| |
| |||||||
Log-Analyse und Auswertung: Cyber Criminal Investigation Department Virus/TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
01.08.2012, 22:37
| #1 |
 |  Cyber Criminal Investigation Department Virus/Trojaner Ich habe einen Trojaner auf meinem PC einen "Polizei"-Virus da steht ich muss 100€ bezahlen. Ich WEIß, dass es ein Virus/Trojaner ist, aber ich habe im Internet sonst nichts gefunden und hoffe, dass ihr mir weiterhelfen könnt. Dieses OTLPE-Dings habe ich schon gedownloadet und imgburn ebenso, auf CD gebrannt habe ich es auch schon. OTLPE is bei mir auf englisch (nur, dass ihr es wisst  ) und wenn ich auf "Run Scan" drücke bekomme ich am Ende nur OTL.txt aber kein Extras.txt (inzwischen weiß schon, dass das dabei rauskommen sollte^^)OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.08.2012 23:29:21 - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = E:\Programs\OTLPE
(Version = .) - Type =
Internet Explorer (Version = )
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 31,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 195,31 Gb Total Space | 14,98 Gb Free Space | 7,67% Space Free | Partition Type: NTFS
Drive D: | 78,13 Gb Total Space | 18,29 Gb Free Space | 23,41% Space Free | Partition Type: NTFS
Drive E: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: PX1-L | User Name: Momo
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - (ACDaemon) -- File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- D:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- D:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Akamai) -- D:\program files\common files\akamai/netsession_win_4f7fccd.dll ()
SRV - (SkypeUpdate) -- D:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Steam Client Service) -- D:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WatAdminSvc) -- D:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (TunngleService) -- D:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (AMD External Events Utility) -- D:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AMD FUEL Service) -- D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (HauppaugeTVServer) -- D:\Programme\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works)
SRV - (WSWNDA3100) -- D:\Programme\NETGEAR\WNDA3100v2\WifiSvc.exe ()
SRV - (McComponentHostService) -- D:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (StorSvc) -- D:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- D:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- D:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- D:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (XDva397) -- File not found
DRV - (XDva393) -- File not found
DRV - (PsSdk41) -- D:\Windows\System32\drivers\pssdk41.sys (microOLAP Technologies LTD)
DRV - (dtsoftbus01) -- D:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (SCDEmu) -- D:\Windows\System32\drivers\scdemu.sys (Power Software Ltd)
DRV - (amdkmdag) -- D:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- D:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AODDriver4.01) -- D:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys (Advanced Micro Devices)
DRV - (AtiHDAudioService) -- D:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (BCMH43XX) -- D:\Windows\System32\drivers\bcmwlhigh6.sys (Broadcom Corporation)
DRV - (hcwD1encoder) -- D:\Windows\System32\drivers\hcwD1xcd.sys (ViXS Systems Inc.)
DRV - (hcwD1capture) -- D:\Windows\System32\drivers\hcwD1cap.sys (Hauppauge Computer Works, Inc.)
