:35:45 GMT+0200");
Found : user_pref("ConduitEngine.UserID", "UN22624984165108946");
Found : user_pref("ConduitEngine.engineLocale", "de");
Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Jun 25 2011 18:35:49 GMT+0200");
Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Jun 25 2011 18:35:45 GMT+0200");
Found : user_pref("ConduitEngine.initDone", true);
Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&Sea[...]
Found : user_pref("extensions.facemoods.aflt", "_#dpg");
Found : user_pref("extensions.facemoods.firstRun", false);
Found : user_pref("extensions.facemoods.lastActv", "28");

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found :                   "css": [ "style/facemoods_chrome_1.0.1.css" ],
Found :                "name": "Facemoods",
Found :                "permissions": [ "tabs", "hxxp://igor.facemoods.com/", "hxxp://reports.facemoods.com/[...]
Found :                "update_url": "hxxp://facemoods.com/public/download/chrome/update.xml",

*************************

AdwCleaner[R1].txt - [24490 octets] - [28/07/2012 10:04:12]

########## EOF - C:\AdwCleaner[R1].txt - [24619 octets] ##########

Ich kann nun aber die Benutzerkontensteuerung nicht mehr ausschalten.
Wenn ich auf 'Sicherheitscenter' gehe, steht da "Der Sicherheitscenterdienst ist ausgeschaltet". Wenn ich nun auf "Jetzt einschalten" gehe meldet er mir: "Der Sicherheitsdienst konnte nicht gestartet werden". Ansonsten läuft der Laptop wieder normal.

lg

Alt 28.07.2012, 12:20   #7
t'john
/// Helfer-Team
 
Probleme mit Bundespolizei-Virus Österreich - Standard

Probleme mit Bundespolizei-Virus Österreich


Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 29.07.2012, 09:25   #8
PrisMaster
 
Probleme mit Bundespolizei-Virus Österreich - Standard

Probleme mit Bundespolizei-Virus Österreich


So hier die logs

Code:
ATTFilter
# AdwCleaner v1.703 - Logfile created 07/28/2012 at 15:49:23
# Updated 20/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Kev - PETER
# Running from : C:\Users\Kev\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Kev\AppData\Local\SanctionedMedia
Folder Deleted : C:\Users\Kev\AppData\Local\TempDir
Folder Deleted : C:\Users\Kev\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Kev\AppData\LocalLow\DVDVideoSoftTB
Folder Deleted : C:\Users\Kev\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\Kev\AppData\Roaming\instplugin
Folder Deleted : C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\p39cl31u.default\Conduit
Folder Deleted : C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\p39cl31u.default\ConduitCommon
Folder Deleted : C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\p39cl31u.default\ConduitEngine
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DVDVideoSoftTB
Folder Deleted : C:\Program Files\facemoods.com
File Deleted : C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\p39cl31u.default\searchplugins\Conduit.xml

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\facemoods.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Smad
Key Deleted : HKCU\Software\SanctionedMedia
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\DVDVideoSoftTB
Key Deleted : HKLM\SOFTWARE\facemoods.com
Key Deleted : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-89AF-189327213627}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19272

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.facemoods.com/?a=dpg --> hxxp://www.google.com

-\\ Mozilla Firefox v11.0 (de)

Profile name : default 
File : C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\p39cl31u.default\prefs.js

C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\p39cl31u.default\user.js ... Deleted !

Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2269050.CTID", "CT2269050");
Deleted : user_pref("CT2269050.CurrentServerDate", "27-9-2010");
Deleted : user_pref("CT2269050.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2269050.DownloadReferralCookieData", "");
Deleted : user_pref("CT2269050.EMailNotifierPollDate", "Mon Sep 27 2010 21:30:13 GMT+0200");
Deleted : user_pref("CT2269050.FirstServerDate", "27-9-2010");
Deleted : user_pref("CT2269050.FirstTime", true);
Deleted : user_pref("CT2269050.FirstTimeFF3", true);
Deleted : user_pref("CT2269050.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2269050.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2269050.Initialize", true);
Deleted : user_pref("CT2269050.InitializeCommonPrefs", true);
Deleted : user_pref("CT2269050.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2269050.InstalledDate", "Mon Sep 27 2010 21:30:13 GMT+0200");
Deleted : user_pref("CT2269050.InvalidateCache", false);
Deleted : user_pref("CT2269050.IsGrouping", false);
Deleted : user_pref("CT2269050.IsMulticommunity", false);
Deleted : user_pref("CT2269050.IsOpenThankYouPage", false);
Deleted : user_pref("CT2269050.IsOpenUninstallPage", false);
Deleted : user_pref("CT2269050.LanguagePackLastCheckTime", "Mon Sep 27 2010 21:30:16 GMT+0200");
Deleted : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2269050.LastLogin_2.7.0.14", "Mon Sep 27 2010 21:30:14 GMT+0200");
Deleted : user_pref("CT2269050.LatestVersion", "2.7.2.0");
Deleted : user_pref("CT2269050.Locale", "en");
Deleted : user_pref("CT2269050.LoginCache", 4);
Deleted : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2269050.RadioIsPodcast", false);
Deleted : user_pref("CT2269050.RadioLastCheckTime", "Mon Sep 27 2010 21:30:15 GMT+0200");
Deleted : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Deleted : user_pref("CT2269050.RadioMediaID", "12473383");
Deleted : user_pref("CT2269050.RadioMediaType", "Media Player");
Deleted : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Deleted : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Deleted : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Deleted : user_pref("CT2269050.SavedHomepage", "google.at");
Deleted : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Deleted : user_pref("CT2269050.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Mon Sep 27 2010 21:30:15 GMT+0200");
Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2269050.SettingsLastCheckTime", "Mon Sep 27 2010 21:30:11 GMT+0200");
Deleted : user_pref("CT2269050.SettingsLastUpdate", "1285583098");
Deleted : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Mon Sep 27 2010 21:30:11 GMT+0200");
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2269050.UserID", "UN13250458163620826");
Deleted : user_pref("CT2269050.WeatherNetwork", "");
Deleted : user_pref("CT2269050.WeatherPollDate", "Mon Sep 27 2010 21:30:14 GMT+0200");
Deleted : user_pref("CT2269050.WeatherUnit", "C");
Deleted : user_pref("CT2269050.alertChannelId", "666138");
Deleted : user_pref("CT2269050.clientLogIsEnabled", false);
Deleted : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2269050.myStuffEnabled", true);
Deleted : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT484075.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT484075.DSInstall", false);
Deleted : user_pref("CT484075.DialogsAlignMode", "LTR");
Deleted : user_pref("CT484075.DialogsGetterLastCheckTime", "Tue Jan 31 2012 08:29:27 GMT+0100");
Deleted : user_pref("CT484075.FirstTimeFF3", true);
Deleted : user_pref("CT484075.HPInstall", false);
Deleted : user_pref("CT484075.HasUserGlobalKeys", true);
Deleted : user_pref("CT484075.Initialize", true);
Deleted : user_pref("CT484075.InitializeCommonPrefs", true);
Deleted : user_pref("CT484075.InstalledDate", "Tue Jan 31 2012 08:29:28 GMT+0100");
Deleted : user_pref("CT484075.IsGrouping", false);
Deleted : user_pref("CT484075.IsInitSetupIni", true);
Deleted : user_pref("CT484075.IsMulticommunity", false);
Deleted : user_pref("CT484075.IsOpenThankYouPage", true);
Deleted : user_pref("CT484075.IsOpenUninstallPage", true);
Deleted : user_pref("CT484075.LanguagePackLastCheckTime", "Tue Jan 31 2012 08:29:28 GMT+0100");
Deleted : user_pref("CT484075.Locale", "de");
Deleted : user_pref("CT484075.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT484075.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT484075.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT484075.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT484075.SearchCaption", "Bofanz Customized Web Search");
Deleted : user_pref("CT484075.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT484075.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT484075.ServiceMapLastCheckTime", "Tue Jan 31 2012 08:29:26 GMT+0100");
