bundespolizei virus
Hallo
Ich bins noch mal wieder jetzt aber hat den virus meine mutter erwischt aber nicht den gvu sondern den bundespolizei virus mit diesen ukrash oder wie jetzt der heist
(Würde es eigentlich auch gehen den computer neu zu installiren ? oder solltet man lieber die schritte mit otl u.s.w. machen ?)
hier den otl.txt und extras : Code:
OTL logfile created on: 05.09.2012 16:48:04 - Run 1
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\lini\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 65,94% Memory free
4,00 Gb Paging File | 3,37 Gb Available in Paging File | 84,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,43 Gb Total Space | 52,35 Gb Free Space | 70,34% Space Free | Partition Type: NTFS
Computer Name: LINI-PC | User Name: lini | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\lini\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL ()
========== Services (SafeList) ==========
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Bandoo Coordinator) -- C:\Programme\Bandoo\Bandoo.exe (Bandoo Media Inc.)
SRV - (DozeSvc) -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
SRV - (PwmEWSvc) -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (SUService) -- C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (DozeHDD) -- C:\Windows\System32\drivers\DOZEHDD.SYS (Lenovo.)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited)
DRV - (smihlp) -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys (Authentec Inc.)
DRV - (Shockprf) -- C:\Windows\System32\drivers\ApsX86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\Windows\System32\drivers\ApsHM86.sys (Lenovo.)
DRV - (X6XSEx) -- C:\Programme\Free Ride Games\X6XSEx.sys (Exent Technologies Ltd.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 91 83 DE BB D9 B1 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {9205C1C7-1C65-4C3A-BF0C-03A26FA982B7}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9205C1C7-1C65-4C3A-BF0C-03A26FA982B7}: "URL" = hxxp://start.funmoods.com/results.php?f=4&a=wbst&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer@divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: fblayouts@hotlayouts2u.com:3.2.0
FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&sr=0&q="
FF - prefs.js..network.proxy.type: 4
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\lini\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.29 20:41:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Users\lini\AppData\Roaming\Mozilla\Firefox\Profiles\qtbrly7d.default\extensions\ffox@bandoo.com [2012.01.26 22:27:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.29 20:41:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2012.06.27 21:44:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lini\AppData\Roaming\mozilla\Extensions
[2012.07.25 09:26:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lini\AppData\Roaming\mozilla\Firefox\Profiles\qtbrly7d.default\extensions
[2011.12.31 20:23:36 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\lini\AppData\Roaming\mozilla\Firefox\Profiles\qtbrly7d.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.26 22:27:53 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Users\lini\AppData\Roaming\mozilla\Firefox\Profiles\qtbrly7d.default\extensions\ffox@bandoo.com
[2012.03.05 23:00:08 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\lini\AppData\Roaming\mozilla\Firefox\Profiles\qtbrly7d.default\extensions\ffxtlbr@funmoods.com
[2012.02.20 18:40:35 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\lini\AppData\Roaming\mozilla\firefox\profiles\qtbrly7d.default\extensions\DivXWebPlayer@divx.com.xpi
[2011.12.17 13:23:14 | 000,010,560 | ---- | M] () (No name found) -- C:\Users\lini\AppData\Roaming\mozilla\firefox\profiles\qtbrly7d.default\extensions\fblayouts@hotlayouts2u.com.xpi
[2011.12.21 17:11:00 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\lini\AppData\Roaming\mozilla\firefox\profiles\qtbrly7d.default\extensions\personas@christopher.beard.xpi
[2012.07.25 09:26:09 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\lini\AppData\Roaming\mozilla\firefox\profiles\qtbrly7d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.03.13 20:19:17 | 000,002,045 | ---- | M] () -- C:\Users\lini\AppData\Roaming\mozilla\firefox\profiles\qtbrly7d.default\searchplugins\benefind.xml
[2012.03.05 22:59:28 | 000,001,798 | ---- | M] () -- C:\Users\lini\AppData\Roaming\mozilla\firefox\profiles\qtbrly7d.default\searchplugins\funmoods.xml
[2012.01.26 22:29:10 | 000,002,519 | ---- | M] () -- C:\Users\lini\AppData\Roaming\mozilla\firefox\profiles\qtbrly7d.default\searchplugins\Search_Results.xml
[2012.06.27 21:44:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.29 20:41:35 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.19 13:08:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 20:41:34 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.19 13:08:20 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.19 13:08:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.26 22:29:10 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012.06.19 13:08:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.19 13:08:20 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://start.funmoods.com/?f=1&a=wbst
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://start.funmoods.com/?f=1&a=wbst
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\lini\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Bandoo (Enabled) = C:\Users\lini\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Exent\u00AE AOD Gecko Plugin (Enabled) = C:\Program Files\Free Ride Games\npExentCtl.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\lini\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Bandoo = C:\Users\lini\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\
CHR - Extension: Funmoods = C:\Users\lini\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.6.0_0\
CHR - Extension: Funmoods = C:\Users\lini\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.6.0_0\funmoods\
CHR - Extension: Fieldrunners = C:\Users\lini\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpikhjbfbffdblahfidklcohlaeabak\1.0.0.5_0\
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Programme\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O2 - BHO: (Social Extras Plugin) - {FF4E1D1D-705B-4379-AB33-22D98C1ABF55} - C:\Programme\SocialExtras\socialx.dll (FBSkins.com)
O3 - HKLM\..\Toolbar: (no name) - !{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (Authentec Inc.)
