Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss

Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss


Plagegeister aller Art und deren Bekämpfung: Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 5 1 2 34 Letzte »
Alt 26.07.2011, 14:43   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss - Standard

Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss


Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Danach OTL-Custom:


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.07.2011, 14:55   #17
Lennika
 
Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss - Standard

Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss


Ich habe erstmal dieses Malwarebytes gemacht.

Hier das ergebnis dazu:

Malwarebytes' Anti-Malware 1.51.1.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 7282

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

26.07.2011 15:53:59
mbam-log-2011-07-26 (15-53-59).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 164944
Laufzeit: 2 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\ANTIVIRUS SYSTEM 2011 (Rogue.AntivirusSystem2011) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Software\AntiVirus System 2011\BackgroundScan (Rogue.AntivirusSystem2011) -> Value: BackgroundScan -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Users\Lenni\AppData\Roaming\antivirus system 2011 (Rogue.AntivirusSystem2011) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Users\Lenni\AppData\Roaming\microsoft\internet explorer\quick launch\antivirus system 2011.lnk (Rogue.AntivirusSystem2011) -> Quarantined and deleted successfully.
c:\Users\Lenni\AppData\Roaming\antivirus system 2011\icoactivate.ico (Rogue.AntivirusSystem2011) -> Quarantined and deleted successfully.
c:\Users\Lenni\AppData\Roaming\antivirus system 2011\IcoHelp.ico (Rogue.AntivirusSystem2011) -> Quarantined and deleted successfully.
c:\Users\Lenni\AppData\Roaming\antivirus system 2011\icouninstall.ico (Rogue.AntivirusSystem2011) -> Quarantined and deleted successfully.





Das andere mache ich jetzt und poste es gleich wenn ich fertig bin
__________________
Alt 26.07.2011, 14:59   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss - Standard

Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss


Zitat:
Art des Suchlaufs: Quick-Scan
Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!
__________________
__________________
Alt 26.07.2011, 15:05   #19
Lennika
 
Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss - Standard

Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss


oh ok dann mach ichs natürlich nochmal

Achso soll ich bei otl auch einen normalen scan machen oder quickscan?

Alt 26.07.2011, 15:13   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss - Standard

Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss


Bei OTL einfach der Anleitung folgen!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.07.2011, 15:42   #21
Lennika
 
Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss - Standard

Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss


so erstmal das ergebnis von malwarebytes:

Malwarebytes' Anti-Malware 1.51.1.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 7282

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

26.07.2011 16:41:47
mbam-log-2011-07-26 (16-41-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 320390
Laufzeit: 35 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 26.07.2011, 15:50   #22
Lennika
 
Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss - Standard

Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss


und hier teil 2 also otl:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.07.2011 16:43:01 - Run 2
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\Lenni\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 59,00% Memory free
7,99 Gb Paging File | 6,29 Gb Available in Paging File | 78,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 63,21 Gb Free Space | 63,21% Space Free | Partition Type: NTFS
Drive D: | 365,66 Gb Total Space | 322,26 Gb Free Space | 88,13% Space Free | Partition Type: NTFS
 
Computer Name: LENNI-PC | User Name: Lenni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.07.26 15:55:47 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Lenni\Downloads\OTL.exe
PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2009.08.18 18:42:34 | 001,157,640 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.07.26 15:55:47 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Lenni\Downloads\OTL.exe
MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.03.03 06:12:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.02.01 13:57:24 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2010.03.25 20:39:25 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.02.01 14:02:24 | 001,393,480 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.02.01 13:57:16 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.07.25 17:44:53 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011.06.12 23:21:52 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.03.29 23:06:48 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2011.03.29 23:06:27 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2011.03.29 23:06:27 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010.12.23 17:35:02 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2010.12.23 17:35:02 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2010.12.23 17:35:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2010.12.23 17:35:00 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.08.06 09:20:42 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandadb.sys -- (androidusb)
DRV:64bit: - [2010.04.19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.03.25 20:14:36 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.03.03 06:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.03.03 06:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.03.03 05:07:32 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009.11.13 10:47:38 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.10.05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.29 08:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort)
DRV:64bit: - [2009.09.29 08:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM)
DRV:64bit: - [2009.09.29 08:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum)
DRV:64bit: - [2009.09.02 10:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.15 19:03:40 | 000,245,296 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.10.21 09:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV:64bit: - [2008.10.21 09:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017obex.sys -- (s0017obex)
DRV:64bit: - [2008.10.21 09:22:44 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV:64bit: - [2008.10.21 09:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdm.sys -- (s0017mdm)
DRV:64bit: - [2008.10.21 09:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008.10.21 09:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV:64bit: - [2008.10.21 09:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV:64bit: - [2008.03.07 14:46:30 | 000,112,512 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.10.14 08:24:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.09.02 10:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.03.31 09:39:36 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2007.10.25 17:26:10 | 000,005,632 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA D3 82 04 44 CC CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Bigpoint Games DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2843456&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.meinvz.net"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\Win32\npPDFXCviewNPPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.04.20 02:11:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2011.07.25 18:12:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2011.07.25 18:12:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2011.07.25 18:12:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.24 10:06:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.31 23:45:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.04.20 02:11:50 | 000,000,000 | ---D | M]
 
