Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Cyber Criminal Investigation Department Virus/Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 01.08.2012, 23:37   #1
ServerCrash
 
Cyber Criminal Investigation Department Virus/Trojaner - Standard

Cyber Criminal Investigation Department Virus/Trojaner



Ich habe einen Trojaner auf meinem PC einen "Polizei"-Virus da steht ich muss 100€ bezahlen.

Ich WEIß, dass es ein Virus/Trojaner ist, aber ich habe im Internet sonst nichts gefunden und hoffe, dass ihr mir weiterhelfen könnt.

Dieses OTLPE-Dings habe ich schon gedownloadet und imgburn ebenso, auf CD gebrannt habe ich es auch schon.

OTLPE is bei mir auf englisch (nur, dass ihr es wisst ) und wenn ich auf "Run Scan" drücke bekomme ich am Ende nur OTL.txt aber kein Extras.txt (inzwischen weiß schon, dass das dabei rauskommen sollte^^)

OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.08.2012 23:29:21 - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = E:\Programs\OTLPE
  (Version = .) - Type = 
Internet Explorer (Version = )
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 31,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 195,31 Gb Total Space | 14,98 Gb Free Space | 7,67% Space Free | Partition Type: NTFS
Drive D: | 78,13 Gb Total Space | 18,29 Gb Free Space | 23,41% Space Free | Partition Type: NTFS
Drive E: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PX1-L | User Name: Momo
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - (ACDaemon) --  File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- D:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- D:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Akamai) -- D:\program files\common files\akamai/netsession_win_4f7fccd.dll ()
SRV - (SkypeUpdate) -- D:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Steam Client Service) -- D:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WatAdminSvc) -- D:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (TunngleService) -- D:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (AMD External Events Utility) -- D:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AMD FUEL Service) -- D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (HauppaugeTVServer) -- D:\Programme\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works)
SRV - (WSWNDA3100) -- D:\Programme\NETGEAR\WNDA3100v2\WifiSvc.exe ()
SRV - (McComponentHostService) -- D:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (StorSvc) -- D:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- D:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- D:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- D:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva397) --  File not found
DRV - (XDva393) --  File not found
DRV - (PsSdk41) -- D:\Windows\System32\drivers\pssdk41.sys (microOLAP Technologies LTD)
DRV - (dtsoftbus01) -- D:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (SCDEmu) -- D:\Windows\System32\drivers\scdemu.sys (Power Software Ltd)
DRV - (amdkmdag) -- D:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- D:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AODDriver4.01) -- D:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys (Advanced Micro Devices)
DRV - (AtiHDAudioService) -- D:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (BCMH43XX) -- D:\Windows\System32\drivers\bcmwlhigh6.sys (Broadcom Corporation)
DRV - (hcwD1encoder) -- D:\Windows\System32\drivers\hcwD1xcd.sys (ViXS Systems Inc.)
DRV - (hcwD1capture) -- D:\Windows\System32\drivers\hcwD1cap.sys (Hauppauge Computer Works, Inc.)
DRV - (TsUsbFlt) -- D:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- D:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (dmvsc) -- D:\Windows\system32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- D:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUsb) -- D:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- D:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- D:\Windows\system32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (VMBusHID) -- D:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- D:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (amdiox86) -- D:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (RTL8187B) -- D:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc.                           )
DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- D:\Windows\System32\drivers\tap0901t.sys (Tunngle.net)
DRV - (msloop) -- D:\Windows\System32\drivers\loop.sys (Microsoft Corporation)
DRV - (MRV6X32P) -- D:\Windows\System32\drivers\MRVW13B.sys (Marvell Semiconductor, Inc)
DRV - (SCMNdisP) -- D:\Windows\System32\drivers\SCMNdisP.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (Afc) -- D:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (MTsensor) -- D:\Windows\System32\drivers\ASACPI.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
 
IE - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 83 BA 73 A0 1E 70 CD 01  [binary data]
IE - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: D:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: D:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: D:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: D:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: D:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.10 16:56:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.07.18 20:50:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.03.19 00:51:01 | 000,000,000 | ---D | M]
 