O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKCU..\Run: [Facebook Update] C:\Users\lini\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [fectgmtutyhgsam] C:\ProgramData\fectgmtu.exe (Novatech)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\lini\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BDDA0CA-AA8A-43F3-9C29-1BE71F3D290C}: DhcpNameServer = 192.168.178.1
O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - c:\Programme\Bandoo\BndHook.dll (Discordia Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1dffbd87-2ef2-11e1-a3ea-0016d32dba2e}\Shell - "" = AutoRun
O33 - MountPoints2\{1dffbd87-2ef2-11e1-a3ea-0016d32dba2e}\Shell\AutoRun\command - "" = E:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{43e7a0ba-ae44-11e1-85ef-0016d32dba2e}\Shell - "" = AutoRun
O33 - MountPoints2\{43e7a0ba-ae44-11e1-85ef-0016d32dba2e}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.09.05 16:44:59 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.09.05 16:44:59 | 000,000,000 | ---D | C] -- C:\Users\lini\AppData\Roaming\Malwarebytes
[2012.09.05 16:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.05 16:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.05 16:44:46 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.05 16:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.05 16:41:01 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\lini\Desktop\OTL.exe
[2012.09.05 16:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\arcbujbatfmzlyz
[2012.09.05 16:29:26 | 000,146,432 | ---- | C] (Novatech) -- C:\ProgramData\fectgmtu.exe
[2012.09.03 08:06:32 | 000,000,000 | ---D | C] -- C:\Users\lini\AppData\Roaming\PhotoScape
[2012.09.03 08:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
[2012.09.03 08:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
[2012.09.01 14:34:01 | 000,000,000 | ---D | C] -- C:\Users\lini\Desktop\Gotye-Making_Mirrors-2011-OZM - Kopie
[2012.08.19 14:28:09 | 000,000,000 | ---D | C] -- C:\Users\lini\Desktop\Neuer Ordner
[2012.08.17 12:56:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.16 13:29:01 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.08.16 13:29:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.08.16 13:29:00 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.08.16 13:29:00 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.08.16 13:28:59 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.08.16 13:28:58 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.08.16 13:28:56 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
========== Files - Modified Within 30 Days ==========
[2012.09.05 16:45:13 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.09.05 16:44:48 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.05 16:42:31 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.05 16:42:31 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.05 16:42:31 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.05 16:42:31 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.05 16:41:03 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\lini\Desktop\OTL.exe
[2012.09.05 16:37:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.05 16:37:57 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.05 16:29:27 | 000,076,346 | ---- | M] () -- C:\ProgramData\fjashyznlwteutv
[2012.09.05 16:28:54 | 000,146,432 | ---- | M] (Novatech) -- C:\ProgramData\fectgmtu.exe
[2012.09.05 16:09:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.05 15:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.05 13:52:16 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2337877463-2995840925-1545946237-1001UA.job
[2012.09.05 10:52:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2337877463-2995840925-1545946237-1001Core.job
[2012.09.05 10:38:44 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.05 10:38:44 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.05 10:33:40 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.03 08:15:07 | 000,003,072 | -H-- | M] () -- C:\Users\lini\Desktop\photothumb.db
[2012.09.03 08:06:26 | 000,000,993 | ---- | M] () -- C:\Users\lini\Desktop\PhotoScape.lnk
[2012.08.30 10:14:01 | 000,292,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.15 20:42:05 | 000,003,754 | ---- | M] () -- C:\Users\lini\Desktop\Unbenannt 1.odt
[2012.08.15 13:53:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.15 13:53:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2012.09.05 16:44:48 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.05 16:28:54 | 000,076,346 | ---- | C] () -- C:\ProgramData\fjashyznlwteutv
[2012.09.03 08:15:07 | 000,003,072 | -H-- | C] () -- C:\Users\lini\Desktop\photothumb.db
[2012.09.03 08:06:26 | 000,000,993 | ---- | C] () -- C:\Users\lini\Desktop\PhotoScape.lnk
[2012.08.30 10:13:31 | 000,292,696 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.01.12 13:56:32 | 000,000,036 | ---- | C] () -- C:\Users\lini\AppData\Local\housecall.guid.cache