[2010.03.25 20:12:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lenni\AppData\Roaming\mozilla\Extensions
[2011.07.16 16:00:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lenni\AppData\Roaming\mozilla\Firefox\Profiles\n5cribg4.default\extensions
[2011.07.16 16:00:32 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Lenni\AppData\Roaming\mozilla\Firefox\Profiles\n5cribg4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.23 18:50:26 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Lenni\AppData\Roaming\mozilla\Firefox\Profiles\n5cribg4.default\extensions\engine@conduit.com
[2010.12.30 21:15:42 | 000,000,937 | ---- | M] () -- C:\Users\Lenni\AppData\Roaming\Mozilla\Firefox\Profiles\n5cribg4.default\searchplugins\conduit.xml
[2011.07.25 18:12:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.03.17 18:20:16 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.03.31 23:45:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.04.02 09:11:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.25 17:46:27 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2011.07.25 17:46:22 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak2
File not found (No name found) -- 
[2011.07.25 18:12:48 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\KAVANTIBANNER@KASPERSKY.RU
[2011.07.25 18:12:48 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\LINKFILTER@KASPERSKY.RU
[2011.07.25 18:12:48 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\VIRTUALKEYBOARD@KASPERSKY.RU
() (No name found) -- C:\USERS\LENNI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N5CRIBG4.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\USERS\LENNI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N5CRIBG4.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.06.24 10:06:35 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.02 13:28:18 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011.03.22 19:31:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.03.22 19:31:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.03.22 19:31:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.26 12:07:19 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2011.03.22 19:31:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.22 19:31:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.22 19:31:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll (facemoods.com)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Lenni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Lenni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Lenni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Lenni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22:64bit: - SharedTaskScheduler: {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} - Ave's FolderBg - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.02.27 21:18:04 | 000,200,092 | ---- | M] () - D:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2011.02.27 21:18:04 | 000,007,316 | ---- | M] () - D:\AUTO.pst -- [ NTFS ]
O33 - MountPoints2\{8f2fa363-38ff-11df-8e97-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8f2fa363-38ff-11df-8e97-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{8f2fa382-38ff-11df-8e97-705ab6076128}\Shell - "" = AutoRun
O33 - MountPoints2\{8f2fa382-38ff-11df-8e97-705ab6076128}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{90392918-39d3-11df-9c65-705ab6076128}\Shell - "" = AutoRun
O33 - MountPoints2\{90392918-39d3-11df-9c65-705ab6076128}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{9039291a-39d3-11df-9c65-705ab6076128}\Shell - "" = AutoRun
O33 - MountPoints2\{9039291a-39d3-11df-9c65-705ab6076128}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{a970e368-951e-11e0-a578-8f0baba83401}\Shell - "" = AutoRun
O33 - MountPoints2\{a970e368-951e-11e0-a578-8f0baba83401}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.26 15:48:50 | 000,000,000 | ---D | C] -- C:\Users\Lenni\AppData\Roaming\Malwarebytes
[2011.07.26 15:48:43 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.07.26 15:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.07.26 15:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.07.26 15:48:38 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.07.26 15:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.07.25 17:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2011.07.25 17:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011.07.25 17:45:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2011.07.25 17:44:53 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011.07.24 18:37:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2011.07.24 18:35:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2011.07.24 18:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2011.07.24 18:35:54 | 000,000,000 | ---D | C] -- C:\Users\Lenni\AppData\Roaming\Real
[2011.07.24 18:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
[2011.07.24 18:21:47 | 000,000,000 | ---D | C] -- C:\Mp3 Output
[2011.07.16 16:00:37 | 000,000,000 | ---D | C] -- C:\Users\Lenni\AppData\Roaming\DVDVideoSoft
[2011.07.09 14:13:27 | 000,000,000 | ---D | C] -- C:\Users\Lenni\Documents\LG OSP
[2011.07.09 13:18:13 | 000,000,000 | ---D | C] -- C:\Users\Lenni\Documents\LG PC Suite IV
[2011.07.09 13:18:13 | 000,000,000 | ---D | C] -- C:\Users\Lenni\AppData\Local\LG Electronics
[2011.07.09 13:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
[2011.07.07 18:44:35 | 000,000,000 | ---D | C] -- C:\Users\Lenni\AppData\Roaming\Lonely Troops
[2011.07.05 15:56:40 | 000,000,000 | ---D | C] -- C:\Users\Lenni\AppData\Roaming\HuruBeachParty
[2011.07.03 01:02:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011.07.03 01:00:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011.07.02 03:18:19 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2011.07.02 03:18:04 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2011.06.30 23:24:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011.03.29 22:30:40 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe2E5F.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.26 16:03:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.07.26 15:48:43 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.26 15:25:55 | 000,423,073 | ---- | M] () -- C:\Users\Lenni\Desktop\kaspersky 2.jpg
[2011.07.26 15:03:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.07.26 14:34:47 | 000,231,831 | ---- | M] () -- C:\Users\Lenni\Desktop\Kapsersky.jpg
[2011.07.26 14:22:07 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.26 14:22:07 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.26 14:19:25 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.07.26 14:19:25 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.07.26 14:19:25 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.07.26 14:19:25 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.07.26 14:19:25 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.07.26 14:14:56 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011.07.26 14:14:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.26 14:14:40 | 3219,632,128 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.26 14:13:55 | 000,000,020 | ---- | M] () -- C:\Users\Lenni\defogger_reenable
[2011.07.25 18:12:29 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2011.07.25 17:54:24 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.07.25 17:46:30 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2011.07.25 17:44:53 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011.07.23 02:13:24 | 000,000,332 | ---- | M] () -- C:\Users\Lenni\Desktop\qr aqua.png
[2011.07.16 16:00:27 | 000,001,348 | ---- | M] () -- C:\Users\Lenni\Desktop\Free YouTube Download 3.lnk
[2011.07.14 04:16:54 | 000,303,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.07.10 12:45:32 | 000,002,061 | ---- | M] () -- C:\Users\Lenni\.recently-used.xbel
[2011.07.09 13:26:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_lgandadb_01005.Wdf
[2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.07.06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2011.07.26 15:48:43 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.26 15:23:36 | 000,423,073 | ---- | C] () -- C:\Users\Lenni\Desktop\kaspersky 2.jpg
[2011.07.26 14:34:47 | 000,231,831 | ---- | C] () -- C:\Users\Lenni\Desktop\Kapsersky.jpg
[2011.07.26 14:13:54 | 000,000,020 | ---- | C] () -- C:\Users\Lenni\defogger_reenable
[2011.07.25 17:46:31 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2011.07.25 17:46:30 | 000,107,075 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2011.07.25 17:46:27 | 000,065,536 | ---- | C] () -- C:\Windows\SysNative\Ikeext.etl
[2011.07.23 02:13:24 | 000,000,332 | ---- | C] () -- C:\Users\Lenni\Desktop\qr aqua.png
[2011.07.16 16:00:27 | 000,001,348 | ---- | C] () -- C:\Users\Lenni\Desktop\Free YouTube Download 3.lnk
[2011.07.10 12:45:32 | 000,002,061 | ---- | C] () -- C:\Users\Lenni\.recently-used.xbel
[2011.07.09 13:26:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_lgandadb_01005.Wdf
[2011.07.02 03:19:19 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe
[2011.07.02 03:19:05 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011.07.02 03:17:50 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2011.07.02 03:17:39 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2011.07.02 03:17:39 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2011.07.02 03:17:18 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2011.07.02 03:17:18 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2011.03.17 18:21:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.10.05 01:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\StarOpen.sys
[2010.09.21 16:53:15 | 000,082,389 | ---- | C] () -- C:\Users\Lenni\AppData\Roaming\mdbu.bin
[2010.04.20 02:07:35 | 000,186,156 | ---- | C] () -- C:\Windows\hpoins14.dat
[2010.04.20 02:07:35 | 000,001,498 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2010.03.27 21:39:59 | 000,019,456 | ---- | C] () -- C:\Users\Lenni\AppData\Local\WebpageIcons.db
[2010.03.25 19:23:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.02.23 18:15:02 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
 