[2012.03.14 20:32:52 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Momo\AppData\Roaming\mozilla\Extensions
[2012.05.04 19:00:21 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Momo\AppData\Roaming\mozilla\Firefox\Profiles\k47lth6o.default\extensions
[2012.04.27 19:10:11 | 000,000,000 | ---D | M] (No name found) -- D:\Programme\Mozilla Firefox\extensions
File not found (No name found) -- 
[2012.07.18 20:50:55 | 000,136,672 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.19 00:50:44 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.21 23:16:12 | 000,001,392 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.02 21:37:07 | 000,002,356 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.06.21 23:16:12 | 000,002,252 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.21 23:16:12 | 000,001,153 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.21 23:16:12 | 000,006,805 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.21 23:16:12 | 000,001,178 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.21 23:16:12 | 000,001,105 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - D:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Codecv Class) - {38081DC2-75B3-44E8-869C-2717E0B55605} - D:\ProgramData\Codecv\bhoclass.dll ()
O2 - BHO: (Bcool Class) - {607E944A-37F4-423B-ADBD-06359F098D07} - D:\ProgramData\Bcool\bhoclass.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - D:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - D:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - D:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - D:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Chew7Hale] D:\Windows\System32\hale.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [Windows Audio Device Graph Isolation] D:\Users\Leonhard\AppData\Roaming\Microsoft\Windows\Templates\audiodh.exe (Microsoft® Windows® Operating System)
O4 - HKLM..\Run: [Windows-Audio Driver] D:\ProgramData\wscntfy.exe (Test3)
O4 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002..\Run: [Adobe(R) Updater] D:\Users\Momo\AppData\Roaming\Microsoft\Windows\Drivers\Drivers.exe (Microsoft Corp.)
O4 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002..\Run: [Cracked Steam Service]  File not found
O4 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002..\Run: [Java(TM)Runtime] D:\Users\Momo\AppData\Roaming\Microsoft\Windows\Java\Runtime.exe (Microsoft Corp.)
O4 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002..\Run: [Windows Audio Device Graph Isolation] D:\Users\Momo\AppData\Roaming\Microsoft\Windows\Templates\audiodh.exe (Microsoft® Windows® Operating System)
O4 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002..\Run: [Windows-Audio Driver] D:\Users\Momo\AppData\Local\wscntfy.exe (Test3)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Windows-Network Component = D:\Program Files\Common Files\lsmass.exe (Test3)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Search the Web - D:\Programme\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 195.34.133.21 212.186.211.21
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\Users\Leonhard\AppData\Roaming\Microsoft\Windows\Drivers\Drivers.exe) - D:\Users\Leonhard\AppData\Roaming\Microsoft\Windows\Drivers\Drivers.exe (Microsoft Corp.)
O20 - HKLM Winlogon: UserInit - (D:\Users\Leonhard\AppData\Roaming\Microsoft\Windows\Java\Runtime.exe) - D:\Users\Leonhard\AppData\Roaming\Microsoft\Windows\Java\Runtime.exe (Microsoft Corp.)
O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) -  File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.01.25 22:04:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.03.24 13:06:41 | 000,000,053 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1dfddf10-6a31-11e1-8cbd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1dfddf10-6a31-11e1-8cbd-806e6f6e6963}\Shell\AutoRun\command - "" = E:\reatogoMenu.exe -- [2005.07.16 23:36:50 | 000,240,128 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.01 23:21:22 | 000,000,000 | ---D | C] -- D:\Users\Momo\AppData\Roaming\uTorrent
[2012.08.01 22:07:17 | 000,000,000 | ---D | C] -- D:\OTLPE
[2012.08.01 21:49:36 | 000,000,000 | ---D | C] -- D:\_OTL
[2012.08.01 21:27:32 | 127,231,689 | ---- | C] (Igor Pavlov) -- D:\Users\Momo\Desktop\OTLPENet - Kopie.exe
[2012.08.01 20:36:32 | 127,231,689 | ---- | C] (Igor Pavlov) -- D:\Users\Momo\Desktop\OTLPENet.exe
[2012.08.01 20:31:59 | 000,000,000 | ---D | C] -- D:\Users\Momo\AppData\Roaming\Runscanner.net
[2012.08.01 18:15:31 | 000,000,000 | ---D | C] -- D:\Users\Momo\AppData\Roaming\LSoft Technologies
[2012.08.01 18:15:31 | 000,000,000 | ---D | C] -- D:\Users\Momo\AppData\Roaming\InstallShield Installation Information
[2012.08.01 18:15:31 | 000,000,000 | ---D | C] -- D:\Users\Momo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2012.08.01 18:01:25 | 000,000,000 | ---D | C] -- D:\Users\Momo\AppData\Roaming\dclogs
[2012.07.27 21:49:00 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoipBuster
[2012.07.27 21:48:59 | 000,000,000 | ---D | C] -- D:\Program Files\VoipBuster.com
[2012.07.22 21:28:33 | 000,000,000 | ---D | C] -- D:\Program Files\LOLReplay
[2012.07.18 23:50:35 | 000,036,928 | ---- | C] (microOLAP Technologies LTD) -- D:\Windows\System32\drivers\pssdk41.sys
[2012.07.18 23:49:40 | 000,000,000 | ---D | C] -- D:\Program Files\XLink Kai
[2012.07.18 23:48:19 | 000,096,784 | ---- | C] (CACE Technologies, Inc.) -- D:\Windows\System32\_packet.dlluninstall
[2012.07.14 00:47:26 | 002,382,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtml.tlb
[2012.07.14 00:47:25 | 001,800,192 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2012.07.14 00:47:25 | 000,716,800 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll
[2012.07.14 00:47:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2012.07.14 00:47:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieUnatt.exe
[2012.07.14 00:47:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jsproxy.dll
[2012.07.14 00:47:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
[2012.07.14 00:47:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2012.07.14 00:43:52 | 002,345,984 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\win32k.sys
[2012.07.14 00:42:58 | 000,219,136 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ncrypt.dll
[2012.07.14 00:42:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msxml3r.dll
[2012.07.14 00:42:54 | 000,805,376 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\cdosys.dll
[2012.07.05 20:45:09 | 000,293,376 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\browserchoice.exe
[2012.05.28 14:12:17 | 000,069,632 | -H-- | C] (Test3) -- D:\Users\Momo\AppData\Local\wscntfy.exe
[2012.05.28 14:12:17 | 000,069,632 | -H-- | C] (Test3) -- D:\Users\Momo\AppData\Roaming\lsmass.exe
[2012.05.28 14:12:08 | 054,697,478 | ---- | C] (minecraftinstall.net                                        ) -- D:\Users\Momo\AppData\Roaming\Minecraft_Cracked_v1.2.5.exe
[2012.05.26 15:04:01 | 000,069,632 | -H-- | C] (Test3) -- D:\ProgramData\wscntfy.exe
[2012.05.26 15:04:01 | 000,069,632 | -H-- | C] (Test3) -- D:\Program Files\Common Files\lsmass.exe
[2 D:\Windows\System32\*.tmp files -> D:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.01 23:31:02 | 004,503,728 | ---- | M] () -- D:\ProgramData\ras_0oed.pad
[2012.08.01 23:30:47 | 404,927,778 | ---- | M] () -- D:\Windows\System32\cwlog.dtl
[2012.08.01 23:18:09 | 000,001,102 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.01 23:18:09 | 000,001,098 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.01 23:18:05 | 000,020,864 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.01 23:18:02 | 000,020,864 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.01 23:12:02 | 000,000,884 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.01 22:10:25 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012.08.01 22:10:20 | 2515,148,800 | -HS- | M] () -- D:\hiberfil.sys
[2012.08.01 20:12:49 | 127,231,689 | ---- | M] (Igor Pavlov) -- D:\Users\Momo\Desktop\OTLPENet.exe
[2012.08.01 20:12:49 | 127,231,689 | ---- | M] (Igor Pavlov) -- D:\Users\Momo\Desktop\OTLPENet - Kopie.exe
[2012.07.27 21:49:00 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoipBuster
[2012.07.27 18:12:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\System32\FlashPlayerApp.exe
[2012.07.27 18:12:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.22 21:28:33 | 000,001,863 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk
[2012.07.22 21:28:33 | 000,001,851 | ---- | M] () -- D:\Users\Public\Desktop\LOL Recorder.lnk
[2012.07.22 21:11:34 | 000,069,632 | -H-- | M] (Test3) -- D:\Users\Momo\AppData\Local\wscntfy.exe
[2012.07.22 21:11:34 | 000,069,632 | -H-- | M] (Test3) -- D:\ProgramData\wscntfy.exe
[2012.07.22 21:11:34 | 000,069,632 | -H-- | M] (Test3) -- D:\Users\Momo\AppData\Roaming\lsmass.exe
[2012.07.22 21:11:34 | 000,069,632 | -H-- | M] (Test3) -- D:\Program Files\Common Files\lsmass.exe
[2012.07.18 23:50:35 | 000,036,928 | ---- | M] (microOLAP Technologies LTD) -- D:\Windows\System32\drivers\pssdk41.sys
[2012.07.18 23:17:11 | 000,696,620 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2012.07.18 23:17:11 | 000,651,938 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012.07.18 23:17:11 | 000,147,916 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2012.07.18 23:17:11 | 000,120,870 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012.07.14 22:33:39 | 002,195,552 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2012.07.14 01:14:49 | 000,002,290 | ---- | M] () -- D:\Users\Public\Desktop\Google Chrome.lnk
[2 D:\Windows\System32\*.tmp files -> D:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.01 17:38:33 | 004,503,728 | ---- | C] () -- D:\ProgramData\ras_0oed.pad
[2012.07.22 21:28:33 | 000,001,863 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk
[2012.07.22 21:28:33 | 000,001,851 | ---- | C] () -- D:\Users\Public\Desktop\LOL Recorder.lnk
[2012.06.19 18:30:31 | 000,000,193 | ---- | C] () -- D:\Windows\WORDPAD.INI
[2012.03.21 23:28:33 | 001,590,912 | ---- | C] () -- D:\Windows\DarkSteam Uninstaller.exe
[2012.03.11 01:34:29 | 002,169,856 | -HS- | C] () -- D:\Windows\System32\hale.exe
[2012.03.10 00:24:14 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin
[2012.03.10 00:20:56 | 000,003,929 | ---- | C] () -- D:\Windows\System32\atipblag.dat
[2012.03.10 00:14:07 | 000,000,209 | ---- | C] () -- D:\Windows\ODBCINST.INI
[2012.03.10 00:14:07 | 000,000,135 | ---- | C] () -- D:\Windows\ODBC.INI
[2012.03.10 00:13:23 | 000,000,265 | ---- | C] () -- D:\Windows\HCWBlast.ini
[2012.03.10 00:12:53 | 000,037,639 | ---- | C] () -- D:\Windows\Irremote.ini
[2012.03.10 00:12:45 | 000,142,337 | ---- | C] () -- D:\Windows\System32\Wait.exe
[2012.03.10 00:11:41 | 000,002,378 | ---- | C] () -- D:\Windows\HCWPNP.INI
[2012.01.23 16:43:06 | 004,130,816 | ---- | C] () -- D:\Windows\System32\LS3Renderer.dll
[2011.07.28 18:49:12 | 000,053,760 | ---- | C] () -- D:\Windows\System32\OVDecode.dll
[2011.06.27 20:53:02 | 000,234,855 | ---- | C] () -- D:\Windows\System32\atiicdxx.dat
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- D:\Windows\System32\RtNicProp32.dll
[2010.11.21 02:46:14 | 000,696,620 | ---- | C] () -- D:\Windows\System32\perfh007.dat
[2010.11.21 02:46:14 | 000,295,922 | ---- | C] () -- D:\Windows\System32\perfi007.dat
[2010.11.21 02:46:14 | 000,147,916 | ---- | C] () -- D:\Windows\System32\perfc007.dat
[2010.11.21 02:46:14 | 000,038,104 | ---- | C] () -- D:\Windows\System32\perfd007.dat
[2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 002,195,552 | ---- | C] () -- D:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,651,938 | ---- | C] () -- D:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- D:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,120,870 | ---- | C] () -- D:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- D:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- D:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- D:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll
[2009.07.14 01:41:47 | 000,001,536 | ---- | C] () -- D:\Windows\System32\winver.exe
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\System32\mlang.dat
[2004.08.13 10:56:20 | 000,005,810 | ---- | C] () -- D:\Windows\System32\drivers\ASACPI.sys
 
