Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Ukash Bundespolizei Infektion - Logs anbei

Ukash Bundespolizei Infektion - Logs anbei


Plagegeister aller Art und deren Bekämpfung: Ukash Bundespolizei Infektion - Logs anbei

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.11.2012, 21:42   #1
t'john
/// Helfer-Team
 
Ukash Bundespolizei Infektion - Logs anbei - Standard

Ukash Bundespolizei Infektion - Logs anbei


Gut, Rechner normal starten

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
Mfg, t'john
Das TB unterstützen

Alt 25.11.2012, 02:32   #2
zellerli
 
Ukash Bundespolizei Infektion - Logs anbei - Standard

Ukash Bundespolizei Infektion - Logs anbei


Das kam dabei raus:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 25.11.2012 02:13:57 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Zellerli\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,50 Gb Available Physical Memory | 81,31% Memory free
15,99 Gb Paging File | 14,30 Gb Available in Paging File | 89,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921,54 Gb Total Space | 136,33 Gb Free Space | 14,79% Space Free | Partition Type: NTFS
 
Computer Name: LAEMMERSPIEL | User Name: Zellerli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Zellerli\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\Zellerli\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\xamppDaten\xampp\mysql\bin\mysqld.exe (MySQL AB)
PRC - C:\xamppDaten\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
PRC - C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe ()
PRC - C:\Program Files (x86)\Razer\Diamondback 3G\razertra.exe ()
PRC - C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe (Razer Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Zellerli\AppData\Local\Temp\sfamcc00001.dll ()
MOD - C:\Users\Zellerli\AppData\Local\Temp\sfareca00001.dll ()
MOD - C:\Users\Zellerli\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe ()
MOD - C:\Program Files (x86)\Razer\Diamondback 3G\razertra.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (MySQL) -- C:\xamppDaten\xampp\mysql\bin\mysqld.exe (MySQL AB)
SRV - (Apache2.2) -- C:\xamppDaten\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (TDslMgrService) -- C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe (T-Systems Enterprise Services GmbH)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (DslMNLwf) -- C:\Windows\SysNative\drivers\dslmnlwf.sys (T-Systems Enterprise Services GmbH)
DRV:64bit: - (Razerlow) -- C:\Windows\SysNative\drivers\DB3G.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA 81 8B 16 AC 86 CD 01  [binary data]
IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\..\SearchScopes\{606ADCDA-32A4-4BC9-AB42-CEA943C2C9F0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=3993BC9E-58B3-43CA-8C8E-ED25C2215BBF&apn_sauid=9BF59E63-0C7C-41C0-8F22-F2870D58D302
IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.19 10:46:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.27 17:46:48 | 000,000,000 | ---D | M]
 
