Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Und das ausgerechnet jetzt: Live Security Platinum Virus

Und das ausgerechnet jetzt: Live Security Platinum Virus


Log-Analyse und Auswertung: Und das ausgerechnet jetzt: Live Security Platinum Virus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 27.08.2012, 11:34   #1
m00nwalker
 
Und das ausgerechnet jetzt: Live Security Platinum Virus - Standard

Und das ausgerechnet jetzt: Live Security Platinum Virus


Liebe Profis,
zunächst einmal vielen vielen Dank für die Möglichkeit hilfe über Euch zu bekommen, gerade im Moment ist das kaum mit Geld zu bezahlen...!

Seit heute morgen hab ich mir auch das o.g. Virus auf dem Netbook eingefangen, und mich seit dem nonstop bei Euch durchs Forum gelesen. Zu allem Überfluss bin ich auch noch Anfänger, so dass die Einfachsten Sachverhalte manchmal echt eine Herausforderung sein können. Ich versuche mein Unwissen mit sorgfältigem lesen etwas zu kompensieren, bitte aber vorsorglich um etwas Geduld mit mir, falls mir was durchgehen sollte.
Was ich bisher nach bestem Wissen und Gewissen getan habe:
- bei Euch gelesen
- Rechner im abgesicherten Mod wieder internetfähig bekommen
- Malwarebytes nach Anleitung installiert und aktualisiert sowie ausführlichen Suchlauf gemacht.
-die markierten gefundenen Einträge über das "Entfernen" Feld entfernt
-Neustart erneut im abgesicherten Mod., dann OTL drüber laufen lassen
-die 3 LOG Files hänge ich an.

Damit ersuche ich im Rahmen Eurer Möglichkeiten um möglichst baldige Unterstützung, denn der Zeitpunkt des Befallsist, ganz nach Merphys Law, quasi perfekt wenn man jemandem so richtig Ärger machen will, brauch ich den Rechner dor grade derzeit dringend für die Uni...
Was soll ich jetzt tun?

Vielen herzlichen Dank nochmals, und falls einer der Profis Grund zu einem "alles wird gut" Trost sehen sollte, und den aussprechen mag, wäre gerade ein verdammt guter Zeitpunkt ;-)

Viele Grüße

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.26.05

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
admin :: NETBOOK [Administrator]

Schutz: Deaktiviert

27.08.2012 09:40:59
mbam-log-2012-08-27 (09-40-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 388001
Laufzeit: 1 Stunde(n), 11 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ilapyb (Trojan.Phex.THAGen6) -> Daten: C:\Users\admin\AppData\Roaming\Dutuom\vyvaa.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|036DFF8A0062C46902BFEFD2F875EF7E (Trojan.FakeMS) -> Daten: C:\ProgramData\036DFF8A0062C46902BFEFD2F875EF7E\036DFF8A0062C46902BFEFD2F875EF7E.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 11
C:\Users\admin\Downloads\DownloadAcceleratorSetup (1).exe (PUP.Adware.InstallCore) -> Keine Aktion durchgeführt.
C:\Users\admin\Downloads\DownloadAcceleratorSetup.exe (PUP.Adware.InstallCore) -> Keine Aktion durchgeführt.
C:\Users\admin\AppData\Roaming\Dutuom\vyvaa.exe (Trojan.Phex.THAGen6) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\036DFF8A0062C46902BFEFD2F875EF7E\036DFF8A0062C46902BFEFD2F875EF7E.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-18\$e8656e7e2ce6824a3fdde67719f8ecf3\n (RootKit.0Access) -> Löschen bei Neustart.
C:\$Recycle.Bin\S-1-5-18\$e8656e7e2ce6824a3fdde67719f8ecf3\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-3782814548-3956509960-1778464787-1005\$e8656e7e2ce6824a3fdde67719f8ecf3\n (RootKit.0Access) -> Löschen bei Neustart.
C:\Users\admin\AppData\Local\Temp\~!#2505.tmp (Trojan.Phex.THAGen6) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\admin\AppData\Local\Temp\~!#68FA.tmp (Trojan.ModifiedUPX) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\admin\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
OTL Scan:
Code:
ATTFilter
OTL Extras logfile created on: 27.08.2012 11:03:48 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\admin\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,97 Gb Available Physical Memory | 48,61% Memory free
3,98 Gb Paging File | 2,98 Gb Available in Paging File | 74,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 41,74 Gb Free Space | 41,74% Space Free | Partition Type: NTFS
Drive D: | 117,87 Gb Total Space | 117,66 Gb Free Space | 99,82% Space Free | Partition Type: NTFS
 
Computer Name: NETBOOK | User Name: admin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{05ED854B-D355-4043-87A5-AF549041A9C4}" = PPTLaunch
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack
"{0F1A2E4E-E2EE-4806-B7CE-356D83A3CDEB}" = Windows Live Family Safety
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{41D6CED7-65E8-4EBB-BB1A-B45E2D8CF6D7}" = Windows Live Family Safety
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}" = Boingo Wi-Fi
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B5761811-28F3-4257-B537-815C5EEF472C}" = Vodafone Mobile Connect Lite
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F5A01B14-66D0-4861-AF04-12DE0BAAC0A0}" = syncables desktop DE
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCFBA290-CB48-4AF1-A241-2685AEDEDD66}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"Eee Docking_is1" = Eee Docking 3.8.1
"Elantech" = ETDWare PS/2-x86 7.0.5.11_WHQL
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"Juniper Network Connect 7.0.0" = Juniper Networks Network Connect 7.0.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OOBERegBackup_is1" = OOBERegBackup
"ScreenSaverPatch_is1" = ScreenSaverPatch
"VLC media player" = VLC media player 2.0.0
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3782814548-3956509960-1778464787-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Juniper_Setup_Client" = Juniper Networks Setup Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.07.2012 03:11:24 | Computer Name = Netbook | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\trend
 micro\BackUp\UCPlugin\c12t1206v0.0.0l1p5889r1o1\WSCHandler.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 24.07.2012 03:11:24 | Computer Name = Netbook | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\trend
 micro\BackUp\UCPlugin\c12t1206v0.0.0l1p5889r1o1\WSCTool.exe".  Die abhängige Assemblierung
 "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.07.2012 15:40:47 | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 25.07.2012 18:14:52 | Computer Name = Netbook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421,
 Zeitstempel: 0x4d76255d  Name des fehlerhaften Moduls: Flash32_11_3_300_257.ocx, 
Version: 11.3.300.257, Zeitstempel: 0x4fc82006  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x001cf8d9  ID des fehlerhaften Prozesses: 0x41ec  Startzeit der fehlerhaften Anwendung:
 0x01cd69679b02467c  Pfad der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe
Pfad
 des fehlerhaften Moduls: C:\windows\system32\Macromed\Flash\Flash32_11_3_300_257.ocx
Berichtskennung:
 27e313b6-d6a6-11e1-86ed-74f06dbf6fe2
 