========== LOP Check ==========
 
[2012.03.22 12:37:34 | 000,000,000 | ---D | M] -- D:\Users\Momo\AppData\Roaming\DAEMON Tools Lite
[2012.08.01 18:02:04 | 000,000,000 | ---D | M] -- D:\Users\Momo\AppData\Roaming\dclogs
[2012.03.17 20:01:33 | 000,000,000 | ---D | M] -- D:\Users\Momo\AppData\Roaming\LolClient
[2012.08.01 18:15:31 | 000,000,000 | ---D | M] -- D:\Users\Momo\AppData\Roaming\LSoft Technologies
[2012.08.01 20:31:59 | 000,000,000 | ---D | M] -- D:\Users\Momo\AppData\Roaming\Runscanner.net
[2012.08.01 23:29:39 | 000,000,000 | ---D | M] -- D:\Users\Momo\AppData\Roaming\uTorrent
[2012.03.10 00:21:30 | 000,000,000 | ---D | M] -- D:\ProgramData\AMD
[2012.03.09 23:55:45 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2012.03.17 01:09:43 | 000,000,000 | ---D | M] -- D:\ProgramData\Astroburn Lite
[2012.03.16 17:52:25 | 000,000,000 | ---D | M] -- D:\ProgramData\Babylon
[2012.06.09 17:16:13 | 000,000,000 | ---D | M] -- D:\ProgramData\Bcool
[2012.06.09 17:16:13 | 000,000,000 | ---D | M] -- D:\ProgramData\Codecv
[2012.03.14 17:01:55 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Lite
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2012.03.09 23:55:45 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2012.03.09 23:55:45 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2012.06.02 21:28:40 | 000,000,000 | ---D | M] -- D:\ProgramData\InstallMate
[2012.08.01 17:37:12 | 000,000,000 | ---D | M] -- D:\ProgramData\PMB Files
[2012.04.04 00:51:47 | 000,000,000 | ---D | M] -- D:\ProgramData\Premium
[2012.03.10 16:25:30 | 000,000,000 | ---D | M] -- D:\ProgramData\RedGiant
[2012.03.10 15:31:38 | 000,000,000 | ---D | M] -- D:\ProgramData\Sony
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2012.03.09 23:55:45 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2012.04.04 00:51:34 | 000,000,000 | ---D | M] -- D:\ProgramData\SweetIM
[2012.05.21 21:29:31 | 000,000,000 | ---D | M] -- D:\ProgramData\SYSTEMAX Software Development
[2012.03.10 22:24:05 | 000,000,000 | ---D | M] -- D:\ProgramData\TechSmith
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2012.03.20 21:52:39 | 000,000,000 | ---D | M] -- D:\ProgramData\TuneUpMedia
[2012.05.20 17:17:25 | 000,000,000 | ---D | M] -- D:\ProgramData\Tunngle
[2012.03.09 23:55:45 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2012.03.19 00:53:03 | 000,000,000 | ---D | M] -- D:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012.06.25 21:50:12 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
         