[2012.11.19 10:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zellerli\AppData\Roaming\mozilla\Extensions
[2012.11.19 10:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000..\Run: [Spotify Web Helper] C:\Users\Zellerli\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
O4 - Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E51035B1-B4D9-4B2B-A388-C30EB39FD8AC}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7295fb20-072b-11e2-873a-6cf0490d7c79}\Shell - "" = AutoRun
O33 - MountPoints2\{7295fb20-072b-11e2-873a-6cf0490d7c79}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.24 00:20:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.11.23 23:58:18 | 000,000,000 | ---D | C] -- C:\Users\Zellerli\AppData\Roaming\Malwarebytes
[2012.11.23 23:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.23 23:57:26 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.23 23:57:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.23 23:57:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.23 11:12:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Zellerli\Desktop\OTL.exe
[2012.11.19 10:46:44 | 000,000,000 | ---D | C] -- C:\Users\Zellerli\AppData\Roaming\Mozilla
[2012.11.16 03:38:05 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.11.16 03:38:05 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.11.16 03:33:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.16 03:30:49 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.16 03:30:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.16 03:30:48 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.16 03:30:48 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.16 03:30:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.16 03:30:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.16 03:30:48 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.16 03:30:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.16 03:30:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.16 03:30:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.16 03:30:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.16 03:30:47 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.16 03:30:46 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.16 03:30:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.16 03:30:46 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.16 03:27:15 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.11.16 03:27:14 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.11.16 03:27:14 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.11.16 03:27:14 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.11.15 09:19:47 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.11.15 09:19:47 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.11.15 09:19:47 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.11.15 09:19:43 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisRtl.dll
[2012.11.15 09:19:42 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisRtl.dll
[2012.11.15 09:19:42 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ahadmin.dll
[2012.11.15 09:19:42 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admwprox.dll
[2012.11.15 09:19:42 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admwprox.dll
[2012.11.15 09:19:42 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisreset.exe
[2012.11.15 09:19:42 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisreset.exe
[2012.11.15 09:19:41 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ahadmin.dll
[2012.11.15 09:19:41 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wamregps.dll
[2012.11.15 09:19:41 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisrstap.dll
[2012.11.15 09:19:41 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wamregps.dll
[2012.11.15 09:19:41 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisrstap.dll
[2012.11.15 09:19:39 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012.11.15 09:19:39 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.11.15 09:19:39 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012.11.15 09:19:39 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012.11.15 09:19:39 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012.11.15 09:19:39 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012.11.15 09:19:24 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.15 09:19:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012.10.27 19:50:23 | 000,000,000 | ---D | C] -- C:\Users\Zellerli\AppData\Roaming\xm1
[2012.10.27 19:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\OriginLab
[2012.10.27 19:40:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin86Sr0SetupFiles
[2012.10.27 19:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Texmaker
[2012.10.27 19:04:24 | 000,000,000 | ---D | C] -- C:\Users\Zellerli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker
[2012.10.27 19:04:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Texmaker
[2012.10.27 17:46:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010.06.04 10:31:59 | 001,663,664 | ---- | C] (Blizzard Entertainment) -- C:\Users\Zellerli\InstallWoW.exe
[1 C:\Users\Zellerli\AppData\Local\*.tmp files -> C:\Users\Zellerli\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.25 02:18:19 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.25 02:17:07 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.25 02:17:07 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.25 02:13:08 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.25 02:09:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.25 02:09:30 | 2143,936,511 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.23 10:56:40 | 000,543,531 | ---- | M] () -- C:\Users\Zellerli\Desktop\adwcleaner.exe
[2012.11.23 10:50:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zellerli\Desktop\OTL.exe
[2012.11.20 02:39:46 | 001,796,478 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.20 02:39:46 | 000,770,302 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.20 02:39:46 | 000,712,788 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.20 02:39:46 | 000,173,294 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.20 02:39:46 | 000,141,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.19 10:46:41 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.16 17:45:29 | 000,080,936 | ---- | M] () -- C:\Users\Zellerli\Documents\2012-03_Beschluss_sicherer_Berufseinstieg_zur_Veroeffentlichung-1.pdf
[2012.11.16 10:04:23 | 000,605,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.27 19:04:25 | 000,000,999 | ---- | M] () -- C:\Users\Zellerli\Desktop\Texmaker.lnk
[1 C:\Users\Zellerli\AppData\Local\*.tmp files -> C:\Users\Zellerli\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.24 10:19:29 | 000,543,531 | ---- | C] () -- C:\Users\Zellerli\Desktop\adwcleaner.exe
[2012.11.19 10:46:41 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.11.19 10:46:41 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.16 17:45:29 | 000,080,936 | ---- | C] () -- C:\Users\Zellerli\Documents\2012-03_Beschluss_sicherer_Berufseinstieg_zur_Veroeffentlichung-1.pdf
[2012.11.16 03:38:09 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.16 03:27:14 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.10.27 19:04:25 | 000,000,999 | ---- | C] () -- C:\Users\Zellerli\Desktop\Texmaker.lnk
[2012.05.12 16:30:50 | 000,001,984 | ---- | C] () -- C:\Users\Zellerli\.recently-used.xbel
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.06.03 16:03:24 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.04.01 04:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011.04.01 04:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.04.01 04:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011.03.07 23:51:00 | 000,042,615 | ---- | C] () -- C:\Users\Zellerli\dox-rs16_zurCore.rar
[2011.03.07 23:50:41 | 000,176,962 | ---- | C] () -- C:\Users\Zellerli\Ravenshield_core_160.rar
[2011.03.07 23:49:57 | 000,042,615 | ---- | C] () -- C:\Users\Zellerli\dox-rs16.rar
[2011.03.07 23:45:24 | 000,640,707 | ---- | C] () -- C:\Users\Zellerli\jmt-MiniRS3.rar
[2011.03.07 23:44:16 | 000,454,809 | ---- | C] () -- C:\Users\Zellerli\RS-mi_SuperK.rar
[2010.12.06 00:22:02 | 000,007,608 | ---- | C] () -- C:\Users\Zellerli\AppData\Local\Resmon.ResmonCfg
[2010.10.18 14:15:29 | 000,000,035 | ---- | C] () -- C:\Users\Zellerli\AppData\Roaming\Opusbext.dat
[2010.10.06 23:52:54 | 003,121,971 | ---- | C] () -- C:\Users\Zellerli\17_gesamt_003_087_klein.pdf
[2010.07.24 16:14:08 | 000,001,155 | ---- | C] () -- C:\Users\Zellerli\AppData\Roaming\SAS7_000.DAT
[2010.05.13 18:28:32 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.26 21:41:51 | 001,024,270 | ---- | C] () -- C:\Users\Zellerli\strahlungsfelder_11.pdf
[2010.04.19 19:18:55 | 002,699,555 | ---- | C] () -- C:\Users\Zellerli\theo-vorbereitung.zip
[2010.04.15 23:12:24 | 203,279,596 | ---- | C] () -- C:\Users\Zellerli\Queen.rar
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.03.11 21:42:23 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\.minecraft
[2011.04.25 20:27:51 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Ahnenblatt
[2012.10.20 00:52:56 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Audacity
[2012.07.21 12:58:34 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\calibre
[2010.11.06 20:15:38 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\DAEMON Tools Lite
[2010.05.19 19:56:31 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\DeepBurner
[2012.10.24 09:51:01 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Dropbox
[2011.04.28 09:54:34 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\FileZilla
[2011.01.14 14:15:14 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Foxit Software
[2012.05.12 16:30:50 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\gtk-2.0
[2012.02.27 00:05:27 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\inkscape
[2012.03.21 20:25:57 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Itwye
[2011.03.22 18:33:19 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\JonDo
[2011.05.21 23:08:48 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Leadertech
[2010.09.01 21:23:30 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\LolClient
[2012.06.17 12:53:49 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\LolClient2
[2011.08.17 23:27:22 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Mael
[2010.10.02 16:08:59 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Miranda
[2011.11.12 12:47:44 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Red Alert 3
[2011.12.10 11:43:43 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\SmartTools
[2012.09.15 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Spotify
[2012.11.22 14:39:14 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\StarOffice8
[2011.03.07 23:39:00 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\StatSoft
[2010.12.22 17:07:28 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Stellarium
[2011.07.26 11:44:23 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Texas Instruments
[2011.07.26 11:32:49 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\TI-Nspire
[2012.01.23 12:00:01 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Ubisoft
[2011.09.29 16:59:30 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\uTorrent
[2011.08.29 22:55:05 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\wargaming.net
[2012.10.27 19:50:23 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\xm1
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---
__________________
Antwort