Error - 26.07.2012 14:22:42 | Computer Name = Netbook | Source = RasClient | ID = 20227
Description = 
 
Error - 26.07.2012 14:26:06 | Computer Name = Netbook | Source = RasClient | ID = 20227
Description = 
 
Error - 27.07.2012 03:46:21 | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 27.07.2012 16:29:08 | Computer Name = Netbook | Source = RasClient | ID = 20227
Description = 
 
Error - 27.07.2012 16:32:25 | Computer Name = Netbook | Source = RasClient | ID = 20227
Description = 
 
Error - 29.07.2012 11:06:26 | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
[ System Events ]
Error - 05.08.2012 05:04:31 | Computer Name = Netbook | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst btwdins erreicht.
 
Error - 05.08.2012 05:09:11 | Computer Name = Netbook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \...\DR2 gefunden.
 
Error - 05.08.2012 05:34:40 | Computer Name = Netbook | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 05.08.2012 08:30:54 | Computer Name = Netbook | Source = BROWSER | ID = 8032
Description = 
 
Error - 05.08.2012 17:00:01 | Computer Name = Netbook | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 06.08.2012 02:32:42 | Computer Name = Netbook | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 06.08.2012 08:16:11 | Computer Name = Netbook | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 06.08.2012 09:07:02 | Computer Name = Netbook | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 07.08.2012 08:37:32 | Computer Name = Netbook | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 08.08.2012 05:41:16 | Computer Name = Netbook | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
 
< End of report >
OTL 2. Logfile:
Code:
ATTFilter
OTL logfile created on: 27.08.2012 11:03:48 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\admin\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,97 Gb Available Physical Memory | 48,61% Memory free
3,98 Gb Paging File | 2,98 Gb Available in Paging File | 74,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 41,74 Gb Free Space | 41,74% Space Free | Partition Type: NTFS
Drive D: | 117,87 Gb Total Space | 117,66 Gb Free Space | 99,82% Space Free | Partition Type: NTFS
 
