Habe mir den Polizei-Virus eingefangen, bitte um Hilfe beim Beseitigen

shadowmh · 16.08.2012, 22:23

Hallo zusammen,

habe mir auch gestern den Polizei-Mist eingefangen und Bitte nun um eure Hilfe.

Habe Malwarebytes durchlaufen lassen:
Hier das Log ( Hoffe ist richtig gepostet)

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.16.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
testkonto :: MARTIN-PC [Administrator]

Schutz: Aktiviert

16.08.2012 20:55:43
mbam-log-2012-08-16 (20-55-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 442159
Laufzeit: 1 Stunde(n), 42 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
D:\Martin\CryptLoad\router\FRITZ!Box\nc.exe (PUP.Netcat) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Und hier der OTL-Log:

Code:

ATTFilter

OTL logfile created on: 16.08.2012 23:07:34 - Run 1
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\testkonto\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 58,54% Memory free
6,73 Gb Paging File | 5,34 Gb Available in Paging File | 79,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,49 Gb Total Space | 84,06 Gb Free Space | 36,63% Space Free | Partition Type: NTFS
Drive D: | 236,27 Gb Total Space | 104,63 Gb Free Space | 44,29% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 673,33 Gb Free Space | 72,28% Space Free | Partition Type: NTFS
 
Computer Name: MARTIN-PC | User Name: testkonto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.16 18:53:21 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\testkonto\Desktop\OTL.exe
PRC - [2012.08.14 23:00:05 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
PRC - [2012.08.08 18:19:40 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.07.02 17:25:14 | 002,232,504 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
PRC - [2012.07.02 17:24:54 | 003,790,504 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Veoh_Giraffic.exe
PRC - [2012.06.27 12:29:26 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.06.27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2012.05.08 21:57:16 | 000,086,992 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Avira\AntiVir Desktop\ipmgui.exe
PRC - [2012.05.08 21:57:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 21:57:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 21:57:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.21 03:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.04.08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.04.07 22:43:20 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.04.07 22:43:04 | 000,841,832 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011.04.07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.09.16 22:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009.07.27 11:13:28 | 000,061,440 | ---- | M] () -- C:\Windows\System32\ASDR.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009.04.02 12:47:04 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2009.04.02 12:47:02 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2009.03.31 10:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2008.11.18 00:53:37 | 000,091,440 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2008.09.16 16:26:40 | 016,982,016 | R--- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.14 23:00:05 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_271.dll
MOD - [2012.04.21 03:16:53 | 001,952,696 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.04.07 21:54:38 | 000,239,720 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2010.09.16 22:04:50 | 000,095,528 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010.09.16 22:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2008.11.18 00:53:34 | 000,064,664 | ---- | M] () -- C:\Programme\Logitech\Desktop Messenger\8876480\8.1.1.87-8876480SL\Program\clntutil.dll
MOD - [2008.09.16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2008.05.30 04:38:22 | 000,069,632 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
MOD - [2008.03.17 11:50:00 | 000,069,632 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll
MOD - [2008.02.14 07:57:00 | 000,094,208 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\VMicApi.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.08.14 23:00:05 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.07.02 17:25:14 | 002,232,504 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2012.06.27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.05.08 21:57:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 21:57:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.04.08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.04.07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.07.27 11:13:28 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ASDR.exe -- (ASDR)
SRV - [2009.04.02 12:47:04 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009.04.02 12:47:02 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2009.03.31 10:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [File_System | On_Demand | Stopped] --  -- (StarOpen)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ATKDispLowFilter.sys -- (atkdisplf)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\asusgsb.sys -- (asusgsb)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (ancklnxi)
DRV - [2012.08.16 23:07:58 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.08.16 23:00:09 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\sxppwthn.sys -- (dyccj)
DRV - [2012.07.03 17:27:07 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2012.07.03 17:27:06 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.08 21:57:16 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 21:57:16 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.10.08 16:50:51 | 000,029,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Martin\AppData\Local\Temp\jfdcd.sys -- (jfdcd)
DRV - [2011.04.08 07:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.09.19 00:31:08 | 000,050,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV - [2010.08.12 14:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.03 13:12:06 | 000,014,336 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\EIO.sys -- (EIO)
DRV - [2009.03.31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.03.20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009.03.20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2009.03.20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.11.17 23:08:37 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008.11.12 14:42:00 | 000,046,592 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
DRV - [2008.09.08 05:10:14 | 000,901,120 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008.08.06 10:26:08 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.03.29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.09.17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.09.04 19:08:24 | 000,286,208 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2007.08.08 08:03:52 | 000,476,288 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007.08.08 08:03:52 | 000,038,656 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007.03.24 13:20:24 | 000,046,208 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2007.02.17 18:37:34 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007.01.18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.10.18 23:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2006.02.07 21:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\JGOGO.sys -- (JGOGO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Programme\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.04.30 16:00:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.10.26 16:59:56 | 000,000,000 | ---D | M]
 
