Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Polizei-Trojaner-Österreich-Virus

Polizei-Trojaner-Österreich-Virus


Log-Analyse und Auswertung: Polizei-Trojaner-Österreich-Virus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 22.10.2012, 18:17   #1
Philipp11111
 
Polizei-Trojaner-Österreich-Virus - Standard

Polizei-Trojaner-Österreich-Virus


Hallo,
Ich habe folgendes Problem:
Ich habe mir gestern den Polizei Virus/Trojaner eingefangen...
Da ich meinen PC nicht neu aufsetzten kann bzw will muss ich jetzt alles so bereinigen...
folgendes habe ich schon gemacht und es scheint so als ob alles wieder OK ist, kann das sein??
also:
1.) um wieder zugriff zu bekommen habe ich im abgesicherten Modus eine Systemwiederherstellung vom Freitag gemacht.
2.) nun hatte ich weider zugriff abr mir war klar, dass das Problem nciht gelöst ist, also habe ich mal meinen PC mit Norton gescannt---nichts gefunden.
3.) ich habe mir Malewarebyte heruntergeladen und gescannt--- 6 Files gefunden
4.) die habe ich dann auch gelöscht.
5.) danach noch ein scan--- 1 gefunden und gelöscht
6.) danach noch ein scan---- 0 gefunden
7.) dannach mit CCleaner alles gesäubert
8.) nochmals mit malewarebyte gescannt---0 Funde

Kann ich davon ausgehen dass mein PC wieder "clean" ist?

Danke für eure Info!

LG

Alt 23.10.2012, 07:58   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Polizei-Trojaner-Österreich-Virus - Standard

Polizei-Trojaner-Österreich-Virus


Hi,

Nee kannst Du nicht.


Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________
Alt 23.10.2012, 11:22   #3
Philipp11111
 
Polizei-Trojaner-Österreich-Virus - Standard

Polizei-Trojaner-Österreich-Virus


Hallo Schrauber,

Ich bekomme nur ein OLT.Txt
Woher bekomme ich das EXTRA.TEXT?

Danke
LG
__________________
Geändert von Philipp11111 (23.10.2012 um 11:30 Uhr)

Alt 23.10.2012, 11:36   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Polizei-Trojaner-Österreich-Virus - Standard

Polizei-Trojaner-Österreich-Virus


Poste erstmal die OTL.txt
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.10.2012, 12:02   #5
Philipp11111
 
Polizei-Trojaner-Österreich-Virus - Standard

Polizei-Trojaner-Österreich-Virus


OLT:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.10.2012 12:44:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\XXXX\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: XXXXX | Language: DEA | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 48,50% Memory free
7,60 Gb Paging File | 5,58 Gb Available in Paging File | 73,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,42 Gb Total Space | 347,78 Gb Free Space | 77,04% Space Free | Partition Type: NTFS
Drive D: | 14,04 Gb Total Space | 2,01 Gb Free Space | 14,34% Space Free | Partition Type: NTFS
Drive E: | 99,02 Mb Total Space | 89,01 Mb Free Space | 89,88% Space Free | Partition Type: FAT32
 