========== LOP Check ==========
 
[2011.07.25 20:11:48 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\27348
[2011.07.25 20:11:49 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\4899
[2010.12.31 00:18:12 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\AlderGames
[2011.06.20 19:49:10 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\aliasworlds
[2011.03.22 22:55:07 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\ASCON Installer
[2010.04.02 11:42:25 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\Ashampoo
[2010.07.17 21:09:26 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\Boomzap
[2010.04.02 02:45:32 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\Canneverbe Limited
[2010.03.25 20:18:03 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\DAEMON Tools Lite
[2011.03.26 13:06:01 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\DivoGames
[2011.07.16 16:00:38 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\DVDVideoSoft
[2011.07.16 16:00:31 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.18 12:23:42 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\ERS G-Studio
[2011.06.12 23:24:16 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\Farm Mania
[2010.08.31 16:01:56 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\freshgames
[2011.06.23 16:15:05 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\Green Clover Games
[2011.06.11 20:37:27 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\gtk-2.0
[2010.05.11 19:36:45 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\Home Sweet Home
[2011.07.05 15:57:12 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\HuruBeachParty
[2010.07.19 21:25:38 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\ITTNord
[2011.01.14 00:33:46 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\iWin
[2010.12.05 16:05:05 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\JLC's Software
[2010.08.08 23:19:37 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\JuiceMania
[2011.07.07 18:44:35 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\Lonely Troops
[2010.04.30 15:31:16 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\Meridian93
[2011.01.07 21:54:18 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\NevoSoft Games
[2010.05.12 18:13:13 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\PetShowCraze
[2011.06.23 17:37:31 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\Ph03nixNewMedia
[2011.06.24 22:08:48 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\PlayFirst
[2011.06.03 20:22:55 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\Rovio
[2011.01.06 16:33:35 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\RTS
[2010.05.20 20:42:21 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\Samsung
[2011.06.23 19:31:35 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\Stand O'Food 3
[2011.05.13 12:53:20 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\Supermarket Mania 2
[2011.05.18 17:37:14 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\TFS2
[2011.06.08 13:42:34 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\thejoyoffarming
[2010.03.25 20:39:18 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\TuneUp Software
[2010.07.19 22:18:13 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\UClick
[2010.03.26 19:49:43 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\Vodafone
[2011.01.14 00:20:16 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\YoudaGames
[2011.06.13 17:17:12 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< Malwarebytes' Anti-Malware 1.51.1.1800 >
 