DRV - (TsUsbFlt) -- D:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- D:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (dmvsc) -- D:\Windows\system32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- D:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUsb) -- D:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- D:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- D:\Windows\system32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (VMBusHID) -- D:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- D:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (amdiox86) -- D:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (RTL8187B) -- D:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc. )
DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- D:\Windows\System32\drivers\tap0901t.sys (Tunngle.net)
DRV - (msloop) -- D:\Windows\System32\drivers\loop.sys (Microsoft Corporation)
DRV - (MRV6X32P) -- D:\Windows\System32\drivers\MRVW13B.sys (Marvell Semiconductor, Inc)
DRV - (SCMNdisP) -- D:\Windows\System32\drivers\SCMNdisP.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (Afc) -- D:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (MTsensor) -- D:\Windows\System32\drivers\ASACPI.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 83 BA 73 A0 1E 70 CD 01 [binary data]
IE - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: D:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: D:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: D:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: D:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: D:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.10 16:56:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.07.18 20:50:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.03.19 00:51:01 | 000,000,000 | ---D | M]
[2012.03.14 20:32:52 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Momo\AppData\Roaming\mozilla\Extensions
[2012.05.04 19:00:21 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Momo\AppData\Roaming\mozilla\Firefox\Profiles\k47lth6o.default\extensions
[2012.04.27 19:10:11 | 000,000,000 | ---D | M] (No name found) -- D:\Programme\Mozilla Firefox\extensions
File not found (No name found) --
[2012.07.18 20:50:55 | 000,136,672 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.19 00:50:44 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.21 23:16:12 | 000,001,392 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.02 21:37:07 | 000,002,356 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.06.21 23:16:12 | 000,002,252 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.21 23:16:12 | 000,001,153 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.21 23:16:12 | 000,006,805 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.21 23:16:12 | 000,001,178 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.21 23:16:12 | 000,001,105 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - D:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Codecv Class) - {38081DC2-75B3-44E8-869C-2717E0B55605} - D:\ProgramData\Codecv\bhoclass.dll ()
O2 - BHO: (Bcool Class) - {607E944A-37F4-423B-ADBD-06359F098D07} - D:\ProgramData\Bcool\bhoclass.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - D:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - D:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - D:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - D:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Chew7Hale] D:\Windows\System32\hale.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [Windows Audio Device Graph Isolation] D:\Users\Leonhard\AppData\Roaming\Microsoft\Windows\Templates\audiodh.exe (Microsoft® Windows® Operating System)
O4 - HKLM..\Run: [Windows-Audio Driver] D:\ProgramData\wscntfy.exe (Test3)
O4 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002..\Run: [Adobe(R) Updater] D:\Users\Momo\AppData\Roaming\Microsoft\Windows\Drivers\Drivers.exe (Microsoft Corp.)
O4 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002..\Run: [Cracked Steam Service] File not found
O4 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002..\Run: [Java(TM)Runtime] D:\Users\Momo\AppData\Roaming\Microsoft\Windows\Java\Runtime.exe (Microsoft Corp.)
O4 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002..\Run: [Windows Audio Device Graph Isolation] D:\Users\Momo\AppData\Roaming\Microsoft\Windows\Templates\audiodh.exe (Microsoft® Windows® Operating System)
O4 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002..\Run: [Windows-Audio Driver] D:\Users\Momo\AppData\Local\wscntfy.exe (Test3)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Windows-Network Component = D:\Program Files\Common Files\lsmass.exe (Test3)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Search the Web - D:\Programme\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 195.34.133.21 212.186.211.21
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\Users\Leonhard\AppData\Roaming\Microsoft\Windows\Drivers\Drivers.exe) - D:\Users\Leonhard\AppData\Roaming\Microsoft\Windows\Drivers\Drivers.exe (Microsoft Corp.)
O20 - HKLM Winlogon: UserInit - (D:\Users\Leonhard\AppData\Roaming\Microsoft\Windows\Java\Runtime.exe) - D:\Users\Leonhard\AppData\Roaming\Microsoft\Windows\Java\Runtime.exe (Microsoft Corp.)