Computer Name: XXXX-PC | User Name: XXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.22 08:54:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXXX\Desktop\OTL.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.05.31 15:00:22 | 000,445,624 | ---- | M] (Sony) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.07 12:47:46 | 000,160,840 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\pdf24\pdf24.exe
PRC - [2012.04.30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2011.09.01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.2.2.3\ccSvcHst.exe
PRC - [2011.02.23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2011.02.15 03:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.02.02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2010.03.18 22:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.03.18 22:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.01.25 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2009.10.13 11:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.10.13 11:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.24 11:50:32 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
MOD - [2012.04.30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2012.04.30 11:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2011.02.15 03:33:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.02.15 03:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.02.22 11:19:10 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010.02.22 11:19:08 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010.02.22 11:19:08 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.03.03 09:12:14 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.10.08 22:12:00 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.08 11:35:09 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.14 11:16:09 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.09.09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011.09.01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.02.02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010.04.05 12:12:00 | 000,103,992 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2010.03.18 22:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.03.18 22:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.18 15:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010.01.04 20:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.11.18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2009.10.13 11:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.07.10 06:31:10 | 000,157,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.14 15:58:47 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.08.17 09:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011.08.17 09:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011.08.17 09:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.08.17 09:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011.06.18 09:58:58 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011.05.03 15:42:40 | 000,222,464 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2011.04.21 03:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011.03.31 05:00:09 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011.03.31 05:00:09 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011.03.15 04:31:23 | 000,912,504 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.30 18:19:32 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2011.01.27 08:47:10 | 000,450,680 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2011.01.27 07:07:06 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.08.21 05:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010.07.03 03:29:48 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.03.12 21:17:42 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.03.09 19:04:48 | 000,295,424 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.03.03 09:23:12 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.03.03 08:08:12 | 007,843,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010.03.03 08:08:12 | 007,843,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.03.03 08:07:34 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.03.02 14:59:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010.03.02 14:59:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010.03.02 14:59:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2010.02.22 10:09:10 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2010.02.11 01:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.01.28 19:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.10.13 11:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.09.17 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.10.22 01:55:49 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20121022.032\ex64.sys -- (NAVEX15)
DRV - [2012.10.22 01:55:49 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20121022.032\eng64.sys -- (NAVENG)
DRV - [2012.10.19 15:31:24 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20121020.002\IDSviA64.sys -- (IDSVia64)
DRV - [2012.09.01 00:09:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120928.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.08.09 07:17:04 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012.08.09 07:17:04 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009.09.23 03:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Österreich: Hotmail, Messenger, Skype download, Unterhaltung, Nachrichten, Sport, Lifestyle und mehr bei MSN AT
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Österreich: Hotmail, Messenger, Skype download, Unterhaltung, Nachrichten, Sport, Lifestyle und mehr bei MSN AT
IE - HKLM\..\SearchScopes,DefaultScope = {22625E1E-0033-45A4-B016-F194D9C94D92}
IE - HKLM\..\SearchScopes\{22625E1E-0033-45A4-B016-F194D9C94D92}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Österreich: Hotmail, Messenger, Skype download, Unterhaltung, Nachrichten, Sport, Lifestyle und mehr bei MSN AT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Austrian Aviation Net: Home
IE - HKCU\..\SearchScopes,DefaultScope = {22625E1E-0033-45A4-B016-F194D9C94D92}
IE - HKCU\..\SearchScopes\{22625E1E-0033-45A4-B016-F194D9C94D92}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files (x86)\FunWebProducts\Installr\1.bin\NPFunWeb.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2615434\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012.10.22 01:42:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_13_2 [2012.10.23 11:54:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.02.27 18:24:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.02.27 18:24:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.22 01:42:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.22 01:42:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.22 01:42:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.22 01:42:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.22 01:42:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.22 01:42:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.22 01:42:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.22 01:42:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.22 01:42:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.22 01:42:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.22 01:42:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.22 01:42:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.22 01:42:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.22 01:42:01 | 000,000,000 | ---D | M]
 