< www.malwarebytes.org >
 
<  >
 
< Datenbank Version: 7282 >
 
<  >
 
< Windows 6.1.7601 Service Pack 1 >
 
< Internet Explorer 9.0.8112.16421 >
 
<  >
 
< 26.07.2011 16:41:47 >
 
< mbam-log-2011-07-26 (16-41-47).txt >
 
<  >
 
< Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|) >
 
< Durchsuchte Objekte: 320390 >
 
< Laufzeit: 35 Minute(n), 53 Sekunde(n) >
 
<  >
 
< Infizierte Speicherprozesse: 0 >
 
< Infizierte Speichermodule: 0 >
 
< Infizierte Registrierungsschlüssel: 0 >
 
< Infizierte Registrierungswerte: 0 >
 
< Infizierte Dateiobjekte der Registrierung: 0 >
 
< Infizierte Verzeichnisse: 0 >
 
< Infizierte Dateien: 0 >
 
<  >
 
< Infizierte Speicherprozesse: >
 
< (Keine bösartigen Objekte gefunden) >
 
<  >
 
< Infizierte Speichermodule: >
 
< (Keine bösartigen Objekte gefunden) >
 
<  >
 
< Infizierte Registrierungsschlüssel: >
 
< (Keine bösartigen Objekte gefunden) >
 
<  >
 
< Infizierte Registrierungswerte: >
 
< (Keine bösartigen Objekte gefunden) >
 
<  >
 
< Infizierte Dateiobjekte der Registrierung: >
 
< (Keine bösartigen Objekte gefunden) >
 
<  >
 
< Infizierte Verzeichnisse: >
 
< (Keine bösartigen Objekte gefunden) >
 
<  >
 
< Infizierte Dateien: >
 
< (Keine bösartigen Objekte gefunden) >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:5C826C73
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4A1628E5
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:BDF08FAF

< End of report >
--- --- ---
Alt 26.07.2011, 15:51   #23
Lennika
 
Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss - Standard

Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss


und hier von otl:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.07.2011 16:43:01 - Run 2
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\Lenni\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 59,00% Memory free
7,99 Gb Paging File | 6,29 Gb Available in Paging File | 78,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 63,21 Gb Free Space | 63,21% Space Free | Partition Type: NTFS
Drive D: | 365,66 Gb Total Space | 322,26 Gb Free Space | 88,13% Space Free | Partition Type: NTFS
 
Computer Name: LENNI-PC | User Name: Lenni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.07.26 15:55:47 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Lenni\Downloads\OTL.exe
PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2009.08.18 18:42:34 | 001,157,640 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.07.26 15:55:47 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Lenni\Downloads\OTL.exe
MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.03.03 06:12:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.02.01 13:57:24 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2010.03.25 20:39:25 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.02.01 14:02:24 | 001,393,480 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.02.01 13:57:16 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.07.25 17:44:53 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011.06.12 23:21:52 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.03.29 23:06:48 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2011.03.29 23:06:27 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2011.03.29 23:06:27 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010.12.23 17:35:02 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2010.12.23 17:35:02 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2010.12.23 17:35:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2010.12.23 17:35:00 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.08.06 09:20:42 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandadb.sys -- (androidusb)
DRV:64bit: - [2010.04.19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.03.25 20:14:36 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.03.03 06:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.03.03 06:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.03.03 05:07:32 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009.11.13 10:47:38 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.10.05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.29 08:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort)
DRV:64bit: - [2009.09.29 08:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM)
DRV:64bit: - [2009.09.29 08:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum)
DRV:64bit: - [2009.09.02 10:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.15 19:03:40 | 000,245,296 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.10.21 09:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV:64bit: - [2008.10.21 09:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017obex.sys -- (s0017obex)
DRV:64bit: - [2008.10.21 09:22:44 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV:64bit: - [2008.10.21 09:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdm.sys -- (s0017mdm)
DRV:64bit: - [2008.10.21 09:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008.10.21 09:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV:64bit: - [2008.10.21 09:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV:64bit: - [2008.03.07 14:46:30 | 000,112,512 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.10.14 08:24:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.09.02 10:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.03.31 09:39:36 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2007.10.25 17:26:10 | 000,005,632 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Facemoods Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA D3 82 04 44 CC CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Bigpoint Games DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2843456&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.meinvz.net"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\Win32\npPDFXCviewNPPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.04.20 02:11:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2011.07.25 18:12:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2011.07.25 18:12:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2011.07.25 18:12:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.24 10:06:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.31 23:45:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.04.20 02:11:50 | 000,000,000 | ---D | M]
 