[2012.08.16 18:45:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\testkonto\AppData\Roaming\mozilla\Extensions
[2008.11.16 23:43:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.11.16 23:43:47 | 000,000,000 | ---D | M] (PC-WELT-Edition) -- C:\Program Files\mozilla firefox\extensions\pcwelt-cck@extensions.pcwelt.de
[2008.11.16 23:43:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\pcwelt-cck@extensions.pcwelt.de\chrome
[2008.11.16 23:43:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\pcwelt-cck@extensions.pcwelt.de\components
[2008.11.16 23:43:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\pcwelt-cck@extensions.pcwelt.de\defaults
[2008.11.16 23:43:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\pcwelt-cck@extensions.pcwelt.de\searchplugins
[2008.03.15 15:56:14 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2008.10.13 20:34:40 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.30 15:56:28 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2008.02.19 16:40:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2006.12.03 17:59:22 | 000,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2006.11.17 13:19:24 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe Reader) - {147FEC3F-6DE9-437C-8FC1-6B8A20AA0A72} - C:\Users\Martin\AppData\Roaming\AdobeReader\IE\AdobeReader.dll (Adobe Systems, Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O4 - HKLM..\Run: [avgnt] C:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\nwprovau.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68216D78-60A8-4267-86B9-3F8E4A4A2E9A}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79B34D9E-AE1B-477B-B246-06EDB1A683AD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A372E941-4742-4319-BF50-481C30A071F0}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA910583-221D-4B11-A7FC-2E988A5C1D05}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.07.14 11:21:52 | 000,000,000 | RH-D | M] - H:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002.10.16 19:56:50 | 000,000,036 | RH-- | M] () - H:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1
[2012.08.16 23:07:58 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.08.16 20:01:36 | 000,000,000 | ---D | C] -- C:\Users\testkonto\AppData\Roaming\TS3Client
[2012.08.16 18:53:19 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\testkonto\Desktop\OTL.exe
[2012.08.16 18:52:50 | 000,000,000 | ---D | C] -- C:\Users\testkonto\AppData\Roaming\Malwarebytes
[2012.08.16 18:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.16 18:52:47 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.16 18:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.16 18:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.16 18:49:39 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\testkonto\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.16 18:47:54 | 000,000,000 | ---D | C] -- C:\Users\testkonto\AppData\Roaming\Avira
[2012.08.16 18:47:17 | 000,000,000 | ---D | C] -- C:\Users\testkonto\AppData\Local\Macromedia
[2012.08.16 18:47:17 | 000,000,000 | ---D | C] -- C:\Users\testkonto\AppData\Roaming\Adobe
[2012.08.16 18:45:11 | 000,000,000 | ---D | C] -- C:\Users\testkonto\AppData\Roaming\Mozilla
[2012.08.16 18:45:11 | 000,000,000 | ---D | C] -- C:\Users\testkonto\AppData\Local\Mozilla
[2012.08.16 18:42:02 | 000,000,000 | ---D | C] -- C:\Users\testkonto\AppData\Local\LogMeIn Hamachi
[2012.08.16 18:42:00 | 000,000,000 | ---D | C] -- C:\Users\testkonto\AppData\Roaming\Real
[2012.08.16 18:41:48 | 000,000,000 | R--D | C] -- C:\Users\testkonto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.08.16 18:41:48 | 000,000,000 | R--D | C] -- C:\Users\testkonto\Searches