[2012.02.01 11:59:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions
[2011.11.29 22:54:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\cmuksrpn.default\extensions
[2011.08.30 20:23:25 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\cmuksrpn.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.02 13:51:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\tftgufyl.default\extensions
[2012.10.21 22:05:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.08 11:35:09 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.04.19 12:42:03 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.08 11:35:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.19 12:42:03 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.19 12:42:03 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.19 12:42:03 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.19 12:42:03 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.2.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 140.78.2.62 140.78.3.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C135595A-72EE-4199-9846-54E812AFD717}: DhcpNameServer = 140.78.2.62 140.78.3.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4ab366bb-4be3-11e1-8c1c-9a93759d0506}\Shell - "" = AutoRun
O33 - MountPoints2\{4ab366bb-4be3-11e1-8c1c-9a93759d0506}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{51ed533e-ac26-11e1-b234-002682b01834}\Shell - "" = AutoRun
O33 - MountPoints2\{51ed533e-ac26-11e1-b234-002682b01834}\Shell\AutoRun\command - "" = I:\Autorun.exe
O33 - MountPoints2\{c910a591-4be9-11e1-bcf8-002682b01834}\Shell - "" = AutoRun
O33 - MountPoints2\{c910a591-4be9-11e1-bcf8-002682b01834}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{cb8f7b98-d278-11e1-99e8-bad987d704c6}\Shell - "" = AutoRun
O33 - MountPoints2\{cb8f7b98-d278-11e1-99e8-bad987d704c6}\Shell\AutoRun\command - "" = H:\Startme.exe
O33 - MountPoints2\{ce999591-4b1d-11e1-9aa7-002682b01834}\Shell - "" = AutoRun
O33 - MountPoints2\{ce999591-4b1d-11e1-9aa7-002682b01834}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ce99959c-4b1d-11e1-9aa7-002682b01834}\Shell - "" = AutoRun
O33 - MountPoints2\{ce99959c-4b1d-11e1-9aa7-002682b01834}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{ec55ec98-56e3-11e1-93eb-b0e0b3edb724}\Shell - "" = AutoRun
O33 - MountPoints2\{ec55ec98-56e3-11e1-93eb-b0e0b3edb724}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{f80db2b5-4b22-11e1-9fbf-002682b01834}\Shell - "" = AutoRun
O33 - MountPoints2\{f80db2b5-4b22-11e1-9fbf-002682b01834}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f80db2d6-4b22-11e1-9fbf-002682b01834}\Shell - "" = AutoRun
O33 - MountPoints2\{f80db2d6-4b22-11e1-9fbf-002682b01834}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.23 11:57:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
[2012.10.22 16:54:50 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.10.22 08:22:51 | 003,941,312 | ---- | C] (Piriform Ltd) -- C:\Users\Philipp\Desktop\ccsetup323.exe
[2012.10.22 08:11:29 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Malwarebytes
[2012.10.22 08:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.22 08:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.22 08:10:52 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.22 08:10:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.10.21 11:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Saitek
[2012.10.13 14:01:44 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{A03593D2-FB13-4F88-A8BF-FC11C6371A7F}
[2012.10.12 14:21:44 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{3EED4529-4614-4DD9-860F-32691587CCE9}
[2012.10.10 19:18:58 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{53122CE7-4830-4837-B6B3-9C5DED5FD83C}
[2012.10.07 23:48:40 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Mathematica
[2012.10.07 23:48:40 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\Mathematica
[2012.10.07 23:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wolfram Research
[2012.10.07 23:47:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wolfram Research
[2012.10.07 23:47:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ResearchSoft
[2012.10.07 23:47:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Mathematica
[2012.10.07 23:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfram Mathematica
[2012.10.07 23:39:22 | 000,334,352 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysWow64\mltcpip32.mlp
[2012.10.07 23:39:22 | 000,163,344 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysWow64\mlmodule32.dll
[2012.10.07 23:39:22 | 000,093,712 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysWow64\mltcp32.mlp