[2010.03.25 20:12:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lenni\AppData\Roaming\mozilla\Extensions
[2011.07.16 16:00:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lenni\AppData\Roaming\mozilla\Firefox\Profiles\n5cribg4.default\extensions
[2011.07.16 16:00:32 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Lenni\AppData\Roaming\mozilla\Firefox\Profiles\n5cribg4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.23 18:50:26 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Lenni\AppData\Roaming\mozilla\Firefox\Profiles\n5cribg4.default\extensions\engine@conduit.com
[2010.12.30 21:15:42 | 000,000,937 | ---- | M] () -- C:\Users\Lenni\AppData\Roaming\Mozilla\Firefox\Profiles\n5cribg4.default\searchplugins\conduit.xml
[2011.07.25 18:12:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.03.17 18:20:16 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.03.31 23:45:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.04.02 09:11:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.25 17:46:27 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2011.07.25 17:46:22 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak2
File not found (No name found) -- 
[2011.07.25 18:12:48 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\KAVANTIBANNER@KASPERSKY.RU
[2011.07.25 18:12:48 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\LINKFILTER@KASPERSKY.RU
[2011.07.25 18:12:48 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\VIRTUALKEYBOARD@KASPERSKY.RU
() (No name found) -- C:\USERS\LENNI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N5CRIBG4.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\USERS\LENNI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N5CRIBG4.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.06.24 10:06:35 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.02 13:28:18 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011.03.22 19:31:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.03.22 19:31:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.03.22 19:31:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.26 12:07:19 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2011.03.22 19:31:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.22 19:31:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.22 19:31:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll (facemoods.com)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Lenni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Lenni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Lenni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Lenni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22:64bit: - SharedTaskScheduler: {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} - Ave's FolderBg - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.02.27 21:18:04 | 000,200,092 | ---- | M] () - D:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2011.02.27 21:18:04 | 000,007,316 | ---- | M] () - D:\AUTO.pst -- [ NTFS ]
O33 - MountPoints2\{8f2fa363-38ff-11df-8e97-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8f2fa363-38ff-11df-8e97-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{8f2fa382-38ff-11df-8e97-705ab6076128}\Shell - "" = AutoRun
O33 - MountPoints2\{8f2fa382-38ff-11df-8e97-705ab6076128}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{90392918-39d3-11df-9c65-705ab6076128}\Shell - "" = AutoRun
O33 - MountPoints2\{90392918-39d3-11df-9c65-705ab6076128}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{9039291a-39d3-11df-9c65-705ab6076128}\Shell - "" = AutoRun
O33 - MountPoints2\{9039291a-39d3-11df-9c65-705ab6076128}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{a970e368-951e-11e0-a578-8f0baba83401}\Shell - "" = AutoRun
O33 - MountPoints2\{a970e368-951e-11e0-a578-8f0baba83401}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.26 15:48:50 | 000,000,000 | ---D | C] -- C:\Users\Lenni\AppData\Roaming\Malwarebytes
[2011.07.26 15:48:43 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.07.26 15:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.07.26 15:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.07.26 15:48:38 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.07.26 15:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.07.25 17:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2011.07.25 17:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011.07.25 17:45:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2011.07.25 17:44:53 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011.07.24 18:37:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2011.07.24 18:35:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2011.07.24 18:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2011.07.24 18:35:54 | 000,000,000 | ---D | C] -- C:\Users\Lenni\AppData\Roaming\Real
[2011.07.24 18:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
[2011.07.24 18:21:47 | 000,000,000 | ---D | C] -- C:\Mp3 Output
[2011.07.16 16:00:37 | 000,000,000 | ---D | C] -- C:\Users\Lenni\AppData\Roaming\DVDVideoSoft
[2011.07.09 14:13:27 | 000,000,000 | ---D | C] -- C:\Users\Lenni\Documents\LG OSP
[2011.07.09 13:18:13 | 000,000,000 | ---D | C] -- C:\Users\Lenni\Documents\LG PC Suite IV
[2011.07.09 13:18:13 | 000,000,000 | ---D | C] -- C:\Users\Lenni\AppData\Local\LG Electronics
[2011.07.09 13:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
[2011.07.07 18:44:35 | 000,000,000 | ---D | C] -- C:\Users\Lenni\AppData\Roaming\Lonely Troops
[2011.07.05 15:56:40 | 000,000,000 | ---D | C] -- C:\Users\Lenni\AppData\Roaming\HuruBeachParty
[2011.07.03 01:02:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011.07.03 01:00:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011.07.02 03:18:19 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2011.07.02 03:18:04 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2011.06.30 23:24:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011.03.29 22:30:40 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe2E5F.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.26 16:03:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.07.26 15:48:43 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.26 15:25:55 | 000,423,073 | ---- | M] () -- C:\Users\Lenni\Desktop\kaspersky 2.jpg
[2011.07.26 15:03:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.07.26 14:34:47 | 000,231,831 | ---- | M] () -- C:\Users\Lenni\Desktop\Kapsersky.jpg
[2011.07.26 14:22:07 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.26 14:22:07 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.26 14:19:25 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.07.26 14:19:25 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.07.26 14:19:25 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.07.26 14:19:25 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.07.26 14:19:25 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.07.26 14:14:56 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011.07.26 14:14:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.26 14:14:40 | 3219,632,128 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.26 14:13:55 | 000,000,020 | ---- | M] () -- C:\Users\Lenni\defogger_reenable
[2011.07.25 18:12:29 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2011.07.25 17:54:24 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.07.25 17:46:30 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2011.07.25 17:44:53 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011.07.23 02:13:24 | 000,000,332 | ---- | M] () -- C:\Users\Lenni\Desktop\qr aqua.png
[2011.07.16 16:00:27 | 000,001,348 | ---- | M] () -- C:\Users\Lenni\Desktop\Free YouTube Download 3.lnk
[2011.07.14 04:16:54 | 000,303,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.07.10 12:45:32 | 000,002,061 | ---- | M] () -- C:\Users\Lenni\.recently-used.xbel
[2011.07.09 13:26:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_lgandadb_01005.Wdf
[2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.07.06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2011.07.26 15:48:43 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.26 15:23:36 | 000,423,073 | ---- | C] () -- C:\Users\Lenni\Desktop\kaspersky 2.jpg
[2011.07.26 14:34:47 | 000,231,831 | ---- | C] () -- C:\Users\Lenni\Desktop\Kapsersky.jpg
[2011.07.26 14:13:54 | 000,000,020 | ---- | C] () -- C:\Users\Lenni\defogger_reenable
[2011.07.25 17:46:31 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2011.07.25 17:46:30 | 000,107,075 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2011.07.25 17:46:27 | 000,065,536 | ---- | C] () -- C:\Windows\SysNative\Ikeext.etl
[2011.07.23 02:13:24 | 000,000,332 | ---- | C] () -- C:\Users\Lenni\Desktop\qr aqua.png
[2011.07.16 16:00:27 | 000,001,348 | ---- | C] () -- C:\Users\Lenni\Desktop\Free YouTube Download 3.lnk
[2011.07.10 12:45:32 | 000,002,061 | ---- | C] () -- C:\Users\Lenni\.recently-used.xbel
[2011.07.09 13:26:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_lgandadb_01005.Wdf
[2011.07.02 03:19:19 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe
[2011.07.02 03:19:05 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011.07.02 03:17:50 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2011.07.02 03:17:39 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2011.07.02 03:17:39 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2011.07.02 03:17:18 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2011.07.02 03:17:18 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2011.03.17 18:21:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.10.05 01:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\StarOpen.sys
[2010.09.21 16:53:15 | 000,082,389 | ---- | C] () -- C:\Users\Lenni\AppData\Roaming\mdbu.bin
[2010.04.20 02:07:35 | 000,186,156 | ---- | C] () -- C:\Windows\hpoins14.dat
[2010.04.20 02:07:35 | 000,001,498 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2010.03.27 21:39:59 | 000,019,456 | ---- | C] () -- C:\Users\Lenni\AppData\Local\WebpageIcons.db
[2010.03.25 19:23:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.02.23 18:15:02 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
 