Computer Name: NETBOOK | User Name: admin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\HelpPane.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe (Microsoft Corporation.)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (dsNcService) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (dsNcAdpt) -- C:\Windows\System32\drivers\dsNcAdpt.sys (Juniper Networks)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3782814548-3956509960-1778464787-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-3782814548-3956509960-1778464787-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-3782814548-3956509960-1778464787-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3782814548-3956509960-1778464787-1005\..\SearchScopes,DefaultScope = {39741231-A5CD-48E0-B610-07D295192F42}
IE - HKU\S-1-5-21-3782814548-3956509960-1778464787-1005\..\SearchScopes\{39741231-A5CD-48E0-B610-07D295192F42}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=
IE - HKU\S-1-5-21-3782814548-3956509960-1778464787-1005\..\SearchScopes\{3DB1B9CF-7B3C-4FA0-9CB1-9502A4A709B0}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=amznsearch.de.ms-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-3782814548-3956509960-1778464787-1005\..\SearchScopes\{6E44C581-1238-442C-9C6E-54E71E0EBE9D}: "URL" = hxxp://www.bookya.de/kaufen/?q={searchTerms}
IE - HKU\S-1-5-21-3782814548-3956509960-1778464787-1005\..\SearchScopes\{B8A17DB1-37EC-4AED-BB37-26926A95F3E7}: "URL" = hxxp://rover.ebay.com/rover/1/707-53477-19255-0/1?icep_ff3=9&pub=5574640706&toolid=10001&campid=5336449492&customid=&icep_uq={searchTerms}&icep_sellerId=&icep_ex_kw=&icep_sortBy=12&icep_catId=&icep_minPrice=&icep_maxPrice=&ipn=psmain&icep_vectorid=229487&kwid=902099&mtid=824&kw=lg
IE - HKU\S-1-5-21-3782814548-3956509960-1778464787-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\admin\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\admin\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.08.04 16:41:43 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.startfenster.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.startfenster.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\admin\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\admin\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\admin\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\admin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
CHR - Extension: Google Mail = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.08.04 19:40:58 | 000,001,385 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com
O1 - Hosts: 127.0.0.1 lmlicenses.wip4.adobe.com
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3782814548-3956509960-1778464787-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe File not found
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-21-3782814548-3956509960-1778464787-1005..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-3782814548-3956509960-1778464787-1005..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3782814548-3956509960-1778464787-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ssl.uni-duesseldorf.de/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25FD6034-5CA1-47D7-BEA6-49513491210D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C57AA9BD-91DA-4257-AA70-0F69F47C5015}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{783920a5-a107-11e1-86ed-74f06dbf6fe2}\Shell - "" = AutoRun
O33 - MountPoints2\{783920a5-a107-11e1-86ed-74f06dbf6fe2}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe
O33 - MountPoints2\{783920ab-a107-11e1-86ed-74f06dbf6fe2}\Shell - "" = AutoRun
O33 - MountPoints2\{783920ab-a107-11e1-86ed-74f06dbf6fe2}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe
O33 - MountPoints2\{783920ae-a107-11e1-86ed-74f06dbf6fe2}\Shell - "" = AutoRun
O33 - MountPoints2\{783920ae-a107-11e1-86ed-74f06dbf6fe2}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe
O33 - MountPoints2\{783920b6-a107-11e1-86ed-74f06dbf6fe2}\Shell - "" = AutoRun
O33 - MountPoints2\{783920b6-a107-11e1-86ed-74f06dbf6fe2}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe
O33 - MountPoints2\{783920b9-a107-11e1-86ed-74f06dbf6fe2}\Shell - "" = AutoRun
O33 - MountPoints2\{783920b9-a107-11e1-86ed-74f06dbf6fe2}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe
O33 - MountPoints2\{783920bd-a107-11e1-86ed-74f06dbf6fe2}\Shell - "" = AutoRun
O33 - MountPoints2\{783920bd-a107-11e1-86ed-74f06dbf6fe2}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe
O33 - MountPoints2\{783920bf-a107-11e1-86ed-74f06dbf6fe2}\Shell - "" = AutoRun
O33 - MountPoints2\{783920bf-a107-11e1-86ed-74f06dbf6fe2}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2030.01.01 16:27:24 | 000,000,000 | -HSD | C] -- C:\Boot
[2012.08.27 11:00:51 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2012.08.27 09:14:56 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2012.08.27 09:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.27 09:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.27 09:14:45 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012.08.27 09:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.27 09:08:19 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\admin\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.27 08:34:58 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2012.08.27 07:33:57 | 000,000,000 | -HSD | C] -- C:\windows\System32\%APPDATA%
[2012.08.27 07:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF8A0062C46902BFEFD2F875EF7E
[2012.08.27 07:24:47 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Pofef
[2012.08.27 07:24:47 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Dutuom
[2012.08.27 07:24:47 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Buqiow
[2012.08.16 07:12:11 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012.08.16 07:12:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012.08.16 07:12:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012.08.16 07:12:05 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012.08.16 07:12:03 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012.08.16 07:12:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012.08.16 07:11:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012.08.15 22:34:12 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srcore.dll
[2012.08.15 22:34:10 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012.08.15 22:34:04 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browcli.dll
[2012.08.08 20:33:47 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.08.08 14:37:31 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\eva u Richard
[2012.08.07 14:39:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.06 12:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012.08.06 12:51:28 | 000,696,520 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012.08.06 12:51:28 | 000,073,416 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012.08.04 16:59:58 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012.08.04 16:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2012.08.04 16:48:13 | 000,000,000 | ---D | C] -- C:\Users\admin\Adobe Flash Builder 4.6
[2012.08.04 16:41:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
[2012.08.04 16:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2012.08.04 16:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\My Company Name
[2012.08.04 16:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012.08.04 16:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
[2012.08.04 16:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.08.04 15:24:49 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\WinRAR
[2012.08.04 15:24:49 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.08.04 15:24:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.08.04 15:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.08.04 14:57:49 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Adobe Creative Suite 6 (CS6) Freischaltung - BoerseBZ-Dateien
[2012.08.04 14:06:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.08.04 13:49:34 | 000,000,000 | ---D | C] -- C:\windows\System32\appmgmt
[2012.08.04 13:13:21 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.07.30 14:31:20 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncrypt.dll
[2012.07.30 14:31:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msxml3r.dll
[2012.07.30 14:31:09 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cdosys.dll
[2012.07.29 22:28:36 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Macrovision
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.27 11:00:51 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2012.08.27 11:00:19 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.08.27 11:00:06 | 1602,838,528 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.27 09:14:47 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.27 09:14:07 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\admin\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.27 08:34:58 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2012.08.27 08:00:00 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3782814548-3956509960-1778464787-1005UA.job
[2012.08.27 07:55:54 | 000,009,712 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.27 07:55:54 | 000,009,712 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.27 07:51:00 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.27 07:50:05 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.27 07:48:49 | 003,700,272 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012.08.27 07:48:35 | 000,000,496 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.08.27 07:27:37 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012.08.27 07:27:36 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012.08.26 18:06:37 | 000,001,068 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3782814548-3956509960-1778464787-1005Core.job
[2012.08.23 15:54:34 | 000,002,452 | ---- | M] () -- C:\Users\admin\Desktop\Google Chrome.lnk
[2012.08.17 12:55:44 | 000,024,701 | ---- | M] () -- C:\Users\admin\Desktop\Fenster.jpg
[2012.08.17 11:42:27 | 000,021,948 | ---- | M] () -- C:\Users\admin\Desktop\Fenster.gif
[2012.08.16 14:27:27 | 000,033,041 | ---- | M] () -- C:\Users\admin\Desktop\03c19899de0f22e10_510.jpg
[2012.08.08 12:23:19 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.08.06 11:40:59 | 000,659,448 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012.08.06 11:40:59 | 000,620,594 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.08.06 11:40:59 | 000,132,728 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012.08.06 11:40:59 | 000,108,518 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.08.04 23:10:00 | 000,001,456 | ---- | M] () -- C:\Users\admin\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2012.08.04 17:14:37 | 000,170,999 | ---- | M] () -- C:\Users\admin\Documents\Adobe freischaltung.odt
[2012.08.04 16:41:59 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012.08.04 14:58:25 | 000,976,129 | ---- | M] () -- C:\Users\admin\Desktop\Adobe Creative Suite 6 (CS6) Freischaltung - BoerseBZ.mht
[2012.08.04 14:57:50 | 000,521,245 | ---- | M] () -- C:\Users\admin\Desktop\Adobe Creative Suite 6 (CS6) Freischaltung - BoerseBZ.htm
[2012.08.04 14:15:49 | 000,499,514 | ---- | M] () -- C:\Users\admin\Desktop\Windows 7 – Hosts-Datei bearbeiten » Jens Hellmeier - Blog  Web & IT - News.mht
[2012.07.29 18:37:55 | 280,113,509 | ---- | M] () -- C:\windows\MEMORY.DMP
 