[2012.01.01 21:30:29 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011.12.04 15:56:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.12.04 15:55:04 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.12.03 19:21:08 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
< End of report >
und extras : Code:
OTL Extras logfile created on: 05.09.2012 16:48:04 - Run 1
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\lini\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 65,94% Memory free
4,00 Gb Paging File | 3,37 Gb Available in Paging File | 84,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,43 Gb Total Space | 52,35 Gb Free Space | 70,34% Space Free | Partition Type: NTFS
Computer Name: LINI-PC | User Name: lini | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{091BFF09-DAC7-4445-B781-81A8F6871EF5}" = rport=138 | protocol=17 | dir=out | app=system |
"{0D849BD3-EC90-4E2D-989B-93A911CD4F72}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{18549716-986A-455A-BC0B-0CDAE13937BD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{22142436-8F50-4DFB-A257-A13CC68A5E06}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3108F826-7FE5-4D10-98A2-CE63BCCE85CB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{461BAC66-A9DC-4093-92B9-B30FCC3E7B9A}" = rport=137 | protocol=17 | dir=out | app=system |
"{5D274EF5-35D9-4D55-84FA-BAA1FE2A9194}" = lport=138 | protocol=17 | dir=in | app=system |
"{6BF209B6-9A76-44D6-ACC8-FF327A5ED6E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6D066805-C356-4AC0-BFBE-B3C4FCB155C4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6FBB588C-A652-4455-B146-A857F7B49095}" = lport=10243 | protocol=6 | dir=in | app=system |
"{74809A4F-A74D-4343-8995-85B45AAB316F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{74A26A7D-60CC-4B16-B155-383BD304FD35}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{87D36963-90FD-4980-B817-D207DA9FE581}" = rport=445 | protocol=6 | dir=out | app=system |
"{95C888E2-5442-450D-9856-29A313FADD1F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{97D6B3D9-21D4-4126-AF26-797610E6D8D1}" = lport=445 | protocol=6 | dir=in | app=system |
"{A85244FF-3AA3-47A2-BF32-F2005EA6505E}" = rport=139 | protocol=6 | dir=out | app=system |
"{B515091D-81D6-4638-9D31-19B7C6296949}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D11FA9C6-3463-4F65-9FFC-C9E45362EC3C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D706F7F1-6A10-47B8-8E6A-4B30B9328F28}" = lport=137 | protocol=17 | dir=in | app=system |
"{DE25FBA9-FDAF-46F5-ABBB-B6BF1A37263B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E6F18CEF-945E-4A00-A935-6E8D3FEB9D46}" = lport=139 | protocol=6 | dir=in | app=system |
"{F2786091-A885-48A3-AD7E-26563E72D54A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F799B905-E265-46BD-96A8-E1160821753B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{056A0934-80D3-4FDF-9361-E1072F163AF1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{130586D6-338C-4A3F-8A6C-34D7644450E6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{19C9F701-4021-4509-A549-164B836A96F7}" = protocol=6 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{21442CD9-E368-4B8B-BD6C-012782375F75}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{28D0381C-47D0-4BFA-B055-82BF67F66E51}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2A5547D8-255D-4CC5-AB57-B6F63B06F1D7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{475419C7-A457-4528-80C8-AFC0A44FD039}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{559D97AF-21AA-4D1C-92E5-2DFA38C3D22D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{578CBCD8-DC07-40B5-85BA-D560F0D4128E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5FFA4A73-9B81-4788-B7FF-22D774632C6B}" = dir=in | app=c:\users\lini\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{77D830F4-F307-4620-B171-903F3E901BD4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{86D1C9D3-AF1A-4566-B3E6-1057DC3BB38C}" = protocol=6 | dir=out | app=system |
"{8EBA6881-B45E-469E-89D4-5B089945C608}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AEEC2EA8-DD21-4F88-8706-E12D203CB30B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B052E846-D20E-480E-818A-994279E8B436}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BBE7C8AD-4E47-4FCE-AF8F-647FF3D07BFA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E1050445-CF6E-4CB7-9492-0138A3FEBB7C}" = protocol=17 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{F460844D-D9B3-47D7-AD96-EE1018B978E7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F66F46D0-1FA8-4C1D-B50F-738BC4657C6F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi-Software
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{40034B11-149E-4310-AE89-BB575B02525B}" = LG Internet Kit