========== LOP Check ==========
 
[2011.07.25 20:11:48 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\27348
[2011.07.25 20:11:49 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\4899
[2010.12.31 00:18:12 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\AlderGames
[2011.06.20 19:49:10 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\aliasworlds
[2011.03.22 22:55:07 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\ASCON Installer
[2010.04.02 11:42:25 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\Ashampoo
[2010.07.17 21:09:26 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\Boomzap
[2010.04.02 02:45:32 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\Canneverbe Limited
[2010.03.25 20:18:03 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\DAEMON Tools Lite
[2011.03.26 13:06:01 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\DivoGames
[2011.07.16 16:00:38 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\DVDVideoSoft
[2011.07.16 16:00:31 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.18 12:23:42 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\ERS G-Studio
[2011.06.12 23:24:16 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\Farm Mania
[2010.08.31 16:01:56 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\freshgames
[2011.06.23 16:15:05 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\Green Clover Games
[2011.06.11 20:37:27 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\gtk-2.0
[2010.05.11 19:36:45 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\Home Sweet Home
[2011.07.05 15:57:12 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\HuruBeachParty
[2010.07.19 21:25:38 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\ITTNord
[2011.01.14 00:33:46 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\iWin
[2010.12.05 16:05:05 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\JLC's Software
[2010.08.08 23:19:37 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\JuiceMania
[2011.07.07 18:44:35 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\Lonely Troops
[2010.04.30 15:31:16 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\Meridian93
[2011.01.07 21:54:18 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\NevoSoft Games
[2010.05.12 18:13:13 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\PetShowCraze
[2011.06.23 17:37:31 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\Ph03nixNewMedia
[2011.06.24 22:08:48 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\PlayFirst
[2011.06.03 20:22:55 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\Rovio
[2011.01.06 16:33:35 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\RTS
[2010.05.20 20:42:21 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\Samsung
[2011.06.23 19:31:35 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\Stand O'Food 3
[2011.05.13 12:53:20 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\Supermarket Mania 2
[2011.05.18 17:37:14 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\TFS2
[2011.06.08 13:42:34 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\thejoyoffarming
[2010.03.25 20:39:18 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\TuneUp Software
[2010.07.19 22:18:13 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\UClick
[2010.03.26 19:49:43 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\Vodafone
[2011.01.14 00:20:16 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\YoudaGames
[2011.06.13 17:17:12 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< Malwarebytes' Anti-Malware 1.51.1.1800 >
 