========== Files Created - No Company Name ==========
 
[2030.01.01 16:27:24 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2012.08.27 09:14:47 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.17 12:55:40 | 000,024,701 | ---- | C] () -- C:\Users\admin\Desktop\Fenster.jpg
[2012.08.17 12:39:19 | 000,021,948 | ---- | C] () -- C:\Users\admin\Desktop\Fenster.gif
[2012.08.16 14:19:49 | 000,033,041 | ---- | C] () -- C:\Users\admin\Desktop\03c19899de0f22e10_510.jpg
[2012.08.08 12:23:19 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.08.08 12:23:19 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.08.04 23:10:00 | 000,001,456 | ---- | C] () -- C:\Users\admin\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2012.08.04 17:14:32 | 000,170,999 | ---- | C] () -- C:\Users\admin\Documents\Adobe freischaltung.odt
[2012.08.04 16:41:59 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012.08.04 16:41:58 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2012.08.04 16:41:58 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2012.08.04 16:36:03 | 000,001,067 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2012.08.04 16:31:57 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012.08.04 14:58:24 | 000,976,129 | ---- | C] () -- C:\Users\admin\Desktop\Adobe Creative Suite 6 (CS6) Freischaltung - BoerseBZ.mht
[2012.08.04 14:57:46 | 000,521,245 | ---- | C] () -- C:\Users\admin\Desktop\Adobe Creative Suite 6 (CS6) Freischaltung - BoerseBZ.htm
[2012.08.04 14:15:44 | 000,499,514 | ---- | C] () -- C:\Users\admin\Desktop\Windows 7 – Hosts-Datei bearbeiten » Jens Hellmeier - Blog  Web & IT - News.mht
[2012.07.29 18:37:55 | 280,113,509 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012.01.18 22:22:22 | 000,000,496 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.06.13 20:34:12 | 000,000,180 | ---- | C] () -- C:\windows\hpbafd.ini
[2011.06.02 19:47:16 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2011.05.31 15:46:39 | 000,015,873 | ---- | C] () -- C:\windows\System32\Inetde.dll
[2011.05.29 21:04:46 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2011.05.24 11:27:49 | 000,005,576 | ---- | C] () -- C:\windows\Language.ini
[2011.05.24 11:23:39 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2011.05.24 11:23:39 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2010.11.09 02:28:18 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2010.11.09 02:28:17 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2010.11.09 02:24:39 | 000,011,520 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2010.11.09 02:23:59 | 000,000,702 | ---- | C] () -- C:\windows\Reboot.ini
[2010.11.09 02:19:46 | 000,014,051 | ---- | C] () -- C:\windows\System32\RaCoInst.dat

< End of report >

Alt 27.08.2012, 19:16   #2
t'john
/// Helfer-Team
 
Und das ausgerechnet jetzt: Live Security Platinum Virus - Standard

Und das ausgerechnet jetzt: Live Security Platinum Virus




Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-3782814548-3956509960-1778464787-1005\..\SearchScopes,DefaultScope = {39741231-A5CD-48E0-B610-07D295192F42} 
IE - HKU\S-1-5-21-3782814548-3956509960-1778464787-1005\..\SearchScopes\{39741231-A5CD-48E0-B610-07D295192F42}: "URL" = http://www.google.de/search?q={searchTerms}&rlz= 
IE - HKU\S-1-5-21-3782814548-3956509960-1778464787-1005\..\SearchScopes\{3DB1B9CF-7B3C-4FA0-9CB1-9502A4A709B0}: "URL" = http://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=amznsearch.de.ms-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} 
IE - HKU\S-1-5-21-3782814548-3956509960-1778464787-1005\..\SearchScopes\{6E44C581-1238-442C-9C6E-54E71E0EBE9D}: "URL" = http://www.bookya.de/kaufen/?q={searchTerms} 
IE - HKU\S-1-5-21-3782814548-3956509960-1778464787-1005\..\SearchScopes\{B8A17DB1-37EC-4AED-BB37-26926A95F3E7}: "URL" = http://rover.ebay.com/rover/1/707-53477-19255-0/1?icep_ff3=9&pub=5574640706&toolid=10001&campid=5336449492&customid=&icep_uq={searchTerms}&icep_sellerId=&icep_ex_kw=&icep_sortBy=12&icep_catId=&icep_minPrice=&icep_maxPrice=&ipn=psmain&icep_vectorid=229487&kwid=902099&mtid=824&kw=lg 
IE - HKU\S-1-5-21-3782814548-3956509960-1778464787-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O4 - HKLM..\Run: [] File not found 
 O4 - HKU\S-1-5-21-3782814548-3956509960-1778464787-1005..\Run: [AdobeBridge] File not found 
O4 - HKU\S-1-5-21-3782814548-3956509960-1778464787-1005..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O7 - HKU\S-1-5-21-3782814548-3956509960-1778464787-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) 
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 
O33 - MountPoints2\{783920a5-a107-11e1-86ed-74f06dbf6fe2}\Shell - "" = AutoRun 
O33 - MountPoints2\{783920a5-a107-11e1-86ed-74f06dbf6fe2}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe 
O33 - MountPoints2\{783920ab-a107-11e1-86ed-74f06dbf6fe2}\Shell - "" = AutoRun 
O33 - MountPoints2\{783920ab-a107-11e1-86ed-74f06dbf6fe2}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe 
O33 - MountPoints2\{783920ae-a107-11e1-86ed-74f06dbf6fe2}\Shell - "" = AutoRun 
O33 - MountPoints2\{783920ae-a107-11e1-86ed-74f06dbf6fe2}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe 
O33 - MountPoints2\{783920b6-a107-11e1-86ed-74f06dbf6fe2}\Shell - "" = AutoRun 
O33 - MountPoints2\{783920b6-a107-11e1-86ed-74f06dbf6fe2}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe 
O33 - MountPoints2\{783920b9-a107-11e1-86ed-74f06dbf6fe2}\Shell - "" = AutoRun 
O33 - MountPoints2\{783920b9-a107-11e1-86ed-74f06dbf6fe2}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe 
O33 - MountPoints2\{783920bd-a107-11e1-86ed-74f06dbf6fe2}\Shell - "" = AutoRun 
O33 - MountPoints2\{783920bd-a107-11e1-86ed-74f06dbf6fe2}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe 
O33 - MountPoints2\{783920bf-a107-11e1-86ed-74f06dbf6fe2}\Shell - "" = AutoRun 
O33 - MountPoints2\{783920bf-a107-11e1-86ed-74f06dbf6fe2}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe 
[2012.08.27 07:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF8A0062C46902BFEFD2F875EF7E 

[2012.08.08 20:33:47 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 

[2012.08.27 08:00:00 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3782814548-3956509960-1778464787-1005UA.job 
[2012.08.27 07:51:00 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.08.27 07:50:05 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012.08.27 07:48:49 | 003,700,272 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT 
[2012.08.26 18:06:37 | 000,001,068 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3782814548-3956509960-1778464787-1005Core.job 
[2030.01.01 16:27:24 | 000,000,000 | -HSD | C] -- C:\Boot 

:Files

C:\Users\admin\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\admin\AppData\Local\Temp\*.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________
Alt 29.08.2012, 13:32   #3
m00nwalker
 
Und das ausgerechnet jetzt: Live Security Platinum Virus - Standard

Und das ausgerechnet jetzt: Live Security Platinum Virus


Hallo t'john,
vielen vielen vielen Dank für die schnelle Hilfe!
Hab Deine Anweisungen so ausgeführt, logfile siehe unten.Puh, bin erleichtert Scheint so als ob es jetzt alles ok sei, aber ist es das auch oder trügt der Schein? Nochmals vielen herzlichen Dank für den Support!

Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-21-3782814548-3956509960-1778464787-1005\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3782814548-3956509960-1778464787-1005\Software\Microsoft\Internet Explorer\SearchScopes\{39741231-A5CD-48E0-B610-07D295192F42}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39741231-A5CD-48E0-B610-07D295192F42}\ not found.
Registry key HKEY_USERS\S-1-5-21-3782814548-3956509960-1778464787-1005\Software\Microsoft\Internet Explorer\SearchScopes\{3DB1B9CF-7B3C-4FA0-9CB1-9502A4A709B0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DB1B9CF-7B3C-4FA0-9CB1-9502A4A709B0}\ not found.
Registry key HKEY_USERS\S-1-5-21-3782814548-3956509960-1778464787-1005\Software\Microsoft\Internet Explorer\SearchScopes\{6E44C581-1238-442C-9C6E-54E71E0EBE9D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E44C581-1238-442C-9C6E-54E71E0EBE9D}\ not found.
Registry key HKEY_USERS\S-1-5-21-3782814548-3956509960-1778464787-1005\Software\Microsoft\Internet Explorer\SearchScopes\{B8A17DB1-37EC-4AED-BB37-26926A95F3E7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8A17DB1-37EC-4AED-BB37-26926A95F3E7}\ not found.
HKU\S-1-5-21-3782814548-3956509960-1778464787-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3782814548-3956509960-1778464787-1005\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3782814548-3956509960-1778464787-1005\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM deleted successfully.
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3782814548-3956509960-1778464787-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000}
C:\Windows\Downloaded Program Files\swdir.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{783920a5-a107-11e1-86ed-74f06dbf6fe2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{783920a5-a107-11e1-86ed-74f06dbf6fe2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{783920a5-a107-11e1-86ed-74f06dbf6fe2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{783920a5-a107-11e1-86ed-74f06dbf6fe2}\ not found.
File E:\StartVMCLite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{783920ab-a107-11e1-86ed-74f06dbf6fe2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{783920ab-a107-11e1-86ed-74f06dbf6fe2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{783920ab-a107-11e1-86ed-74f06dbf6fe2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{783920ab-a107-11e1-86ed-74f06dbf6fe2}\ not found.
File E:\StartVMCLite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{783920ae-a107-11e1-86ed-74f06dbf6fe2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{783920ae-a107-11e1-86ed-74f06dbf6fe2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{783920ae-a107-11e1-86ed-74f06dbf6fe2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{783920ae-a107-11e1-86ed-74f06dbf6fe2}\ not found.
File E:\StartVMCLite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{783920b6-a107-11e1-86ed-74f06dbf6fe2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{783920b6-a107-11e1-86ed-74f06dbf6fe2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{783920b6-a107-11e1-86ed-74f06dbf6fe2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{783920b6-a107-11e1-86ed-74f06dbf6fe2}\ not found.
File E:\StartVMCLite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{783920b9-a107-11e1-86ed-74f06dbf6fe2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{783920b9-a107-11e1-86ed-74f06dbf6fe2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{783920b9-a107-11e1-86ed-74f06dbf6fe2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{783920b9-a107-11e1-86ed-74f06dbf6fe2}\ not found.
File E:\StartVMCLite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{783920bd-a107-11e1-86ed-74f06dbf6fe2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{783920bd-a107-11e1-86ed-74f06dbf6fe2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{783920bd-a107-11e1-86ed-74f06dbf6fe2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{783920bd-a107-11e1-86ed-74f06dbf6fe2}\ not found.
File E:\StartVMCLite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{783920bf-a107-11e1-86ed-74f06dbf6fe2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{783920bf-a107-11e1-86ed-74f06dbf6fe2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{783920bf-a107-11e1-86ed-74f06dbf6fe2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{783920bf-a107-11e1-86ed-74f06dbf6fe2}\ not found.
File E:\StartVMCLite.exe not found.
Folder C:\ProgramData\036DFF8A0062C46902BFEFD2F875EF7E\ not found.
C:\Users\admin\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1\Local Store folder moved successfully.
C:\Users\admin\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 folder moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3782814548-3956509960-1778464787-1005UA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\System32\FNTCACHE.DAT moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3782814548-3956509960-1778464787-1005Core.job moved successfully.
Folder move failed. C:\Boot\zh-TW scheduled to be moved on reboot.
Folder move failed. C:\Boot\zh-HK scheduled to be moved on reboot.
Folder move failed. C:\Boot\zh-CN scheduled to be moved on reboot.
Folder move failed. C:\Boot\tr-TR scheduled to be moved on reboot.
Folder move failed. C:\Boot\sv-SE scheduled to be moved on reboot.
Folder move failed. C:\Boot\ru-RU scheduled to be moved on reboot.
Folder move failed. C:\Boot\pt-PT scheduled to be moved on reboot.
Folder move failed. C:\Boot\pt-BR scheduled to be moved on reboot.
Folder move failed. C:\Boot\pl-PL scheduled to be moved on reboot.
Folder move failed. C:\Boot\nl-NL scheduled to be moved on reboot.
Folder move failed. C:\Boot\nb-NO scheduled to be moved on reboot.
Folder move failed. C:\Boot\ko-KR scheduled to be moved on reboot.
Folder move failed. C:\Boot\ja-JP scheduled to be moved on reboot.
Folder move failed. C:\Boot\it-IT scheduled to be moved on reboot.
Folder move failed. C:\Boot\hu-HU scheduled to be moved on reboot.
Folder move failed. C:\Boot\fr-FR scheduled to be moved on reboot.
Folder move failed. C:\Boot\Fonts scheduled to be moved on reboot.
Folder move failed. C:\Boot\fi-FI scheduled to be moved on reboot.
Folder move failed. C:\Boot\es-ES scheduled to be moved on reboot.
Folder move failed. C:\Boot\en-US scheduled to be moved on reboot.
Folder move failed. C:\Boot\el-GR scheduled to be moved on reboot.
Folder move failed. C:\Boot\de-DE scheduled to be moved on reboot.
Folder move failed. C:\Boot\da-DK scheduled to be moved on reboot.
Folder move failed. C:\Boot\cs-CZ scheduled to be moved on reboot.
Folder move failed. C:\Boot scheduled to be moved on reboot.
========== FILES ==========
C:\Users\admin\AppData\Local\{00816CAA-10AA-4E7B-9322-F50A269A1A82} folder moved successfully.
C:\Users\admin\AppData\Local\{03EBBA28-7496-4E79-B1E7-7BFCB6098300} folder moved successfully.
C:\Users\admin\AppData\Local\{0598D07B-A925-4814-8618-EA17F5ED6006} folder moved successfully.
C:\Users\admin\AppData\Local\{1C6A03B5-8E0C-4EF6-9761-EC8C01A9BE98} folder moved successfully.
C:\Users\admin\AppData\Local\{28CEDC7F-BAFE-4AD0-B371-EDB95F9617B5} folder moved successfully.
C:\Users\admin\AppData\Local\{296C2908-B5BF-4D95-92C3-FF8A1007D03E} folder moved successfully.
C:\Users\admin\AppData\Local\{2C855C46-4793-4C60-A2BC-196F9DA2A52D} folder moved successfully.
C:\Users\admin\AppData\Local\{6E044FA8-5598-4C40-B6D5-38E2481F40F1} folder moved successfully.
C:\Users\admin\AppData\Local\{8CB83BEA-5E5E-42C8-A86F-FD7FD06AAB9D} folder moved successfully.
C:\Users\admin\AppData\Local\{8FCF3327-72CC-40B7-BE25-9BB1D307CB91} folder moved successfully.
C:\Users\admin\AppData\Local\{944D9494-505C-45FE-94A2-62F09C2CAD25} folder moved successfully.
C:\Users\admin\AppData\Local\{A9A16E11-5C2B-47FF-82DA-39D25C20D377} folder moved successfully.
C:\Users\admin\AppData\Local\{CB291EF6-2D74-44E1-8DB9-7AA53D96FE2A} folder moved successfully.
C:\Users\admin\AppData\Local\{F7D363BE-DDB2-4EC3-84FA-931DFC9FD9F9} folder moved successfully.
C:\Users\admin\AppData\Local\{F92FDCF7-670B-4B08-9A36-F87F17CA0954} folder moved successfully.
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
C:\Users\admin\AppData\Local\Temp\anajbio.exe moved successfully.
C:\Users\admin\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe moved successfully.
C:\Users\admin\AppData\Local\Temp\GoogleUpdateSetup.exe34d9802e moved successfully.
C:\Users\admin\AppData\Local\Temp\InstallFlashPlayer.exe moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\admin\Desktop\cmd.bat deleted successfully.
C:\Users\admin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: admin
->Temp folder emptied: 20275603 bytes
->Temporary Internet Files folder emptied: 449958238 bytes
->Google Chrome cache emptied: 410379855 bytes
->Flash cache emptied: 633 bytes
 