Deleted : user_pref("CT484075.SettingsLastCheckTime", "Tue Jan 31 2012 08:29:26 GMT+0100");
Deleted : user_pref("CT484075.SettingsLastUpdate", "1323179912");
Deleted : user_pref("CT484075.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT484075&SearchSource=13");
Deleted : user_pref("CT484075.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT484075.ThirdPartyComponentsLastCheck", "Tue Jan 31 2012 08:29:26 GMT+0100");
Deleted : user_pref("CT484075.ThirdPartyComponentsLastUpdate", "1255344657");
Deleted : user_pref("CT484075.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT484075.Uninstall", true);
Deleted : user_pref("CT484075.alertChannelId", "70019");
Deleted : user_pref("CT484075.globalFirstTimeInfoLastCheckTime", "Tue Jan 31 2012 08:29:27 GMT+0100");
Deleted : user_pref("CT484075.initDone", true);
Deleted : user_pref("CT484075.isAppTrackingManagerOn", true);
Deleted : user_pref("CT484075.revertSettingsEnabled", true);
Deleted : user_pref("CT484075.testingCtid", "");
Deleted : user_pref("CT484075.toolbarAppMetaDataLastCheckTime", "Tue Jan 31 2012 08:29:26 GMT+0100");
Deleted : user_pref("CT484075.toolbarContextMenuLastCheckTime", "Tue Jan 31 2012 08:29:28 GMT+0100");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT484075/CT484075",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=70019&fid=69447", "\"0\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/70019/69447/AT", "\"0\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/AT", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT484075", "[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT484075", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT484075&octid=C[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT484075/CT484075",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"420[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "CT484075");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{6aefa029-2d13-465f-ae31-203fc5b98897}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "bofanz");
Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Kev\\AppData\\Roaming\\Mozilla\\Fir[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT484075");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{6aefa029-2d13-465f-ae31-203fc5b98897}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "bofanz");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,ConduitEngine,CT484075");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT484075");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun May 29 2011 08:23:55 GMT+02[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Jun 25 2011 18:36:11 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jun 25 2011 16:51:00 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "{8a3ae335-f78f-4113-af77-0cd488290871}");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Sep 27 2010 21:30:15 GMT+0200");
Deleted : user_pref("CommunityToolbar.globalUserId", "8a0612b8-f295-46ab-8b9e-1a22283283cc");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Jan 31 2012 08:29:2[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Jan 29 2012 18:29:22 GMT+010[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Jan 31 2012 08:29:28 GMT+0100");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "4762ac89-ed2a-4ac2-88d1-6c14045a6fce");
Deleted : user_pref("CommunityToolbar.originalHomepage", "google.at");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "foxsearch");
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Wed Jun 22 2011 16:13:49 GMT+0200");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Thu Jun 23 2011 19:16:24 GMT+0200");
Deleted : user_pref("ConduitEngine.FirstServerDate", "05/07/2011 01");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Sat May 07 2011 00:46:12 GMT+0200");
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Jun 25 2011 18:35:49 GMT+0200");
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat Jun 25 2011 16:35:45 GMT+0200");
Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Jun 25 2011 16:35:45 GMT+0200");
Deleted : user_pref("ConduitEngine.UserID", "UN22624984165108946");
Deleted : user_pref("ConduitEngine.engineLocale", "de");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Jun 25 2011 18:35:49 GMT+0200");
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Jun 25 2011 18:35:45 GMT+0200");
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&Sea[...]
Deleted : user_pref("extensions.facemoods.aflt", "_#dpg");
Deleted : user_pref("extensions.facemoods.firstRun", false);
Deleted : user_pref("extensions.facemoods.lastActv", "28");