< Malwarebytes : Free anti-malware, anti-virus and spyware removal download >
 
<  >
 
< Datenbank Version: 7282 >
 
<  >
 
< Windows 6.1.7601 Service Pack 1 >
 
< Internet Explorer 9.0.8112.16421 >
 
<  >
 
< 26.07.2011 16:41:47 >
 
< mbam-log-2011-07-26 (16-41-47).txt >
 
<  >
 
< Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|) >
 
< Durchsuchte Objekte: 320390 >
 
< Laufzeit: 35 Minute(n), 53 Sekunde(n) >
 
<  >
 
< Infizierte Speicherprozesse: 0 >
 
< Infizierte Speichermodule: 0 >
 
< Infizierte Registrierungsschlüssel: 0 >
 
< Infizierte Registrierungswerte: 0 >
 
< Infizierte Dateiobjekte der Registrierung: 0 >
 
< Infizierte Verzeichnisse: 0 >
 
< Infizierte Dateien: 0 >
 
<  >
 
< Infizierte Speicherprozesse: >
 
< (Keine bösartigen Objekte gefunden) >
 
<  >
 
< Infizierte Speichermodule: >
 
< (Keine bösartigen Objekte gefunden) >
 
<  >
 
< Infizierte Registrierungsschlüssel: >
 
< (Keine bösartigen Objekte gefunden) >
 
<  >
 
< Infizierte Registrierungswerte: >
 
< (Keine bösartigen Objekte gefunden) >
 
<  >
 
< Infizierte Dateiobjekte der Registrierung: >
 
< (Keine bösartigen Objekte gefunden) >
 
<  >
 
< Infizierte Verzeichnisse: >
 
< (Keine bösartigen Objekte gefunden) >
 
<  >
 
< Infizierte Dateien: >
 
< (Keine bösartigen Objekte gefunden) >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:5C826C73
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4A1628E5
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:BDF08FAF

< End of report >
--- --- ---
Alt 26.07.2011, 15:59   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss - Standard

Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddr
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Bigpoint Games DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2843456&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
[2011.03.23 18:50:26 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Lenni\AppData\Roaming\mozilla\Firefox\Profiles\n5cribg4.default\extensions\engine@conduit.com
[2010.12.30 21:15:42 | 000,000,937 | ---- | M] () -- C:\Users\Lenni\AppData\Roaming\Mozilla\Firefox\Profiles\n5cribg4.default\searchplugins\conduit.xml
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll (facemoods.com BHO)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll (facemoods.com)
O22:64bit: - SharedTaskScheduler: {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} - Ave's FolderBg - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.02.27 21:18:04 | 000,200,092 | ---- | M] () - D:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2011.02.27 21:18:04 | 000,007,316 | ---- | M] () - D:\AUTO.pst -- [ NTFS ]
O33 - MountPoints2\{8f2fa363-38ff-11df-8e97-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8f2fa363-38ff-11df-8e97-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{8f2fa382-38ff-11df-8e97-705ab6076128}\Shell - "" = AutoRun
O33 - MountPoints2\{8f2fa382-38ff-11df-8e97-705ab6076128}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{90392918-39d3-11df-9c65-705ab6076128}\Shell - "" = AutoRun
O33 - MountPoints2\{90392918-39d3-11df-9c65-705ab6076128}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{9039291a-39d3-11df-9c65-705ab6076128}\Shell - "" = AutoRun
O33 - MountPoints2\{9039291a-39d3-11df-9c65-705ab6076128}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{a970e368-951e-11e0-a578-8f0baba83401}\Shell - "" = AutoRun
O33 - MountPoints2\{a970e368-951e-11e0-a578-8f0baba83401}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe
[2011.07.25 20:11:48 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\27348
[2011.07.25 20:11:49 | 000,000,000 | ---D | M] -- C:\Users\Lenni\AppData\Roaming\4899
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:5C826C73
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4A1628E5
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:BDF08FAF
:Files
C:\Program Files (x86)\facemoods.com
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.07.2011, 16:02   #25
Lennika
 
Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss - Standard

Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss


wie deaktiviere ich den meinen virenscanner?

Einfach mit rechtsklick auf beenden oder muss ich da direkt rein und irgendeine einstellung vornehmen?

Alt 26.07.2011, 16:05   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss - Standard

Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss


Echzeitschutz beenden...
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.07.2011, 16:09   #27
Lennika
 
Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss - Standard

Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss


Siehe nächster Beitrag
Geändert von Lennika (26.07.2011 um 16:17 Uhr)

Alt 26.07.2011, 16:16   #28
Lennika
 
Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss - Standard

Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss


========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Facemoods Search" removed from browser.search.defaultenginename
Prefs.js: "Bigpoint Games DE Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2843456&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
C:\Users\Lenni\AppData\Roaming\mozilla\Firefox\Profiles\n5cribg4.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Lenni\AppData\Roaming\mozilla\Firefox\Profiles\n5cribg4.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Lenni\AppData\Roaming\mozilla\Firefox\Profiles\n5cribg4.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Lenni\AppData\Roaming\mozilla\Firefox\Profiles\n5cribg4.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Lenni\AppData\Roaming\mozilla\Firefox\Profiles\n5cribg4.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Lenni\AppData\Roaming\mozilla\Firefox\Profiles\n5cribg4.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Lenni\AppData\Roaming\mozilla\Firefox\Profiles\n5cribg4.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Lenni\AppData\Roaming\mozilla\Firefox\Profiles\n5cribg4.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\Lenni\AppData\Roaming\Mozilla\Firefox\Profiles\n5cribg4.default\searchplugins\conduit.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ deleted successfully.
C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73526E5A-FD53-4BE7-B5E2-D3C89D7413DC}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
D:\AUTO.pat moved successfully.
D:\AUTO.pst moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f2fa363-38ff-11df-8e97-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f2fa363-38ff-11df-8e97-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f2fa363-38ff-11df-8e97-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f2fa363-38ff-11df-8e97-806e6f6e6963}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f2fa382-38ff-11df-8e97-705ab6076128}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f2fa382-38ff-11df-8e97-705ab6076128}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f2fa382-38ff-11df-8e97-705ab6076128}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f2fa382-38ff-11df-8e97-705ab6076128}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90392918-39d3-11df-9c65-705ab6076128}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90392918-39d3-11df-9c65-705ab6076128}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90392918-39d3-11df-9c65-705ab6076128}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90392918-39d3-11df-9c65-705ab6076128}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9039291a-39d3-11df-9c65-705ab6076128}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9039291a-39d3-11df-9c65-705ab6076128}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9039291a-39d3-11df-9c65-705ab6076128}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9039291a-39d3-11df-9c65-705ab6076128}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a970e368-951e-11e0-a578-8f0baba83401}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a970e368-951e-11e0-a578-8f0baba83401}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a970e368-951e-11e0-a578-8f0baba83401}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a970e368-951e-11e0-a578-8f0baba83401}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\setup.exe not found.
C:\Users\Lenni\AppData\Roaming\27348 folder moved successfully.
C:\Users\Lenni\AppData\Roaming\4899 folder moved successfully.
ADS C:\ProgramData\TEMP:5C826C73 deleted successfully.
ADS C:\ProgramData\TEMP:4A1628E5 deleted successfully.
ADS C:\ProgramData\TEMP:BDF08FAF deleted successfully.
========== FILES ==========
C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\bh folder moved successfully.
C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5 folder moved successfully.
C:\Program Files (x86)\facemoods.com\facemoods folder moved successfully.
C:\Program Files (x86)\facemoods.com folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.1 log created on 07262011_171514