O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.01.25 22:04:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.03.24 13:06:41 | 000,000,053 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1dfddf10-6a31-11e1-8cbd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1dfddf10-6a31-11e1-8cbd-806e6f6e6963}\Shell\AutoRun\command - "" = E:\reatogoMenu.exe -- [2005.07.16 23:36:50 | 000,240,128 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012.08.01 23:21:22 | 000,000,000 | ---D | C] -- D:\Users\Momo\AppData\Roaming\uTorrent
[2012.08.01 22:07:17 | 000,000,000 | ---D | C] -- D:\OTLPE
[2012.08.01 21:49:36 | 000,000,000 | ---D | C] -- D:\_OTL
[2012.08.01 21:27:32 | 127,231,689 | ---- | C] (Igor Pavlov) -- D:\Users\Momo\Desktop\OTLPENet - Kopie.exe
[2012.08.01 20:36:32 | 127,231,689 | ---- | C] (Igor Pavlov) -- D:\Users\Momo\Desktop\OTLPENet.exe
[2012.08.01 20:31:59 | 000,000,000 | ---D | C] -- D:\Users\Momo\AppData\Roaming\Runscanner.net
[2012.08.01 18:15:31 | 000,000,000 | ---D | C] -- D:\Users\Momo\AppData\Roaming\LSoft Technologies
[2012.08.01 18:15:31 | 000,000,000 | ---D | C] -- D:\Users\Momo\AppData\Roaming\InstallShield Installation Information
[2012.08.01 18:15:31 | 000,000,000 | ---D | C] -- D:\Users\Momo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2012.08.01 18:01:25 | 000,000,000 | ---D | C] -- D:\Users\Momo\AppData\Roaming\dclogs
[2012.07.27 21:49:00 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoipBuster
[2012.07.27 21:48:59 | 000,000,000 | ---D | C] -- D:\Program Files\VoipBuster.com
[2012.07.22 21:28:33 | 000,000,000 | ---D | C] -- D:\Program Files\LOLReplay
[2012.07.18 23:50:35 | 000,036,928 | ---- | C] (microOLAP Technologies LTD) -- D:\Windows\System32\drivers\pssdk41.sys
[2012.07.18 23:49:40 | 000,000,000 | ---D | C] -- D:\Program Files\XLink Kai
[2012.07.18 23:48:19 | 000,096,784 | ---- | C] (CACE Technologies, Inc.) -- D:\Windows\System32\_packet.dlluninstall
[2012.07.14 00:47:26 | 002,382,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtml.tlb
[2012.07.14 00:47:25 | 001,800,192 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2012.07.14 00:47:25 | 000,716,800 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll
[2012.07.14 00:47:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2012.07.14 00:47:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieUnatt.exe
[2012.07.14 00:47:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jsproxy.dll
[2012.07.14 00:47:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
[2012.07.14 00:47:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2012.07.14 00:43:52 | 002,345,984 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\win32k.sys
[2012.07.14 00:42:58 | 000,219,136 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ncrypt.dll
[2012.07.14 00:42:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msxml3r.dll
[2012.07.14 00:42:54 | 000,805,376 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\cdosys.dll
[2012.07.05 20:45:09 | 000,293,376 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\browserchoice.exe
[2012.05.28 14:12:17 | 000,069,632 | -H-- | C] (Test3) -- D:\Users\Momo\AppData\Local\wscntfy.exe
[2012.05.28 14:12:17 | 000,069,632 | -H-- | C] (Test3) -- D:\Users\Momo\AppData\Roaming\lsmass.exe
[2012.05.28 14:12:08 | 054,697,478 | ---- | C] (minecraftinstall.net ) -- D:\Users\Momo\AppData\Roaming\Minecraft_Cracked_v1.2.5.exe
[2012.05.26 15:04:01 | 000,069,632 | -H-- | C] (Test3) -- D:\ProgramData\wscntfy.exe
[2012.05.26 15:04:01 | 000,069,632 | -H-- | C] (Test3) -- D:\Program Files\Common Files\lsmass.exe
[2 D:\Windows\System32\*.tmp files -> D:\Windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.08.01 23:31:02 | 004,503,728 | ---- | M] () -- D:\ProgramData\ras_0oed.pad
[2012.08.01 23:30:47 | 404,927,778 | ---- | M] () -- D:\Windows\System32\cwlog.dtl