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{C2938C94-239C-4156-B245-C5406A4F3E93}" = ThinkVantage Fingerprint Software
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Bandoo" = Bandoo
"CCleaner" = CCleaner
"Google Chrome" = Google Chrome
"iLivid" = iLivid
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OnScreenDisplay" = Anzeige am Bildschirm
"PhotoScape" = PhotoScape
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"WinRAR archiver" = WinRAR 4.10 (32-Bit)
"Zylom Games Player Plugin" = Zylom Games Player Plugin
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.08.2012 06:24:09 | Computer Name = lini-PC | Source = Windows Search Service | ID = 9002
Description =
Error - 23.08.2012 06:24:09 | Computer Name = lini-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 23.08.2012 06:24:10 | Computer Name = lini-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 23.08.2012 06:24:10 | Computer Name = lini-PC | Source = Windows Search Service | ID = 3028
Description =
Error - 23.08.2012 06:24:10 | Computer Name = lini-PC | Source = Windows Search Service | ID = 3058
Description =
Error - 23.08.2012 06:24:10 | Computer Name = lini-PC | Source = Windows Search Service | ID = 7010
Description =
Error - 24.08.2012 08:31:31 | Computer Name = lini-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_271.exe,
Version: 11.3.300.271, Zeitstempel: 0x5026ffac Name des fehlerhaften Moduls: unknown,
Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset:
0x106f48a0 ID des fehlerhaften Prozesses: 0x15e4 Startzeit der fehlerhaften Anwendung:
0x01cd81f1d39f0f8f Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: a18a9f6f-ede7-11e1-ba53-0016d32dba2e
Error - 24.08.2012 14:38:07 | Computer Name = lini-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_271.exe,
Version: 11.3.300.271, Zeitstempel: 0x5026ffac Name des fehlerhaften Moduls: unknown,
Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset:
0x06c4b960 ID des fehlerhaften Prozesses: 0x9b8 Startzeit der fehlerhaften Anwendung:
0x01cd8226ac3fcc30 Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: d83de71c-ee1a-11e1-ba53-0016d32dba2e
Error - 24.08.2012 14:43:31 | Computer Name = lini-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_271.exe,
Version: 11.3.300.271, Zeitstempel: 0x5026ffac Name des fehlerhaften Moduls: NPSWF32_11_3_300_271.dll,
Version: 11.3.300.271, Zeitstempel: 0x502701bf Ausnahmecode: 0xc0000005 Fehleroffset:
0x003159e3 ID des fehlerhaften Prozesses: 0x16e0 Startzeit der fehlerhaften Anwendung:
0x01cd82279e885f2f Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
Berichtskennung:
995dd576-ee1b-11e1-ba53-0016d32dba2e
Error - 03.09.2012 15:18:32 | Computer Name = lini-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.0.4619 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 534 Startzeit:
01cd8998ce9af780 Endzeit: 304 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID:
2174a0c4-f5fc-11e1-bf48-0016d32dba2e
[ System Events ]
Error - 06.05.2012 09:44:04 | Computer Name = lini-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 06.05.2012 09:44:04 | Computer Name = lini-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 06.05.2012 09:44:04 | Computer Name = lini-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 06.05.2012 09:44:04 | Computer Name = lini-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.05.2012 11:20:13 | Computer Name = lini-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.
Error - 12.05.2012 06:50:41 | Computer Name = lini-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
Error - 25.05.2012 10:59:24 | Computer Name = lini-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 25.05.2012 10:59:26 | Computer Name = lini-PC | Source = DCOM | ID = 10010
Description =
Error - 30.05.2012 18:25:09 | Computer Name = lini-PC | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
nicht richtig heruntergefahren werden.
Error - 02.06.2012 22:30:42 | Computer Name = lini-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Zeitgeber" wurde mit folgendem Fehler beendet:
%%1115
< End of report >
malwarebytes txt: Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Datenbank Version: v2012.09.05.07
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
lini :: LINI-PC [Administrator]
05.09.2012 17:04:30
mbam-log-2012-09-05 (17-04-30).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 252622
Laufzeit: 35 Minute(n), 41 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|fectgmtutyhgsam (Trojan.Phex.THAGen9) -> Daten: C:\ProgramData\fectgmtu.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 3
C:\ProgramData\fectgmtu.exe (Trojan.Phex.THAGen9) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\lini\AppData\Local\Temp\gwey362.exe (Trojan.Phex.THAGen9) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\lini\Downloads\Setup.exe (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
|