Alt 26.07.2011, 16:18   #29
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss - Standard

Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss


Echtzeitschutz beenden ist doch sinngemäß Schutz anhalten
Diese Testversion ist eh brotlos, die kannst du nach dem OTL-Fix deinstallieren
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.07.2011, 16:19   #30
Lennika
 
Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss - Standard

Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss


äh wars das jetzt quasi?

lappi wieder clean oder wie?

Ich finds gerade ziemlich interessant.

Was genau habe ich denn jetzt gemacht mit diesem fix?

Antwort
Seite 2 von 5 1 2 34 Letzte »

Themen zu Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss
abgesicherte, abgesicherten, absolut, ahnung, bekannte, bundespolizei trojaner, bundespolizei virus, durchführen, erklärt, heute, kaspersky, konnte, modus, punkt, quasi, rechner, runtergeladen, schritt, systemwiderherstellung, testversion, troja, trojaner, untersuchung, version, virus, vollständige, vorgehen, zugreife


« Verdacht auf Adobe Reader X Malware | Bundespolizei-Virus: Sicherung der Daten (Vista) »


Ähnliche Themen: Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss


  1. Neuer Postbank Trojaner. Wie muss ich vorgehen?
    Plagegeister aller Art und deren Bekämpfung - 14.11.2014 (31)
  2. Virus eingefangen - keine Ahnung wo!
    Log-Analyse und Auswertung - 29.08.2013 (21)
  3. Trojaner Bundespolizei, wie muss ich vorgehen?
    Plagegeister aller Art und deren Bekämpfung - 23.06.2013 (19)
  4. Virus VBS / HEUR VIRUS ! Keine Ahnung was das macht xD
    Plagegeister aller Art und deren Bekämpfung - 05.02.2013 (5)
  5. Bundespolizei Virus entfernen, was muss ich tun. Vielen Dank!
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (7)
  6. Bundespolizei - infizierte Dateien gelöscht und jetzt keine Anmeldung mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 16.05.2012 (18)
  7. Nach BKA/Bundespolizei Virus : keine Taskleiste & keine Icons !!
    Plagegeister aller Art und deren Bekämpfung - 08.11.2011 (4)
  8. TR/Dropper.gen und TR/Llak.kjk, und keine Ahnung was man machen muss
    Plagegeister aller Art und deren Bekämpfung - 02.11.2010 (4)
  9. Hab ein Virus glaub aber keine ahnung was für einen
    Plagegeister aller Art und deren Bekämpfung - 18.01.2010 (1)
  10. Virus, Malware, Trojaner und keine Ahnung von Computern.
    Plagegeister aller Art und deren Bekämpfung - 06.01.2010 (41)
  11. Irgendein Virus-- ich hab keine ahnung davon!
    Log-Analyse und Auswertung - 28.12.2009 (1)
  12. Comodo zeigt Virus an, keine Ahnung was ich machen soll (A0004179.exe)
    Plagegeister aller Art und deren Bekämpfung - 27.09.2009 (1)
  13. Virus bitte hilfe hab keine ahnung
    Plagegeister aller Art und deren Bekämpfung - 05.09.2009 (2)
  14. Virus / Trojaner-Befall -> keine Ahnung wie zu lösen
    Log-Analyse und Auswertung - 26.02.2009 (1)
  15. keine Ahnung von PCs und Virus drauf:(
    Log-Analyse und Auswertung - 20.01.2009 (13)
  16. Habe einen Trojaner/Virus und keine Ahnung von soetwas :( Läst sich nicht entfernen
    Log-Analyse und Auswertung - 22.10.2007 (2)
  17. Escan Auswertung durch find.bat - und jetzt? Was muss ich jetzt machen???
    Log-Analyse und Auswertung - 06.02.2006 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss - Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, - Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss...
Archiv
Du betrachtest: Bundespolizei Virus und keine Ahnung wie ich jetzt vorgehen muss auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55