[2012.08.16 18:41:48 | 000,000,000 | R--D | C] -- C:\Users\testkonto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.08.16 18:41:37 | 000,000,000 | ---D | C] -- C:\Users\testkonto\AppData\Roaming\Identities
[2012.08.16 18:41:33 | 000,000,000 | R--D | C] -- C:\Users\testkonto\Contacts
[2012.08.16 18:41:30 | 000,000,000 | ---D | C] -- C:\Users\testkonto\AppData\Local\VirtualStore
[2012.08.16 18:41:26 | 000,000,000 | -HSD | C] -- C:\Users\testkonto\Vorlagen
[2012.08.16 18:41:26 | 000,000,000 | -HSD | C] -- C:\Users\testkonto\AppData\Local\Verlauf
[2012.08.16 18:41:26 | 000,000,000 | -HSD | C] -- C:\Users\testkonto\AppData\Local\Temporary Internet Files
[2012.08.16 18:41:26 | 000,000,000 | -HSD | C] -- C:\Users\testkonto\Startmenü
[2012.08.16 18:41:26 | 000,000,000 | -HSD | C] -- C:\Users\testkonto\SendTo
[2012.08.16 18:41:26 | 000,000,000 | -HSD | C] -- C:\Users\testkonto\Recent
[2012.08.16 18:41:26 | 000,000,000 | -HSD | C] -- C:\Users\testkonto\Netzwerkumgebung
[2012.08.16 18:41:26 | 000,000,000 | -HSD | C] -- C:\Users\testkonto\Lokale Einstellungen
[2012.08.16 18:41:26 | 000,000,000 | -HSD | C] -- C:\Users\testkonto\Documents\Eigene Videos
[2012.08.16 18:41:26 | 000,000,000 | -HSD | C] -- C:\Users\testkonto\Documents\Eigene Musik
[2012.08.16 18:41:26 | 000,000,000 | -HSD | C] -- C:\Users\testkonto\Eigene Dateien
[2012.08.16 18:41:26 | 000,000,000 | -HSD | C] -- C:\Users\testkonto\Documents\Eigene Bilder
[2012.08.16 18:41:26 | 000,000,000 | -HSD | C] -- C:\Users\testkonto\Druckumgebung
[2012.08.16 18:41:26 | 000,000,000 | -HSD | C] -- C:\Users\testkonto\Cookies
[2012.08.16 18:41:26 | 000,000,000 | -HSD | C] -- C:\Users\testkonto\AppData\Local\Anwendungsdaten
[2012.08.16 18:41:26 | 000,000,000 | -HSD | C] -- C:\Users\testkonto\Anwendungsdaten
[2012.08.16 18:41:25 | 000,000,000 | --SD | C] -- C:\Users\testkonto\AppData\Roaming\Microsoft
[2012.08.16 18:41:25 | 000,000,000 | R--D | C] -- C:\Users\testkonto\Videos
[2012.08.16 18:41:25 | 000,000,000 | R--D | C] -- C:\Users\testkonto\Saved Games
[2012.08.16 18:41:25 | 000,000,000 | R--D | C] -- C:\Users\testkonto\Pictures
[2012.08.16 18:41:25 | 000,000,000 | R--D | C] -- C:\Users\testkonto\Music
[2012.08.16 18:41:25 | 000,000,000 | R--D | C] -- C:\Users\testkonto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.08.16 18:41:25 | 000,000,000 | R--D | C] -- C:\Users\testkonto\Links
[2012.08.16 18:41:25 | 000,000,000 | R--D | C] -- C:\Users\testkonto\Favorites
[2012.08.16 18:41:25 | 000,000,000 | R--D | C] -- C:\Users\testkonto\Downloads
[2012.08.16 18:41:25 | 000,000,000 | R--D | C] -- C:\Users\testkonto\Documents
[2012.08.16 18:41:25 | 000,000,000 | R--D | C] -- C:\Users\testkonto\Desktop
[2012.08.16 18:41:25 | 000,000,000 | R--D | C] -- C:\Users\testkonto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.08.16 18:41:25 | 000,000,000 | -H-D | C] -- C:\Users\testkonto\AppData
[2012.08.16 18:41:25 | 000,000,000 | ---D | C] -- C:\Users\testkonto\AppData\Local\Temp
[2012.08.16 18:41:25 | 000,000,000 | ---D | C] -- C:\Users\testkonto\AppData\Local\Microsoft
[2012.08.16 18:41:25 | 000,000,000 | ---D | C] -- C:\Users\testkonto\AppData\Roaming\Media Center Programs
[2012.08.16 18:41:25 | 000,000,000 | ---D | C] -- C:\Users\testkonto\AppData\Roaming\Macromedia
[2012.07.22 17:28:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Beta
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.16 23:07:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.16 23:00:09 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\sxppwthn.sys
[2012.08.16 23:00:09 | 000,000,130 | ---- | M] () -- C:\Windows\System32\cfkeik