User: All Users
 
User: Bira
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 327974 bytes
->Flash cache emptied: 56818 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1092522263 bytes
RecycleBin emptied: 1183208826 bytes
 
Total Files Cleaned = 3.010,00 mb
 
 
OTL by OldTimer - Version 3.2.59.1 log created on 08272012_204716

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Folder move failed. C:\Boot\zh-TW scheduled to be moved on reboot.
Folder move failed. C:\Boot\zh-HK scheduled to be moved on reboot.
Folder move failed. C:\Boot\zh-CN scheduled to be moved on reboot.
Folder move failed. C:\Boot\tr-TR scheduled to be moved on reboot.
Folder move failed. C:\Boot\sv-SE scheduled to be moved on reboot.
Folder move failed. C:\Boot\ru-RU scheduled to be moved on reboot.
Folder move failed. C:\Boot\pt-PT scheduled to be moved on reboot.
Folder move failed. C:\Boot\pt-BR scheduled to be moved on reboot.
Folder move failed. C:\Boot\pl-PL scheduled to be moved on reboot.
Folder move failed. C:\Boot\nl-NL scheduled to be moved on reboot.
Folder move failed. C:\Boot\nb-NO scheduled to be moved on reboot.
Folder move failed. C:\Boot\ko-KR scheduled to be moved on reboot.
Folder move failed. C:\Boot\ja-JP scheduled to be moved on reboot.
Folder move failed. C:\Boot\it-IT scheduled to be moved on reboot.
Folder move failed. C:\Boot\hu-HU scheduled to be moved on reboot.
Folder move failed. C:\Boot\fr-FR scheduled to be moved on reboot.
Folder move failed. C:\Boot\Fonts scheduled to be moved on reboot.
Folder move failed. C:\Boot\fi-FI scheduled to be moved on reboot.
Folder move failed. C:\Boot\es-ES scheduled to be moved on reboot.
Folder move failed. C:\Boot\en-US scheduled to be moved on reboot.
Folder move failed. C:\Boot\el-GR scheduled to be moved on reboot.
Folder move failed. C:\Boot\de-DE scheduled to be moved on reboot.
Folder move failed. C:\Boot\da-DK scheduled to be moved on reboot.
Folder move failed. C:\Boot\cs-CZ scheduled to be moved on reboot.
Folder move failed. C:\Boot\zh-TW scheduled to be moved on reboot.
Folder move failed. C:\Boot\zh-HK scheduled to be moved on reboot.
Folder move failed. C:\Boot\zh-CN scheduled to be moved on reboot.
Folder move failed. C:\Boot\tr-TR scheduled to be moved on reboot.
Folder move failed. C:\Boot\sv-SE scheduled to be moved on reboot.
Folder move failed. C:\Boot\ru-RU scheduled to be moved on reboot.
Folder move failed. C:\Boot\pt-PT scheduled to be moved on reboot.
Folder move failed. C:\Boot\pt-BR scheduled to be moved on reboot.
Folder move failed. C:\Boot\pl-PL scheduled to be moved on reboot.
Folder move failed. C:\Boot\nl-NL scheduled to be moved on reboot.
Folder move failed. C:\Boot\nb-NO scheduled to be moved on reboot.
Folder move failed. C:\Boot\ko-KR scheduled to be moved on reboot.
Folder move failed. C:\Boot\ja-JP scheduled to be moved on reboot.
Folder move failed. C:\Boot\it-IT scheduled to be moved on reboot.
Folder move failed. C:\Boot\hu-HU scheduled to be moved on reboot.
Folder move failed. C:\Boot\fr-FR scheduled to be moved on reboot.
Folder move failed. C:\Boot\Fonts scheduled to be moved on reboot.
Folder move failed. C:\Boot\fi-FI scheduled to be moved on reboot.
Folder move failed. C:\Boot\es-ES scheduled to be moved on reboot.
Folder move failed. C:\Boot\en-US scheduled to be moved on reboot.
Folder move failed. C:\Boot\el-GR scheduled to be moved on reboot.
Folder move failed. C:\Boot\de-DE scheduled to be moved on reboot.
Folder move failed. C:\Boot\da-DK scheduled to be moved on reboot.
Folder move failed. C:\Boot\cs-CZ scheduled to be moved on reboot.
Folder move failed. C:\Boot scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
__________________
Alt 29.08.2012, 18:36   #4
t'john
/// Helfer-Team
 