[2012.08.01 23:18:09 | 000,001,102 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.01 23:18:09 | 000,001,098 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.01 23:18:05 | 000,020,864 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.01 23:18:02 | 000,020,864 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.01 23:12:02 | 000,000,884 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.01 22:10:25 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012.08.01 22:10:20 | 2515,148,800 | -HS- | M] () -- D:\hiberfil.sys
[2012.08.01 20:12:49 | 127,231,689 | ---- | M] (Igor Pavlov) -- D:\Users\Momo\Desktop\OTLPENet.exe
[2012.08.01 20:12:49 | 127,231,689 | ---- | M] (Igor Pavlov) -- D:\Users\Momo\Desktop\OTLPENet - Kopie.exe
[2012.07.27 21:49:00 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoipBuster
[2012.07.27 18:12:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\System32\FlashPlayerApp.exe
[2012.07.27 18:12:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.22 21:28:33 | 000,001,863 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk
[2012.07.22 21:28:33 | 000,001,851 | ---- | M] () -- D:\Users\Public\Desktop\LOL Recorder.lnk
[2012.07.22 21:11:34 | 000,069,632 | -H-- | M] (Test3) -- D:\Users\Momo\AppData\Local\wscntfy.exe
[2012.07.22 21:11:34 | 000,069,632 | -H-- | M] (Test3) -- D:\ProgramData\wscntfy.exe
[2012.07.22 21:11:34 | 000,069,632 | -H-- | M] (Test3) -- D:\Users\Momo\AppData\Roaming\lsmass.exe
[2012.07.22 21:11:34 | 000,069,632 | -H-- | M] (Test3) -- D:\Program Files\Common Files\lsmass.exe
[2012.07.18 23:50:35 | 000,036,928 | ---- | M] (microOLAP Technologies LTD) -- D:\Windows\System32\drivers\pssdk41.sys
[2012.07.18 23:17:11 | 000,696,620 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2012.07.18 23:17:11 | 000,651,938 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012.07.18 23:17:11 | 000,147,916 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2012.07.18 23:17:11 | 000,120,870 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012.07.14 22:33:39 | 002,195,552 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2012.07.14 01:14:49 | 000,002,290 | ---- | M] () -- D:\Users\Public\Desktop\Google Chrome.lnk
[2 D:\Windows\System32\*.tmp files -> D:\Windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.08.01 17:38:33 | 004,503,728 | ---- | C] () -- D:\ProgramData\ras_0oed.pad
[2012.07.22 21:28:33 | 000,001,863 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk
[2012.07.22 21:28:33 | 000,001,851 | ---- | C] () -- D:\Users\Public\Desktop\LOL Recorder.lnk
[2012.06.19 18:30:31 | 000,000,193 | ---- | C] () -- D:\Windows\WORDPAD.INI
[2012.03.21 23:28:33 | 001,590,912 | ---- | C] () -- D:\Windows\DarkSteam Uninstaller.exe
[2012.03.11 01:34:29 | 002,169,856 | -HS- | C] () -- D:\Windows\System32\hale.exe
[2012.03.10 00:24:14 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin
[2012.03.10 00:20:56 | 000,003,929 | ---- | C] () -- D:\Windows\System32\atipblag.dat
[2012.03.10 00:14:07 | 000,000,209 | ---- | C] () -- D:\Windows\ODBCINST.INI
[2012.03.10 00:14:07 | 000,000,135 | ---- | C] () -- D:\Windows\ODBC.INI
[2012.03.10 00:13:23 | 000,000,265 | ---- | C] () -- D:\Windows\HCWBlast.ini
[2012.03.10 00:12:53 | 000,037,639 | ---- | C] () -- D:\Windows\Irremote.ini
[2012.03.10 00:12:45 | 000,142,337 | ---- | C] () -- D:\Windows\System32\Wait.exe
[2012.03.10 00:11:41 | 000,002,378 | ---- | C] () -- D:\Windows\HCWPNP.INI
[2012.01.23 16:43:06 | 004,130,816 | ---- | C] () -- D:\Windows\System32\LS3Renderer.dll
[2011.07.28 18:49:12 | 000,053,760 | ---- | C] () -- D:\Windows\System32\OVDecode.dll
[2011.06.27 20:53:02 | 000,234,855 | ---- | C] () -- D:\Windows\System32\atiicdxx.dat
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- D:\Windows\System32\RtNicProp32.dll
[2010.11.21 02:46:14 | 000,696,620 | ---- | C] () -- D:\Windows\System32\perfh007.dat
[2010.11.21 02:46:14 | 000,295,922 | ---- | C] () -- D:\Windows\System32\perfi007.dat