--- --- ---
Vielen Dank schonmal im Vorraus

MfG ServerCrash

Geändert von ServerCrash (01.08.2012 um 23:44 Uhr)

Alt 02.08.2012, 00:26   #2
markusg
/// Malware-holic
 
Cyber Criminal Investigation Department Virus/Trojaner - Standard

Cyber Criminal Investigation Department Virus/Trojaner



auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
ATTFilter
:OTL
O4 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002..\Run: [Windows-Audio Driver] D:\Users\Momo\AppData\Local\wscntfy.exe (Test3)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Windows-Network Component = D:\Program Files\Common Files\lsmass.exe (Test3)
O4 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002..\Run: [Windows Audio Device Graph Isolation] D:\Users\Momo\AppData\Roaming\Microsoft\Windows\Templates\audiodh.exe
(Microsoft® Windows® Operating System)
O4 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002..\Run: [Java(TM)Runtime] D:\Users\Momo\AppData\Roaming\Microsoft\Windows\Java\Runtime.exe (Microsoft
Corp.)
O4 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002..\Run: [Adobe(R) Updater] D:\Users\Momo\AppData\Roaming\Microsoft\Windows\Drivers\Drivers.exe (Microsoft
Corp.)
O4 - HKLM..\Run: [Windows-Audio Driver] D:\ProgramData\wscntfy.exe (Test3)
O4 - HKLM..\Run: [Windows Audio Device Graph Isolation] D:\Users\Leonhard\AppData\Roaming\Microsoft\Windows\Templates\audiodh.exe (Microsoft® Windows®
Operating System)
O20 - HKLM Winlogon: UserInit - (D:\Users\Leonhard\AppData\Roaming\Microsoft\Windows\Drivers\Drivers.exe) - D:\Users\Leonhard\AppData\Roaming\Microsoft\Windows\Drivers\Drivers.exe
(Microsoft Corp.)
O20 - HKLM Winlogon: UserInit - (D:\Users\Leonhard\AppData\Roaming\Microsoft\Windows\Java\Runtime.exe) - D:\Users\Leonhard\AppData\Roaming\Microsoft\Windows\Java\Runtime.exe
(Microsoft Corp.)
[2012.08.01 23:31:02 | 004,503,728 | ---- | M] () -- D:\ProgramData\ras_0oed.pad
:Files
D:\Program Files\Common Files\lsmass.exe
D:\Users\Momo\AppData\Local\wscntfy.exe
D:\Users\Momo\AppData\Roaming\Microsoft\Windows\Templates\audiodh.exe
D:\Users\Momo\AppData\Roaming\Microsoft\Windows\Java\Runtime.exe
D:\Users\Momo\AppData\Roaming\Microsoft\Windows\Drivers\Drivers.exe
:Commands
[Reboot]
         


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

edit:
bei dir d:
für eine weitere analyse benötige ich mal folgendes.
D:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache
dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte
Trojaner-Board Upload Channel
wenn dies erledigt ist, bittemelden.
__________________

__________________

Alt 02.08.2012, 00:44   #3
ServerCrash
 
Cyber Criminal Investigation Department Virus/Trojaner - Standard

Cyber Criminal Investigation Department Virus/Trojaner



wie lang sollte dieses "fixen" dauern?
bei mir sind es schon fast 10 Minuten...
__________________

Alt 02.08.2012, 00:45   #4
markusg
/// Malware-holic
 
Cyber Criminal Investigation Department Virus/Trojaner - Standard

Cyber Criminal Investigation Department Virus/Trojaner



dann mal reset drücken, cd rausnemen und neustarten lassen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.08.2012, 00:48   #5
ServerCrash
 
Cyber Criminal Investigation Department Virus/Trojaner - Standard

Cyber Criminal Investigation Department Virus/Trojaner



es geht duch, ups^^

aber in dem OTL_ Ordner ist zwar ein MovedFiles Ordner drin aber in den 2 die DARIN sind nichts, gehört das so?


Alt 02.08.2012, 00:50   #6
markusg
/// Malware-holic
 
Cyber Criminal Investigation Department Virus/Trojaner - Standard

Cyber Criminal Investigation Department Virus/Trojaner



lad mal den ordner _OTL wie gesagt hoch, oder ist der leer? dann folgendes:
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________
--> Cyber Criminal Investigation Department Virus/Trojaner

Alt 02.08.2012, 00:58   #7
ServerCrash
 
Cyber Criminal Investigation Department Virus/Trojaner - Standard

Cyber Criminal Investigation Department Virus/Trojaner



Der MovedFiles Ordner ist immer noch leer, jedenfalls die 2 die darin sind

und ich bekomm keinen "Extratxt" :/

Alt 02.08.2012, 01:00   #8
markusg
/// Malware-holic
 
Cyber Criminal Investigation Department Virus/Trojaner - Standard

Cyber Criminal Investigation Department Virus/Trojaner



dann poste otl.txt
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.08.2012, 01:06   #9
ServerCrash
 