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted :                   "css": [ "style/facemoods_chrome_1.0.1.css" ],
Deleted :                "name": "Facemoods",
Deleted :                "permissions": [ "tabs", "hxxp://igor.facemoods.com/", "hxxp://reports.facemoods.com/[...]
Deleted :                "update_url": "hxxp://facemoods.com/public/download/chrome/update.xml",

*************************

AdwCleaner[R1].txt - [24621 octets] - [28/07/2012 10:04:12]
AdwCleaner[S1].txt - [25286 octets] - [28/07/2012 15:49:23]

########## EOF - C:\AdwCleaner[S1].txt - [25415 octets] ##########

und Emisoft:

Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 28.07.2012 19:14:56

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	28.07.2012 19:15:13

c:\users\kev\appdata\roaming\microst\ 	gefunden: Trace.File.carberp!E1
Value: hkey_current_user\software\nirsoft\pspv --> columns 	gefunden: Trace.Registry.protected storage pass view!E1
Value: hkey_current_user\software\nirsoft\pspv --> showoutlook 	gefunden: Trace.Registry.protected storage pass view!E1
Value: hkey_current_user\software\nirsoft\pspv --> showpasswordprotected 	gefunden: Trace.Registry.protected storage pass view!E1
Value: hkey_current_user\software\nirsoft\pspv --> showsubitems 	gefunden: Trace.Registry.protected storage pass view!E1
Value: hkey_current_user\software\nirsoft\pspv --> winpos 	gefunden: Trace.Registry.protected storage pass view!E1
Value: hkey_current_user\software\nirsoft\pspv --> showautocompletenopass 	gefunden: Trace.Registry.protected storage pass view!E1
Value: hkey_current_user\software\nirsoft\pspv --> showmsnexplorer 	gefunden: Trace.Registry.protected storage pass view!E1
Value: hkey_current_user\software\nirsoft\pspv --> showautocomplete 	gefunden: Trace.Registry.protected storage pass view!E1
C:\Users\Kev\Downloads\pass\BulletsPassView.exe 	gefunden: Riskware.PSWTool.Win32.NetPass!E1
C:\Users\Kev\Downloads\pass\VNCPassView.exe 	gefunden: Riskware.PSWTool.Win32.VNCPwdump!E1
C:\Users\Kev\Documents\te.comp\training2007\Simulation\Uebungen\CopyTasks.exe 	gefunden: Trojan.Win32.Buzus!E2
C:\Users\Kev\Documents\te.comp\training2007\Access\autorun.inf 	gefunden: Worm.Win32.AutoRun!E2
C:\Users\Kev\Documents\te.comp\training2007\Simulation\Uebungen\MouseFencer.exe 	gefunden: Trojan.Win32.Buzus!E2
C:\Users\Kev\Documents\te.comp\training2007\Simulation\Uebungen\ShortCutDialog.exe 	gefunden: Trojan.Win32.Buzus!E2
C:\Users\Kev\Documents\te.comp\training2007\Simulation\Uebungen\WindowTasks.exe 	gefunden: Trojan.Win32.Buzus!E2
C:\Users\Kev\AppData\Local\Temp\training2007\EC930E6405923C5B7FC34C35B49EC9F4.zip -> Simulation\Uebungen\WindowTasks.exe 	gefunden: Trojan.Win32.Buzus!E2
C:\Users\Kev\AppData\Local\Temp\NERO14766\Toolbar.exe 	gefunden: Adware.Win32.AskTBar!E1
C:\HP\BIN\EndProcess.exe 	gefunden: Riskware.Win32.KillApp!E1

Gescannt	818807
Gefunden	19

Scan Ende:	29.07.2012 02:50:32
Scan Zeit:	7:35:19
Hatte während Emisoft lief nen Bluescreen, btw

lg

Alt 29.07.2012, 12:25   #9
t'john
/// Helfer-Team
 
Probleme mit Bundespolizei-Virus Österreich - Standard

Probleme mit Bundespolizei-Virus Österreich


Sehr gut!