Und das ausgerechnet jetzt: Live Security Platinum Virus - Standard

Und das ausgerechnet jetzt: Live Security Platinum Virus


Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 30.08.2012, 20:51   #5
m00nwalker
 
Und das ausgerechnet jetzt: Live Security Platinum Virus - Standard

Und das ausgerechnet jetzt: Live Security Platinum Virus


Vielen Dank t'john für die abermals schnelle Antwort !
Der Rechner läuft wieder wie vorher, also gut, habe keine Veränderungen oder Folgeschäden bemerkt.
Der erneute Scan mit Malewarebytes hat erneut 2 infizierte Dateien gefunden, die allerdings beim ersten Mal glaube ich nicht dabei waren ("Trojan.reza" - beim ersten Scan nch deiner Anweisung vorgestern mal nicht gefunden)

Ausserdem fand er 2x Pup.Adware.InstalleCore, das war allerdings vorher schon da, hatte ich aber aus Unsicherheit nicht entfernt, da bei diesen Einträgen kein Häkchen voreingetrgen war), jetzt entfernt, siehe angehängtes Malewarebytes logfile.
Eieiei, da kommen ja doch noch unangenehme Dinge zum Vorschein...Das AdwCleaner Logfile ist ebenfalls angehängt. Ist jetzt alles wieder gut oder siehts böse aus? Für mich scheint der Rechner "gesund" zusein,beunruhigt mich nur das Malewarebytes das dann doch anders sah, aber vielleicht waren das ja auch Bedrohungen die schon länger da waren nur bis jetzt unerkannt blieben. Jetzt wo ich Durch Euch Malewarebytes kenne, werd ich das wohl öfter mal bemühen.


Falls es notwendig ist, meinen Rechner sicherheitsmäßig mehr auf Vordermann zu bringen, nehme ich Ratschläge gerne an (da ich keine Ahnung hab,bin ich sogar drauf angewiesen). Derzeit habe ich an Sicherheitsmechanismen nur das was Windows 7, avast, und Spybot zu bieten hat im Hintergrund laufen. Weiss allerdings nicht ob man sich von der Systemseite-abgesehen vom Surfverhalten, überhaupt zuverlässig gegen derartige Viren schützen kann.

Lieben Dank tjohn! und nun die logs:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.30.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
admin :: NETBOOK [Administrator]

Schutz: Aktiviert

30.08.2012 13:03:19
mbam-log-2012-08-30 (13-03-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 362942
Laufzeit: 1 Stunde(n), 59 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\admin\Downloads\DownloadAcceleratorSetup (1).exe (PUP.Adware.InstallCore) -> Keine Aktion durchgeführt.
C:\Users\admin\Downloads\DownloadAcceleratorSetup.exe (PUP.Adware.InstallCore) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\08272012_204716\C_Users\admin\AppData\Local\Temp\anajbio.exe (Trojan.Reza) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\08272012_204716\C_Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\69b7a1f8-7d60f6d6 (Trojan.Reza) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Code:
ATTFilter
# AdwCleaner v1.801 - Logfile created 08/30/2012 at 21:09:57
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : admin - NETBOOK
# Boot Mode : Normal
# Running from : C:\Users\admin\Desktop\Trojanerboard Progs\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\Public\Desktop\eBay.lnk

***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v21.0.1180.83

File : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [757 octets] - [30/08/2012 21:09:57]

########## EOF - C:\AdwCleaner[R1].txt - [884 octets] ##########


Alt 31.08.2012, 08:57   #6
t'john
/// Helfer-Team
 
Und das ausgerechnet jetzt: Live Security Platinum Virus - Standard

Und das ausgerechnet jetzt: Live Security Platinum Virus


Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
--> Und das ausgerechnet jetzt: Live Security Platinum Virus

Alt 31.08.2012, 13:01   #7
m00nwalker
 
Und das ausgerechnet jetzt: Live Security Platinum Virus - Standard

Und das ausgerechnet jetzt: Live Security Platinum Virus


Danke hab ich gemacht, Adwcleaner Logfile und Emisoft Anti.Maleware logfile anbei. Emisoft hat erneut 15 Bedrohungen/suspekte Objekte gefunden....

Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 31.08.2012 10:55:15

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, Q:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	31.08.2012 10:55:57