Cyber Criminal Investigation Department Virus/Trojaner - Standard

Cyber Criminal Investigation Department Virus/Trojaner



ok es gibt doch beides sorry^^

OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.08.2012 00:55:20 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = D:\Users\Momo\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,12 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 48,72% Memory free
6,24 Gb Paging File | 4,47 Gb Available in Paging File | 71,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 195,31 Gb Total Space | 14,19 Gb Free Space | 7,27% Space Free | Partition Type: NTFS
Drive D: | 78,13 Gb Total Space | 16,48 Gb Free Space | 21,10% Space Free | Partition Type: NTFS
Drive E: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PX1-L | User Name: Momo | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Users\Momo\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Users\Momo\AppData\Roaming\Microsoft\Windows\Drivers\Drivers.exe (Microsoft Corp.)
PRC - D:\Users\Momo\AppData\Roaming\Microsoft\Windows\Java\Runtime.exe (Microsoft Corp.)
PRC - D:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe (Adobe Systems, Inc.)
PRC - D:\Users\Momo\AppData\Local\wscntfy.exe (Test3)
PRC - D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - D:\Users\Leonhard\Downloads\uTorrent.exe (BitTorrent, Inc.)
PRC - D:\Windows\System32\hale.exe ()
PRC - D:\Programme\PowerISO\PWRISOVM.EXE (Power Software Ltd)
PRC - D:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - D:\Windows\explorer.exe (Microsoft Corporation)
PRC - D:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - D:\Windows\System32\cmd.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - D:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
MOD - D:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - D:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - D:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll ()
MOD - D:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - D:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - D:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - D:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - D:\Windows\System32\hale.exe ()
MOD - D:\Programme\WinRAR\RarExt.dll ()
MOD - D:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - D:\Windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Drawing.resources.dll ()
MOD - D:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (ACDaemon) -- D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- D:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- D:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Akamai) -- d:\program files\common files\akamai/netsession_win_4f7fccd.dll ()
SRV - (SkypeUpdate) -- D:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Steam Client Service) -- D:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- D:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WatAdminSvc) -- D:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (TunngleService) -- D:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (AMD External Events Utility) -- D:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AMD FUEL Service) -- D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (HauppaugeTVServer) -- D:\Programme\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works)
SRV - (WMPNetworkSvc) -- D:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WSWNDA3100) -- D:\Programme\NETGEAR\WNDA3100v2\WifiSvc.exe ()
SRV - (McComponentHostService) -- D:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (StorSvc) -- D:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- D:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- D:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- D:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva397) -- D:\Windows\system32\XDva397.sys File not found
DRV - (XDva393) -- D:\Windows\system32\XDva393.sys File not found
DRV - (PsSdk41) -- D:\Windows\System32\drivers\pssdk41.sys (microOLAP Technologies LTD)
DRV - (dtsoftbus01) -- D:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (SCDEmu) -- D:\Windows\System32\drivers\scdemu.sys (Power Software Ltd)
DRV - (amdkmdag) -- D:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- D:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AODDriver4.01) -- D:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys (Advanced Micro Devices)
DRV - (AtiHDAudioService) -- D:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (BCMH43XX) -- D:\Windows\System32\drivers\bcmwlhigh6.sys (Broadcom Corporation)
DRV - (hcwD1encoder) -- D:\Windows\System32\drivers\hcwD1xcd.sys (ViXS Systems Inc.)
DRV - (hcwD1capture) -- D:\Windows\System32\drivers\hcwD1cap.sys (Hauppauge Computer Works, Inc.)
DRV - (TsUsbFlt) -- D:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- D:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (dmvsc) -- D:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- D:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUsb) -- D:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- D:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- D:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (VMBusHID) -- D:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- D:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (amdiox86) -- D:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (RTL8187B) -- D:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc.                           )
DRV - (tap0901t) -- D:\Windows\System32\drivers\tap0901t.sys (Tunngle.net)
DRV - (msloop) -- D:\Windows\System32\drivers\loop.sys (Microsoft Corporation)
DRV - (MRV6X32P) -- D:\Windows\System32\drivers\MRVW13B.sys (Marvell Semiconductor, Inc)
DRV - (SCMNdisP) -- D:\Windows\System32\drivers\SCMNdisP.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (Afc) -- D:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (MTsensor) -- D:\Windows\System32\drivers\ASACPI.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
 
IE - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Österreich: Hotmail, Messenger, Skype download, Unterhaltung, Nachrichten, Sport, Lifestyle und mehr bei MSN AT
IE - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 83 BA 73 A0 1E 70 CD 01  [binary data]
IE - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: D:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: D:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: D:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: D:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.10 16:56:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.07.18 20:50:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.03.19 00:51:01 | 000,000,000 | ---D | M]
 