[2012.08.16 23:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.16 22:53:38 | 000,004,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.16 22:53:38 | 000,004,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.16 21:01:17 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.16 21:01:17 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.16 21:01:17 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.16 21:01:17 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.16 20:53:45 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.16 20:53:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.16 20:53:31 | 3486,593,024 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.16 18:54:45 | 000,618,227 | ---- | M] () -- C:\Users\testkonto\Desktop\adwcleaner.exe
[2012.08.16 18:53:21 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\testkonto\Desktop\OTL.exe
[2012.08.16 18:52:48 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.16 18:52:17 | 000,000,711 | ---- | M] () -- C:\Users\testkonto\Desktop\Download - Verknüpfung.lnk
[2012.08.16 18:49:42 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\testkonto\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.16 18:27:12 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.15 18:02:15 | 000,000,671 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012.08.14 23:00:05 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.14 23:00:05 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.08.05 01:31:32 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012.07.22 17:29:58 | 000,000,922 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft Beta.lnk
[2012.07.21 15:34:32 | 000,000,819 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.16 23:00:09 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\sxppwthn.sys
[2012.08.16 23:00:09 | 000,000,130 | ---- | C] () -- C:\Windows\System32\cfkeik
[2012.08.16 18:54:44 | 000,618,227 | ---- | C] () -- C:\Users\testkonto\Desktop\adwcleaner.exe
[2012.08.16 18:52:48 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.16 18:52:17 | 000,000,711 | ---- | C] () -- C:\Users\testkonto\Desktop\Download - Verknüpfung.lnk
[2012.08.16 18:41:49 | 000,000,949 | ---- | C] () -- C:\Users\testkonto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.08.16 18:41:47 | 000,000,944 | ---- | C] () -- C:\Users\testkonto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.08.16 18:41:32 | 000,000,915 | ---- | C] () -- C:\Users\testkonto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012.08.16 18:40:59 | 3486,593,024 | -HS- | C] () -- C:\hiberfil.sys
[2012.08.15 23:07:16 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.07.22 17:28:47 | 000,000,922 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft Beta.lnk
[2012.07.21 15:34:32 | 000,000,819 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2012.07.03 17:27:07 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2012.07.03 17:27:06 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2012.05.29 17:05:47 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{a4bdeb4e-22b2-b2cc-e246-2b930e43eb30}\U\80000000.@
[2012.01.02 15:11:23 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2012.01.02 15:11:23 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.02.09 17:18:57 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{a4bdeb4e-22b2-b2cc-e246-2b930e43eb30}\@
[2011.02.09 17:18:57 | 000,002,048 | -HS- | C] () -- C:\Users\Martin\AppData\Local\{a4bdeb4e-22b2-b2cc-e246-2b930e43eb30}\@
[2010.09.08 20:11:20 | 000,000,346 | ---- | C] () -- C:\Windows\WinInit.Ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Hoffe habe alles richtig gemacht bis jetzt.
Vielen Dank im Voraus.