[2012.10.07 23:39:22 | 000,088,080 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysWow64\mlshm32.mlp
[2012.10.07 23:39:22 | 000,079,376 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysWow64\mlmap32.mlp
[2012.10.07 23:39:21 | 000,370,704 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysWow64\ml32i3.dll
[2012.10.07 23:39:21 | 000,260,112 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysWow64\ml32i2.dll
[2012.10.07 23:39:20 | 000,253,968 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysWow64\ml32i1.dll
[2012.10.07 23:39:19 | 000,453,648 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysNative\mltcpip64.mlp
[2012.10.07 23:39:19 | 000,436,752 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysNative\ml64i3.dll
[2012.10.07 23:39:19 | 000,302,608 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysNative\ml64i2.dll
[2012.10.07 23:39:19 | 000,193,040 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysNative\mlmodule64.dll
[2012.10.07 23:39:19 | 000,103,440 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysNative\mltcp64.mlp
[2012.10.07 23:39:19 | 000,099,344 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysNative\mlshm64.mlp
[2012.10.07 23:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\Wolfram Research
[2012.10.07 20:02:59 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{7F493454-1ECC-4700-A279-1E64D95926DB}
[2012.10.06 10:58:56 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{C63D7815-40CD-4013-A492-76B18EBE6704}
[2012.10.04 17:29:47 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{6F8124AE-0902-4DAE-90FA-2B57C774495D}
[2012.10.01 16:08:34 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{F9623AA6-B19E-4F36-917C-CCFA8D16852F}
[2012.09.30 20:32:45 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{E22A23B7-62F0-4360-83E2-86D92D6BED74}
[2012.09.27 09:51:56 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\gtk-2.0
[2012.09.27 09:38:13 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\geany
[2012.09.27 09:37:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geany
[2012.09.27 09:37:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Geany
[2012.09.26 20:36:23 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{F589E341-D4DE-4911-A7C8-FEE9630EC541}
[2012.09.25 19:42:47 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{2524A2CF-1B26-48A1-89C0-119CE3A28FB7}
[2012.09.24 16:41:42 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{9AD2FF3A-E1BD-4B4C-8BDD-ADB3F4282ECF}
[2012.09.24 13:54:56 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\UNI
[2012.09.23 19:39:50 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{F3A54382-6D38-46D2-92B1-E6769847B3F1}
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.23 12:11:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.23 12:02:07 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.23 12:02:07 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.23 11:59:56 | 000,007,334 | ---- | M] () -- C:\Users\Philipp\Desktop\OpenDocument Text (neu).odt
[2012.10.23 11:54:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.23 11:53:58 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.22 18:16:14 | 000,443,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.22 08:54:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
[2012.10.22 08:22:45 | 003,941,312 | ---- | M] (Piriform Ltd) -- C:\Users\Philipp\Desktop\ccsetup323.exe
[2012.10.22 08:10:54 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.22 02:35:31 | 000,002,832 | ---- | M] () -- C:\{5B917FAB-E63E-4D21-8E2B-BF10FBCD4952}
[2012.10.21 14:44:00 | 000,018,030 | ---- | M] () -- C:\Users\Philipp\.recently-used.xbel
[2012.10.12 22:22:30 | 001,796,622 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.12 22:22:30 | 000,762,396 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.12 22:22:30 | 000,717,674 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.12 22:22:30 | 000,172,750 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.12 22:22:30 | 000,145,696 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.11 07:33:10 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPhilipp.job
[2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.10.23 11:59:55 | 000,007,334 | ---- | C] () -- C:\Users\Philipp\Desktop\OpenDocument Text (neu).odt
[2012.10.22 18:16:00 | 000,443,704 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.22 08:10:54 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.22 02:35:28 | 000,002,832 | ---- | C] () -- C:\{5B917FAB-E63E-4D21-8E2B-BF10FBCD4952}
[2012.10.21 14:44:00 | 000,018,030 | ---- | C] () -- C:\Users\Philipp\.recently-used.xbel