[2012.03.14 20:32:52 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Momo\AppData\Roaming\mozilla\Extensions
[2012.05.04 19:00:21 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Momo\AppData\Roaming\mozilla\Firefox\Profiles\k47lth6o.default\extensions
[2012.04.27 19:10:11 | 000,000,000 | ---D | M] (No name found) -- D:\Programme\Mozilla Firefox\extensions
[2012.07.18 20:50:55 | 000,136,672 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.19 00:50:44 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.21 23:16:12 | 000,001,392 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.02 21:37:07 | 000,002,356 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.06.21 23:16:12 | 000,002,252 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.21 23:16:12 | 000,001,153 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.21 23:16:12 | 000,006,805 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.21 23:16:12 | 000,001,178 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.21 23:16:12 | 000,001,105 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - D:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Codecv Class) - {38081DC2-75B3-44E8-869C-2717E0B55605} - D:\ProgramData\Codecv\bhoclass.dll ()
O2 - BHO: (Bcool Class) - {607E944A-37F4-423B-ADBD-06359F098D07} - D:\ProgramData\Bcool\bhoclass.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - D:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - D:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - D:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - D:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Chew7Hale] D:\Windows\System32\hale.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [Windows Audio Device Graph Isolation] D:\Users\Leonhard\AppData\Roaming\Microsoft\Windows\Templates\audiodh.exe (Microsoft® Windows® Operating System)
O4 - HKLM..\Run: [Windows-Audio Driver] D:\ProgramData\wscntfy.exe (Test3)
O4 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002..\Run: [Adobe(R) Updater] D:\Users\Momo\AppData\Roaming\Microsoft\Windows\Drivers\Drivers.exe (Microsoft Corp.)
O4 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002..\Run: [Cracked Steam Service] "d:\program files\cracked steam\Cracked Steam.exe" /SERVICE File not found
O4 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002..\Run: [Java(TM)Runtime] D:\Users\Momo\AppData\Roaming\Microsoft\Windows\Java\Runtime.exe (Microsoft Corp.)
O4 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002..\Run: [Windows Audio Device Graph Isolation] D:\Users\Momo\AppData\Roaming\Microsoft\Windows\Templates\audiodh.exe (Microsoft® Windows® Operating System)
O4 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002..\Run: [Windows-Audio Driver] D:\Users\Momo\AppData\Local\wscntfy.exe (Test3)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Windows-Network Component = D:\Program Files\Common Files\lsmass.exe (Test3)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Search the Web - D:\Programme\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A016F82-84A6-409D-82A5-49CD13CEDB81}: DhcpNameServer = 192.168.1.1 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0BD1E37-1F45-4982-B1A4-B8E88E4F6E9B}: DhcpNameServer = 192.168.1.1 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4952521-63A7-4963-97D8-CB2FB691DF9E}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0274181-1838-41BC-8877-25FF2B6B6FA0}: DhcpNameServer = 192.168.1.1 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAFDF52A-E125-40F2-AFD1-7E20728F9F14}: DhcpNameServer = 192.168.1.1 195.34.133.21 212.186.211.21
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\Windows\system32\userinit.exe) - D:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\Users\Leonhard\AppData\Roaming\Microsoft\Windows\Drivers\Drivers.exe) - D:\Users\Leonhard\AppData\Roaming\Microsoft\Windows\Drivers\Drivers.exe (Microsoft Corp.)
O20 - HKLM Winlogon: UserInit - (D:\Users\Leonhard\AppData\Roaming\Microsoft\Windows\Java\Runtime.exe) - D:\Users\Leonhard\AppData\Roaming\Microsoft\Windows\Java\Runtime.exe (Microsoft Corp.)
O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) -  File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.01.25 22:04:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.03.24 13:06:41 | 000,000,053 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1dfddf10-6a31-11e1-8cbd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1dfddf10-6a31-11e1-8cbd-806e6f6e6963}\Shell\AutoRun\command - "" = E:\reatogoMenu.exe -- [2005.07.16 23:36:50 | 000,240,128 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1dfddf0d-6a31-11e1-8cbd-806e6f6e6963} - D:\ProgramData\wscntfy.exe -r
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - D:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - D:\Windows\system32\Rundll32.exe D:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9E090F62-4FE1-F6FB-971E-AC3ABBCEFA15} - D:\ProgramData\wscntfy.exe -r
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - D:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "D:\Windows\System32\rundll32.exe" "D:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - D:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoStart IR.lnk - D:\Programme\WinTV\Ir.exe - (Hauppauge Computer Works)
MsConfig - StartUpFolder: D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - D:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe - (McAfee, Inc.)
MsConfig - StartUpFolder: D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v3 Smart Wizard.lnk - D:\Programme\NETGEAR\WG111v3\WG111v3.exe - ()
MsConfig - StartUpFolder: D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG311v3 Smart Wizard.lnk - D:\Programme\NETGEAR\WG311v3\WG311v3.exe - ()
MsConfig - StartUpFolder: D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNDA3100v2 Setup-Assistent.lnk - D:\Programme\NETGEAR\WNDA3100v2\WNDA3100v2.exe - ()
MsConfig - StartUpFolder: D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinTV Recording Status..lnk - D:\Programme\WinTV\WinTV7\WinTVTray.exe - (Hauppauge Computer Works, Inc.)
MsConfig - StartUpReg: Akamai NetSession Interface - hkey= - key= - D:\Users\Leonhard\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: ArcSoft Connection Service - hkey= - key= -  File not found
MsConfig - StartUpReg: Chew7Hale - hkey= - key= -  File not found
MsConfig - StartUpReg: Cracked Steam Service - hkey= - key= -  File not found
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - D:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - D:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: PWRISOVM.EXE - hkey= - key= - D:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - D:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: StartCCC - hkey= - key= - D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - StartUpReg: SweetIM - hkey= - key= - D:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