Lasse die Funde loeschen, dann:

Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 29.07.2012, 12:48   #10
PrisMaster
 
Probleme mit Bundespolizei-Virus Österreich - Standard

Probleme mit Bundespolizei-Virus Österreich


öhm, ich habe emisoft zwischendurch geschlossen. wie kann ich denn nachträglich die funde beim letzten scan löschen?

lg

Alt 29.07.2012, 14:08   #11
t'john
/// Helfer-Team
 
Probleme mit Bundespolizei-Virus Österreich - Standard

Probleme mit Bundespolizei-Virus Österreich


Scanne nochmal mit Quarantaene.
__________________
Mfg, t'john
Das TB unterstützen

Alt 29.07.2012, 18:00   #12
PrisMaster
 
Probleme mit Bundespolizei-Virus Österreich - Standard

Probleme mit Bundespolizei-Virus Österreich


Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b881cfb33e16c74c8cc490fd4f3a1b11
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-29 04:28:11
# local_time=2012-07-29 06:28:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 158643 80100350 3415 0
# compatibility_mode=5892 16776574 66 100 20461143 181096222 0 0
# compatibility_mode=8192 67108863 100 0 320 320 0 0
# scanned=359421
# found=11
# cleaned=11
# scan_time=15796
C:\Kev\Setup\Setup_FreeFlvConverter.exe	Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files\te.comp\training2007\workdir\autorun.inf	INF/Autorun worm (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Kev\AppData\Local\Temp\FacemoodsReinstal\Facemoods.exe	probably a variant of Win32/SweetIM.A application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Kev\AppData\Local\Temp\NERO14766\Toolbar.exe	Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Kev\Documents\te.comp\training2007\Access\autorun.inf	INF/Autorun worm (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Kev\Downloads\Facemoods.exe	probably a variant of Win32/SweetIM.A application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Kev\Downloads\installer_beyond_keylogger_3_1_Deutsch.exe	Win32/Toggle application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Kev\Downloads\SoftonicDownloader53624.exe	a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Kev\Downloads\SoftonicDownloader_fuer_animake.exe	a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Kev\Downloads\SoftonicDownloader_fuer_little-fighter-ii.exe	a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\_OTL\MovedFiles\07272012_124153\C_ProgramData\quqamxrziscidlk\main.html	HTML/Ransom.B trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
So, hier der Log

Alt 29.07.2012, 18:16   #13
t'john
/// Helfer-Team
 
Probleme mit Bundespolizei-Virus Österreich - Standard

Probleme mit Bundespolizei-Virus Österreich


Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
  • Windows XP (nur 32-bit)
  • Windows Vista (32-bit/64-bit)
  • Windows 7 (32-bit/64-bit)


Vorbereitung und wichtige Hinweise

  • Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
  • Liste der zu deaktivierenden Programme.
    Bei Unklarheiten bitte fragen.


  • ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
  • Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
  • Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
  • Teile uns das mit und warte auf unsere Anweisungen.


  • Starte die Combofix.exe mit Rechtsklick => Als Administrator ausführen und folge den Anweisungen.
  • Während des Laufs von Combofix nichts anderes am Computer machen!
  • Akzeptiere die Bedingungen (Disclaimer) mit "Ja".


  • Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
  • Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
  • Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
  • Bitte nicht in dieses Combofix-Fenster klicken.
  • Das könnte Dein System einfrieren oder hängen bleiben lassen.
  • Es wird ein Backup Deiner Registry erstellt.
  • Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.


  • Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
  • Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
  • Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.


  • Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
  • Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.



Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 04.08.2012, 19:40   #14
PrisMaster
 
Probleme mit Bundespolizei-Virus Österreich - Standard

Probleme mit Bundespolizei-Virus Österreich


So, sry, war jetzt ein paar Tage verhindert

Habe zweimal versucht das Programm (Combofix) drüberlaufen zu lassen. Beim ersten mal hat es sich aufgehängt und beim zweiten Mal ging nichts weiter. Beim Suchlauf der, wie das Programm mir sagt, nicht länger als 10 Minuten dauern sollte, habe ich über ne Stunde scannen lassen, doch das Fenster bleibt unverändert.

lg

Alt 04.08.2012, 20:16   #15
t'john
/// Helfer-Team
 
Probleme mit Bundespolizei-Virus Österreich - Standard

Probleme mit Bundespolizei-Virus Österreich


Gibts ein Logfile?