[2012.09.03 10:43:32 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2012.07.14 00:51:38 | 000,000,040 | ---- | C] () -- C:\ProgramData\detagcdltdfyccq
[2012.06.25 21:02:14 | 000,004,096 | -H-- | C] () -- C:\Users\Philipp\AppData\Local\keyfile3.drm
[2012.06.03 22:28:54 | 000,511,488 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2012.06.03 22:28:54 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2012.06.03 22:28:54 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2012.06.03 22:15:13 | 000,017,408 | ---- | C] () -- C:\Users\Philipp\AppData\Local\WebpageIcons.db
[2012.02.14 12:53:30 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.02.14 11:16:40 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.02.01 11:59:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.06.15 23:03:45 | 000,001,940 | ---- | C] () -- C:\Users\Philipp\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011.01.19 17:43:29 | 000,001,854 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\GhostObjGAFix.xml
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.04.04 14:44:55 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Autodesk
[2011.11.29 22:38:33 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Canon
[2012.06.03 22:29:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\concept design
[2012.10.22 16:57:33 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DAEMON Tools Lite
[2012.10.23 12:34:14 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Dropbox
[2012.01.19 21:20:41 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoft
[2011.08.30 20:23:24 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.03 09:42:07 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Festo
[2012.09.03 10:39:40 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\FreePDF
[2012.09.27 10:06:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\geany
[2012.10.22 01:42:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\gtk-2.0
[2012.01.30 22:14:33 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Notepad++
[2010.10.18 20:40:41 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\OpenOffice.org
[2012.01.16 22:47:55 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\PDF reDirect
[2011.11.29 23:07:01 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\PhotoFiltre
[2011.03.30 16:58:16 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\SkyTestAB1
[2012.10.22 01:42:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\SkyTestBU1
[2012.10.22 01:42:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\SkyTestSw30
[2010.10.18 19:42:12 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\SoftGrid Client
[2012.02.24 10:51:15 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TeamViewer
[2011.05.17 23:47:43 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Tific
[2010.10.17 13:46:06 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TP
[2012.01.31 11:20:50 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Unigraphics Solutions
[2012.04.04 17:46:21 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\WildTangent
[2010.10.17 13:36:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\_MDLogs
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.10.14 20:21:59 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.02.15 00:45:33 | 000,000,000 | ---D | M] -- C:\99f00fa79723f9700700
[2010.05.17 07:36:41 | 000,000,000 | -HSD | M] -- C:\boot
[2011.05.24 22:03:40 | 000,000,000 | ---D | M] -- C:\Cambridge
[2011.05.24 21:47:27 | 000,000,000 | ---D | M] -- C:\Clarity
[2012.10.12 00:10:15 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.10.14 19:30:00 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.07.03 03:47:48 | 000,000,000 | -H-D | M] -- C:\HP
[2010.07.03 03:58:35 | 000,000,000 | ---D | M] -- C:\Intel
[2012.02.14 12:49:39 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.10.22 16:54:50 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.10.22 09:14:38 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.10.22 08:10:53 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.10.14 19:30:01 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.10.14 19:30:33 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.01.31 22:16:57 | 000,000,000 | ---D | M] -- C:\SwSetup
[2012.10.23 12:03:22 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.10.14 19:30:37 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV
[2012.03.13 20:09:26 | 000,000,000 | ---D | M] -- C:\TEMP_P8_BS-1
[2010.10.14 19:30:06 | 000,000,000 | R--D | M] -- C:\Users
[2012.10.22 18:20:33 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %windir%\installer\*. /5 >
 