MsConfig - StartUpReg: Sweetpacks Communicator - hkey= - key= - D:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
MsConfig - StartUpReg: Windows Audio Device Graph Isolation - hkey= - key= - D:\Users\Leonhard\AppData\Roaming\Microsoft\Windows\Templates\audiodh.exe (Microsoft® Windows® Operating System)
MsConfig - StartUpReg: Windows-Audio Driver - hkey= - key= - D:\ProgramData\wscntfy.exe (Test3)
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.02 00:51:32 | 000,597,504 | ---- | C] (OldTimer Tools) -- D:\Users\Momo\Desktop\OTL.exe
[2012.08.01 23:21:22 | 000,000,000 | ---D | C] -- D:\Users\Momo\AppData\Roaming\uTorrent
[2012.08.01 22:07:17 | 000,000,000 | ---D | C] -- D:\OTLPE
[2012.08.01 21:49:36 | 000,000,000 | ---D | C] -- D:\_OTL
[2012.08.01 21:27:32 | 127,231,689 | ---- | C] (Igor Pavlov) -- D:\Users\Momo\Desktop\OTLPENet - Kopie.exe
[2012.08.01 20:36:32 | 127,231,689 | ---- | C] (Igor Pavlov) -- D:\Users\Momo\Desktop\OTLPENet.exe
[2012.08.01 20:31:59 | 000,000,000 | ---D | C] -- D:\Users\Momo\AppData\Roaming\Runscanner.net
[2012.08.01 18:15:31 | 000,000,000 | ---D | C] -- D:\Users\Momo\AppData\Roaming\LSoft Technologies
[2012.08.01 18:15:31 | 000,000,000 | ---D | C] -- D:\Users\Momo\AppData\Roaming\InstallShield Installation Information
[2012.08.01 18:15:31 | 000,000,000 | ---D | C] -- D:\Users\Momo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2012.08.01 18:01:25 | 000,000,000 | ---D | C] -- D:\Users\Momo\AppData\Roaming\dclogs
[2012.07.27 21:49:00 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoipBuster
[2012.07.27 21:48:59 | 000,000,000 | ---D | C] -- D:\Program Files\VoipBuster.com
[2012.07.22 21:28:33 | 000,000,000 | ---D | C] -- D:\Program Files\LOLReplay
[2012.07.18 23:50:35 | 000,036,928 | ---- | C] (microOLAP Technologies LTD) -- D:\Windows\System32\drivers\pssdk41.sys
[2012.07.18 23:49:40 | 000,000,000 | ---D | C] -- D:\Program Files\XLink Kai
[2012.07.18 23:48:19 | 000,096,784 | ---- | C] (CACE Technologies, Inc.) -- D:\Windows\System32\_packet.dlluninstall
[2012.05.28 14:12:17 | 000,069,632 | -H-- | C] (Test3) -- D:\Users\Momo\AppData\Local\wscntfy.exe
[2012.05.28 14:12:17 | 000,069,632 | -H-- | C] (Test3) -- D:\Users\Momo\AppData\Roaming\lsmass.exe
[2012.05.28 14:12:08 | 054,697,478 | ---- | C] (minecraftinstall.net                                        ) -- D:\Users\Momo\AppData\Roaming\Minecraft_Cracked_v1.2.5.exe
[2012.05.26 15:04:01 | 000,069,632 | -H-- | C] (Test3) -- D:\ProgramData\wscntfy.exe
[2012.05.26 15:04:01 | 000,069,632 | -H-- | C] (Test3) -- D:\Program Files\Common Files\lsmass.exe
[2 D:\Windows\System32\*.tmp files -> D:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.02 00:57:58 | 414,292,812 | ---- | M] () -- D:\Windows\System32\cwlog.dtl
[2012.08.02 00:56:22 | 004,503,728 | ---- | M] () -- D:\ProgramData\ras_0oed.pad
[2012.08.02 00:51:35 | 000,597,504 | ---- | M] (OldTimer Tools) -- D:\Users\Momo\Desktop\OTL.exe
[2012.08.02 00:17:00 | 000,001,102 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.02 00:12:31 | 000,020,864 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.02 00:12:31 | 000,020,864 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.02 00:12:02 | 000,000,884 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.01 23:18:09 | 000,001,098 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.01 22:10:25 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012.08.01 22:10:20 | 2515,148,800 | -HS- | M] () -- D:\hiberfil.sys
[2012.08.01 20:12:49 | 127,231,689 | ---- | M] (Igor Pavlov) -- D:\Users\Momo\Desktop\OTLPENet.exe
[2012.08.01 20:12:49 | 127,231,689 | ---- | M] (Igor Pavlov) -- D:\Users\Momo\Desktop\OTLPENet - Kopie.exe
[2012.07.22 21:28:33 | 000,001,851 | ---- | M] () -- D:\Users\Public\Desktop\LOL Recorder.lnk
[2012.07.22 21:11:34 | 000,069,632 | -H-- | M] (Test3) -- D:\Users\Momo\AppData\Local\wscntfy.exe
[2012.07.22 21:11:34 | 000,069,632 | -H-- | M] (Test3) -- D:\ProgramData\wscntfy.exe
[2012.07.22 21:11:34 | 000,069,632 | -H-- | M] (Test3) -- D:\Users\Momo\AppData\Roaming\lsmass.exe
[2012.07.22 21:11:34 | 000,069,632 | -H-- | M] (Test3) -- D:\Program Files\Common Files\lsmass.exe
[2012.07.18 23:50:35 | 000,036,928 | ---- | M] (microOLAP Technologies LTD) -- D:\Windows\System32\drivers\pssdk41.sys
[2012.07.18 23:17:11 | 000,696,620 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2012.07.18 23:17:11 | 000,651,938 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012.07.18 23:17:11 | 000,147,916 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2012.07.18 23:17:11 | 000,120,870 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012.07.14 22:33:39 | 002,195,552 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2012.07.14 01:14:49 | 000,002,290 | ---- | M] () -- D:\Users\Public\Desktop\Google Chrome.lnk
[2 D:\Windows\System32\*.tmp files -> D:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.01 17:38:33 | 004,503,728 | ---- | C] () -- D:\ProgramData\ras_0oed.pad
[2012.07.22 21:28:33 | 000,001,863 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk
[2012.07.22 21:28:33 | 000,001,851 | ---- | C] () -- D:\Users\Public\Desktop\LOL Recorder.lnk
[2012.06.19 18:30:31 | 000,000,193 | ---- | C] () -- D:\Windows\WORDPAD.INI
[2012.04.26 14:24:58 | 000,001,326 | RHS- | C] () -- D:\Users\Momo\ntuser.pol
[2012.03.21 23:28:33 | 001,590,912 | ---- | C] () -- D:\Windows\DarkSteam Uninstaller.exe
[2012.03.11 01:34:29 | 002,169,856 | -HS- | C] () -- D:\Windows\System32\hale.exe
[2012.03.10 00:24:14 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin
[2012.03.10 00:20:56 | 000,003,929 | ---- | C] () -- D:\Windows\System32\atipblag.dat
[2012.03.10 00:14:07 | 000,000,209 | ---- | C] () -- D:\Windows\ODBCINST.INI
[2012.03.10 00:14:07 | 000,000,135 | ---- | C] () -- D:\Windows\ODBC.INI
[2012.03.10 00:13:23 | 000,000,265 | ---- | C] () -- D:\Windows\HCWBlast.ini
[2012.03.10 00:12:53 | 000,037,639 | ---- | C] () -- D:\Windows\Irremote.ini
[2012.03.10 00:12:45 | 000,142,337 | ---- | C] () -- D:\Windows\System32\Wait.exe
[2012.03.10 00:11:41 | 000,002,378 | ---- | C] () -- D:\Windows\HCWPNP.INI
[2012.01.23 16:43:06 | 004,130,816 | ---- | C] () -- D:\Windows\System32\LS3Renderer.dll
[2011.07.28 18:49:12 | 000,053,760 | ---- | C] () -- D:\Windows\System32\OVDecode.dll
[2011.06.27 20:53:02 | 000,234,855 | ---- | C] () -- D:\Windows\System32\atiicdxx.dat
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- D:\Windows\System32\RtNicProp32.dll
[2010.11.21 02:46:14 | 000,696,620 | ---- | C] () -- D:\Windows\System32\perfh007.dat
[2010.11.21 02:46:14 | 000,295,922 | ---- | C] () -- D:\Windows\System32\perfi007.dat
[2010.11.21 02:46:14 | 000,147,916 | ---- | C] () -- D:\Windows\System32\perfc007.dat
[2010.11.21 02:46:14 | 000,038,104 | ---- | C] () -- D:\Windows\System32\perfd007.dat
[2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe
 