[2010.11.21 02:46:14 | 000,147,916 | ---- | C] () -- D:\Windows\System32\perfc007.dat
[2010.11.21 02:46:14 | 000,038,104 | ---- | C] () -- D:\Windows\System32\perfd007.dat
[2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 002,195,552 | ---- | C] () -- D:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,651,938 | ---- | C] () -- D:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- D:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,120,870 | ---- | C] () -- D:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- D:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- D:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- D:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll
[2009.07.14 01:41:47 | 000,001,536 | ---- | C] () -- D:\Windows\System32\winver.exe
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\System32\mlang.dat
[2004.08.13 10:56:20 | 000,005,810 | ---- | C] () -- D:\Windows\System32\drivers\ASACPI.sys
========== LOP Check ==========
[2012.03.22 12:37:34 | 000,000,000 | ---D | M] -- D:\Users\Momo\AppData\Roaming\DAEMON Tools Lite
[2012.08.01 18:02:04 | 000,000,000 | ---D | M] -- D:\Users\Momo\AppData\Roaming\dclogs
[2012.03.17 20:01:33 | 000,000,000 | ---D | M] -- D:\Users\Momo\AppData\Roaming\LolClient
[2012.08.01 18:15:31 | 000,000,000 | ---D | M] -- D:\Users\Momo\AppData\Roaming\LSoft Technologies
[2012.08.01 20:31:59 | 000,000,000 | ---D | M] -- D:\Users\Momo\AppData\Roaming\Runscanner.net
[2012.08.01 23:29:39 | 000,000,000 | ---D | M] -- D:\Users\Momo\AppData\Roaming\uTorrent
[2012.03.10 00:21:30 | 000,000,000 | ---D | M] -- D:\ProgramData\AMD
[2012.03.09 23:55:45 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2012.03.17 01:09:43 | 000,000,000 | ---D | M] -- D:\ProgramData\Astroburn Lite
[2012.03.16 17:52:25 | 000,000,000 | ---D | M] -- D:\ProgramData\Babylon
[2012.06.09 17:16:13 | 000,000,000 | ---D | M] -- D:\ProgramData\Bcool
[2012.06.09 17:16:13 | 000,000,000 | ---D | M] -- D:\ProgramData\Codecv
[2012.03.14 17:01:55 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Lite
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2012.03.09 23:55:45 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2012.03.09 23:55:45 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2012.06.02 21:28:40 | 000,000,000 | ---D | M] -- D:\ProgramData\InstallMate
[2012.08.01 17:37:12 | 000,000,000 | ---D | M] -- D:\ProgramData\PMB Files
[2012.04.04 00:51:47 | 000,000,000 | ---D | M] -- D:\ProgramData\Premium
[2012.03.10 16:25:30 | 000,000,000 | ---D | M] -- D:\ProgramData\RedGiant
[2012.03.10 15:31:38 | 000,000,000 | ---D | M] -- D:\ProgramData\Sony
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2012.03.09 23:55:45 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2012.04.04 00:51:34 | 000,000,000 | ---D | M] -- D:\ProgramData\SweetIM
[2012.05.21 21:29:31 | 000,000,000 | ---D | M] -- D:\ProgramData\SYSTEMAX Software Development
[2012.03.10 22:24:05 | 000,000,000 | ---D | M] -- D:\ProgramData\TechSmith
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2012.03.20 21:52:39 | 000,000,000 | ---D | M] -- D:\ProgramData\TuneUpMedia
[2012.05.20 17:17:25 | 000,000,000 | ---D | M] -- D:\ProgramData\Tunngle
[2012.03.09 23:55:45 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2012.03.19 00:53:03 | 000,000,000 | ---D | M] -- D:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012.06.25 21:50:12 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Vielen Dank schonmal im Vorraus MfG ServerCrash Geändert von ServerCrash (01.08.2012 um 22:44 Uhr) |
| Themen zu Cyber Criminal Investigation Department Virus/Trojaner |
| anhang, babylon toolbar, babylontoolbar, codecv, cyber, department, drücke, englisch, extras.txt, gefunde, hoffe, hänge, investigation, langs, otl.txt, plug-in, polizei, poweriso, scan, schonmal, search the web, sweetim, sweetpacks, troja, trojaner, virus/trojaner, weiterhelfen, wisst, zwischen |
Baum-Darstellung