< %localappdata%\*. /5 >
[2012.10.22 16:56:27 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Local\CrashDumps
[2012.10.22 01:41:48 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Local\Microsoft
[2012.10.23 12:44:04 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Local\Temp

< End of report >
--- --- ---
Alt 23.10.2012, 14:13   #6
schrauber
/// the machine
/// TB-Ausbilder
 
Polizei-Trojaner-Österreich-Virus - Standard

Polizei-Trojaner-Österreich-Virus


Schaut nicht schlecht aus. Was sind die Laufwerke G,H und I?



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
--> Polizei-Trojaner-Österreich-Virus

Alt 24.10.2012, 07:53   #7
Philipp11111
 
Polizei-Trojaner-Österreich-Virus - Standard

Polizei-Trojaner-Österreich-Virus


Guten Morgen,

habe jetzt über die nacht dan scan durchgeführt und 1 infizierte Datei gefunden:

hier die Text:
C:\Users\Philipp\Downloads\your_file_downloader.exe Win32/Adware.MediaFinder application

Laufwerk I ist der Internetstick, G ung H scheint nicht auf...

LG

Alt 24.10.2012, 08:32   #8
schrauber
/// the machine
/// TB-Ausbilder
 
Polizei-Trojaner-Österreich-Virus - Standard

Polizei-Trojaner-Österreich-Virus


Die eine Datei kannste löschen. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.10.2012, 09:19   #9
Philipp11111
 
Polizei-Trojaner-Österreich-Virus - Standard

Polizei-Trojaner-Österreich-Virus


Ok!
Also sonst läuft alles gut, ist somit wieder alles ok?

Danke nochmal für die rasche Hilfe ;-)

LG
Philipp

Alt 24.10.2012, 09:29   #10
schrauber
/// the machine
/// TB-Ausbilder
 
Polizei-Trojaner-Österreich-Virus - Standard

Polizei-Trojaner-Österreich-Virus


OTL starten, Button Bereinigung drücken, fertig
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.10.2012, 15:44   #11
Philipp11111
 
Polizei-Trojaner-Österreich-Virus - Standard

Polizei-Trojaner-Österreich-Virus


Sensationell!
Super danke!

LG

Alt 25.10.2012, 15:48   #12
schrauber
/// the machine
/// TB-Ausbilder
 
Polizei-Trojaner-Österreich-Virus - Standard

Polizei-Trojaner-Österreich-Virus


Nix zu danken
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Polizei-Trojaner-Österreich-Virus
abgesicherte, abgesicherten, abgesicherten modus, aufsetzten, bereinige, ccleaner, files, folge, folgendes, freitag, gefunde, gelöst, gestern, gesäubert, modus, nciht, neu, neu aufsetzten, nochmals, norton, polizei, polizei trojaner österreich, problem, schei, systemwiederherstellung, zugriff


« GVU-Virus mit Webcam/Win7/Laie | Brief von Telekom / "Sicherheitswarnung zu Ihrem Internetzugang" / "TR/Crypt.ULPM.Gen" »


Ähnliche Themen: Polizei-Trojaner-Österreich-Virus


  1. Polizei Virus Österreich
    Plagegeister aller Art und deren Bekämpfung - 09.09.2013 (2)
  2. Polizei Virus Österreich
    Plagegeister aller Art und deren Bekämpfung - 24.04.2013 (24)
  3. Polizei Virus Österreich
    Plagegeister aller Art und deren Bekämpfung - 26.10.2012 (4)
  4. Polizei Virus Österreich vom 23.10.12
    Log-Analyse und Auswertung - 25.10.2012 (1)
  5. Polizei Virus Österreich
    Log-Analyse und Auswertung - 13.10.2012 (2)
  6. Österreich Polizei Virus
    Log-Analyse und Auswertung - 05.10.2012 (4)
  7. polizei virus österreich
    Log-Analyse und Auswertung - 22.09.2012 (1)
  8. Polizei Virus Österreich
    Log-Analyse und Auswertung - 14.09.2012 (13)
  9. Polizei Virus Österreich
    Log-Analyse und Auswertung - 07.09.2012 (22)
  10. Polizei Virus Österreich
    Plagegeister aller Art und deren Bekämpfung - 03.09.2012 (3)
  11. Polizei Virus - 100 EUR Österreich
    Log-Analyse und Auswertung - 25.08.2012 (5)
  12. Polizei Virus Österreich
    Log-Analyse und Auswertung - 19.08.2012 (4)
  13. Polizei Virus Österreich
    Log-Analyse und Auswertung - 14.08.2012 (13)
  14. Polizei-Virus Österreich
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (26)
  15. Polizei 5.2 Virus Österreich
    Log-Analyse und Auswertung - 26.07.2012 (2)
  16. Polizei Virus Österreich
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (3)
  17. Polizei Österreich Virus
    Log-Analyse und Auswertung - 04.07.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Polizei-Trojaner-Österreich-Virus - Hallo, Ich habe folgendes Problem: Ich habe mir gestern den Polizei Virus/Trojaner eingefangen... Da ich meinen PC nicht neu aufsetzten kann bzw will muss ich jetzt alles so bereinigen... folgendes - Polizei-Trojaner-Österreich-Virus...
Archiv
Du betrachtest: Polizei-Trojaner-Österreich-Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131