Cybercrime investigation department MALWARE

Tulbi · 19.07.2012, 23:29

Zitat:

All processes killed
========== OTL ==========
No active process named PCCompanionInfo.exe was found!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: calendar-timezones@mozilla.org:0.1.2008d removed from extensions.enabledItems
Prefs.js: default-palette@celtx.com:1.0 removed from extensions.enabledItems
Prefs.js: emoticons-msn-smileys@m513901.de:0.1 removed from extensions.enabledItems
Prefs.js: inspector@mozilla.org:2.0.0 removed from extensions.enabledItems
Prefs.js: messagestyle-blackened@addons.instantbird.org:0.9 removed from extensions.enabledItems
Prefs.js: messagestyle-depth@addons.instantbird.org:1.1 removed from extensions.enabledItems
Prefs.js: messagestyle-minimal20@addons.instantbird.org:1.5 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\ProgramData\go_0molg.pad moved successfully.
File C:\Users\***.***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
File C:\ProgramData\go_0molg.pad not found.
File C:\Users\***.***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
========== FILES ==========
< ipconfig /flushdns /c >
No captured output from command...
C:\Users\******\Downloads\cmd.bat deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: ******
->Temp folder emptied: 303988476 bytes
->Temporary Internet Files folder emptied: 14843835 bytes
->Java cache emptied: 3330090 bytes
->FireFox cache emptied: 73629838 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 451452 bytes

User: ***Hõberli

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 298279220 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66818 bytes
RecycleBin emptied: 6112653887 bytes

Total Files Cleaned = 6.492,00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Gast
->Flash cache emptied: 0 bytes

User: Public

User: ******
->Flash cache emptied: 0 bytes

User: ***Hõberli

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.54.0 log created on 07202012_002123

Files\Folders moved on Reboot...
C:\Users\******\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\******\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Habe alles wie beschrieben gemacht...
Bei Avira habe ich einfach den Echtzeitscanner ausgeschaltet, hat das genügt?

Danke vielmals für deine Hilfe!!!

Cybercrime investigation department MALWARE

Plagegeister aller Art und deren Bekämpfung: Cybercrime investigation department MALWARE

Cybercrime investigation department MALWARE

Ähnliche Themen: Cybercrime investigation department MALWARE