t'john · 17.08.2012, 02:16

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL
DRV - File not found [File_System | On_Demand | Stopped] -- -- (StarOpen) 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ATKDispLowFilter.sys -- (atkdisplf) 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\asusgsb.sys -- (asusgsb) 
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ancklnxi) 
DRV - [2011.10.08 16:50:51 | 000,029,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Martin\AppData\Local\Temp\jfdcd.sys -- (jfdcd) 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - user.js - File not found 
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found 
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) 
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO) 
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) 
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com) 
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () 
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com) 
O4 - HKLM..\Run: [NPSStartup] File not found 
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found 
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) 
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 
O32 - AutoRun File - [2002.10.16 19:56:50 | 000,000,036 | RH-- | M] () - H:\autorun.inf -- [ NTFS ] 
[2012.08.16 18:27:12 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad 
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:DFC5A2B2 

[2012.08.16 23:07:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.08.16 23:00:09 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\sxppwthn.sys 
[2012.08.16 23:00:09 | 000,000,130 | ---- | M] () -- C:\Windows\System32\cfkeik 
[2012.08.16 23:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
[2012.08.16 20:53:45 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012.05.29 17:05:47 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{a4bdeb4e-22b2-b2cc-e246-2b930e43eb30}\U\80000000.@ 
[2011.02.09 17:18:57 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{a4bdeb4e-22b2-b2cc-e246-2b930e43eb30}\@ 
[2011.02.09 17:18:57 | 000,002,048 | -HS- | C] () -- C:\Users\Martin\AppData\Local\{a4bdeb4e-22b2-b2cc-e246-2b930e43eb30}\@ 
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

shadowmh · 17.08.2012, 14:08

Hallo,
Danke erstmal für die schnelle Hilfe.

Hier die Logfiles:

Code:

ATTFilter

All processes killed
========== OTL ==========
Service StarOpen stopped successfully!
Service StarOpen deleted successfully!
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys not found.
Service atkdisplf stopped successfully!
Service atkdisplf deleted successfully!
File system32\drivers\ATKDispLowFilter.sys not found.
Service asusgsb stopped successfully!
Service asusgsb deleted successfully!
File system32\drivers\asusgsb.sys not found.
Error: No service named ancklnxi was found to stop!
Service\Driver key ancklnxi not found.
Service jfdcd stopped successfully!
Service jfdcd deleted successfully!
C:\Users\Martin\AppData\Local\Temp\jfdcd.sys moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
C:\Program Files\AskBarDis\bar\bin\askBar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
C:\Program Files\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ deleted successfully.
C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\facemoods deleted successfully.
C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3090768339-80412731-1411188237-1001\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3090768339-80412731-1411188237-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. H:\autorun.inf scheduled to be moved on reboot.
C:\ProgramData\ism_0_llatsni.pad moved successfully.
ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
File C:\Windows\System32\drivers\sxppwthn.sys not found.
File C:\Windows\System32\cfkeik not found.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Installer\{a4bdeb4e-22b2-b2cc-e246-2b930e43eb30}\U\80000000.@ moved successfully.
C:\Windows\Installer\{a4bdeb4e-22b2-b2cc-e246-2b930e43eb30}\@ moved successfully.
C:\Users\Martin\AppData\Local\{a4bdeb4e-22b2-b2cc-e246-2b930e43eb30}\@ moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\testkonto\Desktop\cmd.bat deleted successfully.
C:\Users\testkonto\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]

t'john · 17.08.2012, 14:59

Sehr gut!