C:\_OTL\MovedFiles\08272012_204716\C_Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\2f286c2e-3ede2b92 -> a.class 	gefunden: Exploit.Java.CVE-2010!E2
C:\_OTL\MovedFiles\08272012_204716\C_Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\2f286c2e-3ede2b92 -> b.class 	gefunden: Exploit.Java.CVE-2010!E2
C:\_OTL\MovedFiles\08272012_204716\C_Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\2f286c2e-3ede2b92 -> Draw.class 	gefunden: Exploit.Java.CVE-2010!E2
C:\_OTL\MovedFiles\08272012_204716\C_Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\2f286c2e-3ede2b92 -> Field.class 	gefunden: Exploit.Java.CVE-2010!E2
C:\_OTL\MovedFiles\08272012_204716\C_Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\2f286c2e-3ede2b92 -> Photo.class 	gefunden: Exploit.Java.CVE!E2
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTXY39EV\in[2].htm 	gefunden: Trojan.IframeRef!E2
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTXY39EV\in[1].htm 	gefunden: Trojan.IframeRef!E2
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTXY39EV\in[4].htm 	gefunden: Trojan.IframeRef!E2
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTXY39EV\in[3].htm 	gefunden: Trojan.IframeRef!E2
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTXY39EV\in[5].htm 	gefunden: Trojan.IframeRef!E2
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTXY39EV\in[6].htm 	gefunden: Trojan.IframeRef!E2
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KE0XXK8Q\in[1].htm 	gefunden: Trojan.IframeRef!E2
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KE0XXK8Q\y3o5u46099[1].htm 	gefunden: HTML.Redirector!E2
C:\Users\admin\Downloads\ACS6Keygen.zip -> AdobeCS6Keygen\WIN Keygen\xf-mccs6.rar -> xf-mccs6.exe 	gefunden: not-a-virus:Keygen.SuspectCRC!E2
C:\Users\admin\Downloads\ACS6Keygen.zip -> AdobeCS6Keygen\WIN Keygen\xf-mccs6.rar 	gefunden: not-a-virus:Keygen.SuspectCRC!E2

Gescannt	619400
Gefunden	15

Scan Ende:	31.08.2012 13:39:31
Scan Zeit:	2:43:34

C:\Users\admin\Downloads\ACS6Keygen.zip -> AdobeCS6Keygen\WIN Keygen\xf-mccs6.rar -> xf-mccs6.exe	Quarantäne not-a-virus:Keygen.SuspectCRC!E2
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KE0XXK8Q\y3o5u46099[1].htm	Quarantäne HTML.Redirector!E2
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTXY39EV\in[2].htm	Quarantäne Trojan.IframeRef!E2
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTXY39EV\in[1].htm	Quarantäne Trojan.IframeRef!E2
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTXY39EV\in[4].htm	Quarantäne Trojan.IframeRef!E2
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTXY39EV\in[3].htm	Quarantäne Trojan.IframeRef!E2
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTXY39EV\in[5].htm	Quarantäne Trojan.IframeRef!E2
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTXY39EV\in[6].htm	Quarantäne Trojan.IframeRef!E2
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KE0XXK8Q\in[1].htm	Quarantäne Trojan.IframeRef!E2
C:\_OTL\MovedFiles\08272012_204716\C_Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\2f286c2e-3ede2b92 -> Photo.class	Quarantäne Exploit.Java.CVE!E2

Quarantäne	10
Code:
ATTFilter
# AdwCleaner v1.801 - Logfile created 08/30/2012 at 22:57:18
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : admin - NETBOOK
# Boot Mode : Normal
# Running from : C:\Users\admin\Desktop\Trojanerboard Progs\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v21.0.1180.83

File : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [884 octets] - [30/08/2012 21:09:57]
AdwCleaner[S1].txt - [818 octets] - [30/08/2012 22:57:18]

########## EOF - C:\AdwCleaner[S1].txt - [945 octets] ##########

Alt 31.08.2012, 19:50   #8
t'john
/// Helfer-Team
 
Und das ausgerechnet jetzt: Live Security Platinum Virus - Standard

Und das ausgerechnet jetzt: Live Security Platinum Virus


Sehr gut!


Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 18.10.2012, 01:17   #9
t'john
/// Helfer-Team
 
Und das ausgerechnet jetzt: Live Security Platinum Virus - Standard

Und das ausgerechnet jetzt: Live Security Platinum Virus


Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Und das ausgerechnet jetzt: Live Security Platinum Virus
32 bit, bho, bingbar, desktop, dringend, entfernen, error, failed, fehler, firefox, flash player, geld, google, homepage, hosts-datei, hängen, iexplore.exe, index, install.exe, installation, live platinum virus, logfile, microsoft office starter 2010, plug-in, realtek, recycle.bin, registry, scan, security, server, software, super, trojan.modifiedupx, trojan.phex.thagen, virus, vodafone, warnung


« Bundeskriminalamt Trojan.Zbot | Polizei-Ukash Trojaner »


Ähnliche Themen: Und das ausgerechnet jetzt: Live Security Platinum Virus


  1. Virenbefall: Live Security Platinum Virus
    Log-Analyse und Auswertung - 15.11.2012 (32)
  2. Live Security Platinum Virus bin schon im Abgesichertem Modus und 1. Log erstellt - wie weiter?
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (3)
  3. Virus Live Security Platinum auf meinem Laptop
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (2)
  4. Live Security Platinum Virus
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (15)
  5. Live Security Platinum Virus immer noch da
    Plagegeister aller Art und deren Bekämpfung - 10.09.2012 (3)
  6. Virus: Live Security Platinum - Der nächste Fall
    Log-Analyse und Auswertung - 06.09.2012 (3)
  7. Live Security Platinum Virus - wirklich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 19.08.2012 (35)
  8. (2x) Live Security Platinum Virus
    Mülltonne - 17.08.2012 (1)
  9. Live Security Platinum Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (28)
  10. Live Security Platinum Virus / Sicherung von Daten auf USB-Stick möglich?
    Plagegeister aller Art und deren Bekämpfung - 15.08.2012 (1)
  11. Live Security Platinum Virus - Probleme bei den ersten Schritten
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (1)
  12. Live Security Platinum Virus
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (3)
  13. Live Security Platinum - Virus eingefangen
    Log-Analyse und Auswertung - 01.08.2012 (5)
  14. Live Security Platinum-Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (6)
  15. Live Security Platinum Virus
    Plagegeister aller Art und deren Bekämpfung - 24.07.2012 (22)
  16. Erst Live Security Platinum und jetzt Rootkit.0Access
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (5)
  17. PC wiederholt verseucht mit "Live Security Platinum", jetzt wieder sauber?
    Log-Analyse und Auswertung - 21.06.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Und das ausgerechnet jetzt: Live Security Platinum Virus - Liebe Profis, zunächst einmal vielen vielen Dank für die Möglichkeit hilfe über Euch zu bekommen, gerade im Moment ist das kaum mit Geld zu bezahlen...! Seit heute morgen hab ich - Und das ausgerechnet jetzt: Live Security Platinum Virus...
Archiv
Du betrachtest: Und das ausgerechnet jetzt: Live Security Platinum Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131