Themen zu Ukash Bundespolizei Infektion - Logs anbei
7-zip, adobe reader xi, antivir, autorun, avira, bho, computer, education, error, excel, fehler, flash player, helper, iexplore.exe, install.exe, jdownloader, league of legends, logfile, object, pando media booster, plug-in, poweriso, realtek, registry, rundll, scan, security, server, software, spotify web helper, storm, svchost.exe, teamspeak, trojaner, usb 3.0, virtualbox, visual studio, wgsdgsdgdsgsd.exe, windows


« Startseite durch vlc.de gehackt | GVU - Bundestrojaner »


Ähnliche Themen: Ukash Bundespolizei Infektion - Logs anbei


  1. Bundespolizei-Trojaner. Win xp 32. OTL-Logs
    Log-Analyse und Auswertung - 08.02.2014 (6)
  2. Tagelang ohne Firewall - Logs anbei
    Log-Analyse und Auswertung - 04.09.2013 (11)
  3. Computerverhalten; verdacht auf ZBot (Logs anbei)
    Log-Analyse und Auswertung - 13.12.2012 (25)
  4. Bundespolizeitrojaner entdeckt - Logs anbei
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (6)
  5. "Live Security Platinum" vollständig entfernt? Logs anbei.
    Log-Analyse und Auswertung - 03.08.2012 (33)
  6. erbitte Hilfe: Bundespolizei Trojaner -0.9930813233754422.exe (Exploit.Drop.UR.2)-LOGFILES anbei
    Plagegeister aller Art und deren Bekämpfung - 02.08.2012 (7)
  7. Infektion von XP-Rechner Ende Juli 2012, mit neuem GVU-Bundespolizei Ukash & Paysafe & Webcam
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (1)
  8. Laptop (Vista) versendet Spam - Logs anbei
    Log-Analyse und Auswertung - 29.07.2012 (12)
  9. Bundespolizei-Trojaner, OTL-Logs angehängt
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (5)
  10. http://searchqu.com/410 als Startseite – gut oder bösartig? Logs anbei.
    Log-Analyse und Auswertung - 15.07.2012 (11)
  11. Virus Bundespolizei eingefangen, OTL und Malware Scan anbei
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (2)
  12. ANTIVIR meldet tr/sirefef.gc.1 und ATRAPS Gen2 - Was kann ich tun? Anbei Logs
    Log-Analyse und Auswertung - 13.06.2012 (1)
  13. Analyse der OTL-Logs. Befürchtung einer Infektion.
    Log-Analyse und Auswertung - 22.01.2012 (39)
  14. Bundespolizei/ukash-Trojaner entfernt, mag jemand die Logs prüfen?
    Log-Analyse und Auswertung - 05.09.2011 (23)
  15. Trojaner Katusha kann nicht gelöscht werden: Logs der Entfernungsversuche sind anbei
    Plagegeister aller Art und deren Bekämpfung - 14.06.2011 (14)
  16. Alle Programme starten sehr langsam - Logs anbei
    Log-Analyse und Auswertung - 19.12.2010 (6)
  17. verdacht auf infektion, office fehler +logs
    Log-Analyse und Auswertung - 14.11.2008 (9)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Ukash Bundespolizei Infektion - Logs anbei - Gut, Rechner normal starten Systemscan mit OTL ( bebilderte Anleitung ) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick - Ukash Bundespolizei Infektion - Logs anbei...
Archiv
Du betrachtest: Ukash Bundespolizei Infektion - Logs anbei auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132