Wie laeuft der Rechner?

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

shadowmh · 17.08.2012, 19:13

So Rechner läuft wieder. Vielen Dank nochmal.

Hier das Mal-Log:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.17.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Martin :: MARTIN-PC [Administrator]

Schutz: Aktiviert

17.08.2012 18:12:03
mbam-log-2012-08-17 (18-12-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 438949
Laufzeit: 1 Stunde(n), 44 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\Martin\AppData\Local\{a4bdeb4e-22b2-b2cc-e246-2b930e43eb30}\n. -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
H:\Sonstiges\Martin\CryptLoad\router\FRITZ!Box\nc.exe (PUP.Netcat) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

und der Adw-Log:

Code:

ATTFilter

# AdwCleaner v1.801 - Logfile created 08/17/2012 at 20:12:00
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Martin - MARTIN-PC
# Boot Mode : Normal
# Running from : C:\Users\Martin\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : AskService
Found : AskUpgrade

***** [Files / Folders] *****

Folder Found : C:\Users\Martin\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\testkonto\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\twwqsrh0.default\Conduit
Folder Found : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\twwqsrh0.default\ConduitEngine
Folder Found : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\twwqsrh0.default\CT2653012
Folder Found : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\twwqsrh0.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
Folder Found : C:\Program Files\AskBarDis
Folder Found : C:\Program Files\facemoods.com
File Found : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\twwqsrh0.default\searchplugins\Conduit.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\AskBarDis
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\facemoods.com
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Key Found : HKLM\SOFTWARE\Classes\facemoods.dskBnd
Key Found : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Found : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Key Found : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Key Found : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Key Found : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Key Found : HKLM\SOFTWARE\facemoods.com
Key Found : HKLM\SOFTWARE\Freeze.com
Key Found : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{622FD888-4E91-4D68-84D4-7262FD0811BF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Found : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Key Found : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (de)

Profile name : default 
File : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\twwqsrh0.default\prefs.js