C:\ComboFix.txt
__________________
Mfg, t'john
Das TB unterstützen

Antwort
Seite 1 von 2 1 2

Themen zu Probleme mit Bundespolizei-Virus Österreich
32 bit, abgesicherten, anhang, bundespolizei trojaner entfernen, bundespolizei-virus, ccleaner, eraser, ergebnisse, explorer.exe, foren, google, guten, heute, kaspersky, locker, malwarebytes, modus, nicht möglich, nichts, norton, norton power eraser, power, probleme, programme, regedit, remover, shell, systemwiederherstellung, trojan, vista, vista 32 bit, warum, windows vista, windowsunlocker


« Werbung unten rechts und falsche Weiterleitung. | Rootkit.0Access und andere Trojaner »


Ähnliche Themen: Probleme mit Bundespolizei-Virus Österreich


  1. Bundespolizei Virus - Probleme bei der Befolgung vorheriger Posts
    Plagegeister aller Art und deren Bekämpfung - 27.07.2013 (1)
  2. Bundespolizei Virus Österreich kein abgesicheter modus
    Plagegeister aller Art und deren Bekämpfung - 19.04.2013 (3)
  3. Bundespolizei-Virus Version Österreich, kein abgesicherter Modus
    Plagegeister aller Art und deren Bekämpfung - 13.04.2013 (17)
  4. bundespolizei österreich trojaner
    Log-Analyse und Auswertung - 01.11.2012 (4)
  5. Bundespolizei österreich UKASH trojaner
    Plagegeister aller Art und deren Bekämpfung - 29.09.2012 (5)
  6. Bundespolizei Trojaner- Österreich
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (5)
  7. Bundespolizei Trojaner Österreich
    Log-Analyse und Auswertung - 12.08.2012 (13)
  8. Bundespolizei Trojaner Österreich!
    Log-Analyse und Auswertung - 02.08.2012 (16)
  9. bundespolizei trojaner: österreich
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (2)
  10. Bundespolizei Einheit 5.2 Infektion Österreich Version
    Log-Analyse und Auswertung - 22.07.2012 (10)
  11. Bundespolizei (Österreich) - Ihr Computer wurde gesperrt
    Log-Analyse und Auswertung - 20.07.2012 (9)
  12. Bundespolizei Virus Österreich
    Plagegeister aller Art und deren Bekämpfung - 18.07.2012 (2)
  13. Bundespolizei Österreich
    Log-Analyse und Auswertung - 11.07.2012 (3)
  14. Bundespolizei 5.2 Österreich eingefangen
    Plagegeister aller Art und deren Bekämpfung - 07.07.2012 (1)
  15. Bundespolizei Virus Österreich
    Plagegeister aller Art und deren Bekämpfung - 18.04.2012 (7)
  16. Bundespolizei Virus probleme!
    Log-Analyse und Auswertung - 30.10.2011 (7)
  17. Bundespolizei-Virus! Probleme bei Versuch des Löschens trotz Befolgung einiger ähnlicher Threads
    Log-Analyse und Auswertung - 14.09.2011 (24)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Probleme mit Bundespolizei-Virus Österreich - Guten Abend! Also, wie der Titel schon sagt geht es um den Polizei-Virus. Nach sieben Stunden vergeblichen Versuchen, den Virus loszuwerden wende ich mich an euch. Normalerweise versuche ich Computerprobleme - Probleme mit Bundespolizei-Virus Österreich...
Archiv
Du betrachtest: Probleme mit Bundespolizei-Virus Österreich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129