Found : user_pref("CT2653012..clientLogIsEnabled", true);
Found : user_pref("CT2653012..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2653012..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2653012.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2653012.AppTrackingLastCheckTime", "Thu May 05 2011 22:18:32 GMT+0200");
Found : user_pref("CT2653012.CTID", "CT2653012");
Found : user_pref("CT2653012.CurrentServerDate", "30-5-2011");
Found : user_pref("CT2653012.DialogsAlignMode", "LTR");
Found : user_pref("CT2653012.DialogsGetterLastCheckTime", "Thu Mar 24 2011 22:29:28 GMT+0100");
Found : user_pref("CT2653012.DownloadReferralCookieData", "");
Found : user_pref("CT2653012.FirstServerDate", "22-3-2011");
Found : user_pref("CT2653012.FirstTime", true);
Found : user_pref("CT2653012.FirstTimeFF3", true);
Found : user_pref("CT2653012.FirstTimeSettingsDone", true);
Found : user_pref("CT2653012.FixPageNotFoundErrors", true);
Found : user_pref("CT2653012.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2653012.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2653012.HasUserGlobalKeys", true);
Found : user_pref("CT2653012.Initialize", true);
Found : user_pref("CT2653012.InitializeCommonPrefs", true);
Found : user_pref("CT2653012.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2653012.InstalledDate", "Tue Mar 22 2011 21:50:47 GMT+0100");
Found : user_pref("CT2653012.InvalidateCache", false);
Found : user_pref("CT2653012.IsGrouping", false);
Found : user_pref("CT2653012.IsMulticommunity", false);
Found : user_pref("CT2653012.IsOpenThankYouPage", true);
Found : user_pref("CT2653012.IsOpenUninstallPage", true);
Found : user_pref("CT2653012.LanguagePackLastCheckTime", "Mon May 30 2011 00:10:34 GMT+0200");
Found : user_pref("CT2653012.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2653012.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2653012.LastLogin_2.7.1.3", "Wed Mar 23 2011 22:12:04 GMT+0100");
Found : user_pref("CT2653012.LastLogin_3.3.3.2", "Mon May 30 2011 22:55:08 GMT+0200");
Found : user_pref("CT2653012.LatestVersion", "3.3.3.2");
Found : user_pref("CT2653012.Locale", "en");
Found : user_pref("CT2653012.LoginCache", 4);
Found : user_pref("CT2653012.MCDetectTooltipHeight", "83");
Found : user_pref("CT2653012.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2653012.MCDetectTooltipWidth", "295");
Found : user_pref("CT2653012.RadioIsPodcast", false);
Found : user_pref("CT2653012.RadioLastCheckTime", "Mon May 30 2011 00:10:38 GMT+0200");
Found : user_pref("CT2653012.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2653012.RadioLastUpdateServer", "129438915777300000");
Found : user_pref("CT2653012.RadioMediaID", "21806912");
Found : user_pref("CT2653012.RadioMediaType", "Media Player");
Found : user_pref("CT2653012.RadioMenuSelectedID", "EBRadioMenu_CT265301221806912");
Found : user_pref("CT2653012.RadioStationName", "California%20Rock%20-%20Rock");
Found : user_pref("CT2653012.RadioStationURL", "hxxp://www.feedlive.net/california.asx");
Found : user_pref("CT2653012.SHRINK_TOOLBAR", 1);
Found : user_pref("CT2653012.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2653012.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2653012.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT265[...]
Found : user_pref("CT2653012.SearchInNewTabEnabled", true);
Found : user_pref("CT2653012.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2653012.SearchInNewTabLastCheckTime", "Mon May 30 2011 00:10:33 GMT+0200");
Found : user_pref("CT2653012.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2653012.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2653012.ServiceMapLastCheckTime", "Mon May 30 2011 00:10:33 GMT+0200");
Found : user_pref("CT2653012.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2653012.SettingsLastCheckTime", "Mon May 30 2011 22:55:05 GMT+0200");
Found : user_pref("CT2653012.SettingsLastUpdate", "1306530423");
Found : user_pref("CT2653012.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2653012.ThirdPartyComponentsLastCheck", "Wed May 25 2011 23:41:28 GMT+0200");
Found : user_pref("CT2653012.ThirdPartyComponentsLastUpdate", "1246790578");
Found : user_pref("CT2653012.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2653012");
Found : user_pref("CT2653012.UserID", "UN33988723701145696");
Found : user_pref("CT2653012.ValidationData_Toolbar", 0);
Found : user_pref("CT2653012.WeatherNetwork", "");
Found : user_pref("CT2653012.WeatherPollDate", "Mon May 30 2011 22:55:10 GMT+0200");
Found : user_pref("CT2653012.WeatherUnit", "C");
Found : user_pref("CT2653012.alertChannelId", "1045667");
Found : user_pref("CT2653012.clientLogIsEnabled", true);
Found : user_pref("CT2653012.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2653012.components.1000234", true);
Found : user_pref("CT2653012.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
Found : user_pref("CT2653012.globalFirstTimeInfoLastCheckTime", "Mon May 30 2011 22:55:09 GMT+0200");
Found : user_pref("CT2653012.isAppTrackingManagerOn", true);
Found : user_pref("CT2653012.myStuffEnabled", true);
Found : user_pref("CT2653012.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2653012.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2653012.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2653012.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2653012.oldAppsList", "129199665576502590,129199665576658841,1000082,129245392054387126[...]
Found : user_pref("CT2653012.testingCtid", "");
Found : user_pref("CT2653012.toolbarAppMetaDataLastCheckTime", "Mon May 30 2011 00:10:34 GMT+0200");
Found : user_pref("CT2653012.toolbarContextMenuLastCheckTime", "Thu Mar 24 2011 22:29:28 GMT+0100");
Found : user_pref("CT2653012.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1045667/1041378/DE", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2653012", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2653012",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2653012/CT2653012[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Found : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Found : user_pref("CommunityToolbar.EngineOwner", "CT2653012");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{cd90bf73-20f6-44ef-993d-bb920303bd2e}");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "veoh_web_player");
Found : user_pref("CommunityToolbar.IsEngineShown", true);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2653012");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{cd90bf73-20f6-44ef-993d-bb920303bd2e}");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "veoh_web_player");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2653012,ConduitEngine");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2653012");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu Mar 24 2011 22:29:27 GMT+01[...]
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jun 24 2011 00:18:47 GMT+0200");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jun 24 2011 00:03:07 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "{a19d6e13-0c82-470e-a8b1-fa16573dc39d}");
Found : user_pref("CommunityToolbar.globalUserId", "3306a405-0c81-49a0-b7de-6c4f6e45a271");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2653012");
Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sun May 01 2011 01:01:28 GMT+0200");
Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Fri Jun 24 2011 00:03:07 GMT+0200");
Found : user_pref("ConduitEngine.FirstServerDate", "03/25/2011 00");
Found : user_pref("ConduitEngine.FirstTime", true);
Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Found : user_pref("ConduitEngine.HideEngineAfterRestart", true);
Found : user_pref("ConduitEngine.Initialize", true);
Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Found : user_pref("ConduitEngine.InstalledDate", "Thu Mar 24 2011 22:29:27 GMT+0100");
Found : user_pref("ConduitEngine.IsMulticommunity", false);
Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Fri Jun 24 2011 00:03:07 GMT+0200");
Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Fri Jun 24 2011 00:03:07 GMT+0200");
Found : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Fri Jun 24 2011 00:03:07 GMT+0200");
Found : user_pref("ConduitEngine.UserID", "UN72650639486583783");
Found : user_pref("ConduitEngine.engineLocale", "de");
Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Fri Jun 24 2011 00:03:07 GMT+0200");
Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Fri Jun 24 2011 00:03:07 GMT+0200");
Found : user_pref("ConduitEngine.initDone", true);
Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Found : user_pref("browser.search.defaultenginename", "Facemoods Search");
Found : user_pref("browser.search.defaultthis.engineName", "Veoh Web Player Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&Sea[...]
Found : user_pref("browser.search.selectedEngine", "Facemoods Search");
Found : user_pref("extensions.facemoods._xpiupdate", true);
Found : user_pref("extensions.facemoods.aflt", "_#ddrnw");
Found : user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.1");
Found : user_pref("extensions.facemoods.firstRun", false);
Found : user_pref("extensions.facemoods.first_time", false);
Found : user_pref("extensions.facemoods.id", "_#b3377d2b4661483a9ec3b4d235caf921");
Found : user_pref("extensions.facemoods.instlDay", "_#15203");
Found : user_pref("extensions.facemoods.lastActv", "17");
Found : user_pref("extensions.facemoods.prtnrId", "_#facemoods.com");
Found : user_pref("extensions.facemoods.sid", "_#b3377d2b4661483a9ec3b4d235caf921");
Found : user_pref("extensions.facemoods.update", "_#v1.4.0");
Found : user_pref("extensions.facemoods.vrsn", "_#1.4.17.5");
Found : user_pref("extensions.snipit.askTbInstalled", true);
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&q=");

Profile name : default 
File : C:\Users\testkonto\AppData\Roaming\Mozilla\Firefox\Profiles\lh8usqan.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [21499 octets] - [17/08/2012 20:12:00]

########## EOF - C:\AdwCleaner[R1].txt - [21628 octets] ##########

t'john · 18.08.2012, 15:12

Sehr gut!

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

t'john · 29.09.2012, 20:55

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

Habe mir den Polizei-Virus eingefangen, bitte um Hilfe beim Beseitigen

Plagegeister aller Art und deren Bekämpfung: Habe mir den Polizei-Virus eingefangen, bitte um Hilfe beim Beseitigen