========== LOP Check ==========
 
[2012.07.01 18:19:16 | 000,000,000 | ---D | M] -- D:\Users\Leonhard\AppData\Roaming\.minecraft
[2012.03.16 17:52:25 | 000,000,000 | ---D | M] -- D:\Users\Leonhard\AppData\Roaming\Babylon
[2012.06.02 21:37:14 | 000,000,000 | ---D | M] -- D:\Users\Leonhard\AppData\Roaming\BabylonToolbar
[2012.03.10 17:46:38 | 000,000,000 | ---D | M] -- D:\Users\Leonhard\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.03.17 00:12:45 | 000,000,000 | ---D | M] -- D:\Users\Leonhard\AppData\Roaming\DAEMON Tools Lite
[2012.08.01 00:00:37 | 000,000,000 | ---D | M] -- D:\Users\Leonhard\AppData\Roaming\dclogs
[2012.03.15 19:22:55 | 000,000,000 | ---D | M] -- D:\Users\Leonhard\AppData\Roaming\LolClient
[2012.05.24 19:30:00 | 000,000,000 | ---D | M] -- D:\Users\Leonhard\AppData\Roaming\LolClient2
[2012.03.11 12:19:53 | 000,000,000 | ---D | M] -- D:\Users\Leonhard\AppData\Roaming\MAXON
[2012.03.20 21:51:05 | 000,000,000 | ---D | M] -- D:\Users\Leonhard\AppData\Roaming\OpenCandy
[2012.03.11 00:45:54 | 000,000,000 | ---D | M] -- D:\Users\Leonhard\AppData\Roaming\Publish Providers
[2012.03.10 16:27:14 | 000,000,000 | ---D | M] -- D:\Users\Leonhard\AppData\Roaming\Red Giant Link
[2012.07.30 19:54:53 | 000,000,000 | ---D | M] -- D:\Users\Leonhard\AppData\Roaming\Secure-Soft Stealer
[2012.03.11 00:46:42 | 000,000,000 | ---D | M] -- D:\Users\Leonhard\AppData\Roaming\Sony
[2012.05.21 21:29:31 | 000,000,000 | ---D | M] -- D:\Users\Leonhard\AppData\Roaming\SYSTEMAX Software Development
[2012.05.01 15:18:28 | 000,000,000 | ---D | M] -- D:\Users\Leonhard\AppData\Roaming\TuneUpMedia
[2012.03.17 22:04:42 | 000,000,000 | ---D | M] -- D:\Users\Leonhard\AppData\Roaming\Tunngle
[2012.05.23 19:48:24 | 000,000,000 | ---D | M] -- D:\Users\Leonhard\AppData\Roaming\uTorrent
[2012.07.27 21:53:48 | 000,000,000 | ---D | M] -- D:\Users\Leonhard\AppData\Roaming\VoipBuster
[2012.07.18 23:59:45 | 000,000,000 | ---D | M] -- D:\Users\Leonhard\AppData\Roaming\XLink Kai
[2012.06.02 21:36:58 | 000,000,000 | ---D | M] -- D:\Users\Leonhard\AppData\Roaming\YourFileDownloader
[2012.03.22 12:37:34 | 000,000,000 | ---D | M] -- D:\Users\Momo\AppData\Roaming\DAEMON Tools Lite
[2012.08.02 00:11:49 | 000,000,000 | ---D | M] -- D:\Users\Momo\AppData\Roaming\dclogs
[2012.03.17 20:01:33 | 000,000,000 | ---D | M] -- D:\Users\Momo\AppData\Roaming\LolClient
[2012.08.01 18:15:31 | 000,000,000 | ---D | M] -- D:\Users\Momo\AppData\Roaming\LSoft Technologies
[2012.08.01 20:31:59 | 000,000,000 | ---D | M] -- D:\Users\Momo\AppData\Roaming\Runscanner.net
[2012.08.02 00:56:30 | 000,000,000 | ---D | M] -- D:\Users\Momo\AppData\Roaming\uTorrent
[2012.06.25 21:50:12 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.03.14 20:30:52 | 000,000,000 | -HSD | M] -- D:\$Recycle.Bin
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- D:\Documents and Settings
[2012.03.09 23:55:45 | 000,000,000 | -HSD | M] -- D:\Dokumente und Einstellungen
[2012.03.10 23:56:54 | 000,000,000 | ---D | M] -- D:\Fraps
[2012.08.01 22:07:17 | 000,000,000 | ---D | M] -- D:\OTLPE
[2012.08.01 17:54:59 | 000,000,000 | R--D | M] -- D:\Program Files
[2012.08.01 17:38:33 | 000,000,000 | -H-D | M] -- D:\ProgramData
[2012.03.09 23:55:45 | 000,000,000 | -HSD | M] -- D:\Programme
[2012.03.09 23:55:45 | 000,000,000 | -HSD | M] -- D:\Recovery
[2012.02.29 19:43:44 | 000,000,000 | -HSD | M] -- D:\RECYCLER
[2012.04.26 14:45:01 | 000,000,000 | ---D | M] -- D:\Riot Games
[2012.05.27 10:52:49 | 000,000,000 | -HSD | M] -- D:\System Volume Information
[2012.03.14 20:30:47 | 000,000,000 | R--D | M] -- D:\Users
[2012.07.04 20:57:58 | 000,000,000 | ---D | M] -- D:\Windows
[2012.08.01 21:49:36 | 000,000,000 | ---D | M] -- D:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
[2012.07.22 21:11:34 | 000,069,632 | -H-- | M] (Test3) -- D:\Users\Momo\AppData\Local\wscntfy.exe
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- D:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- D:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- D:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- D:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- D:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- D:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010.11.20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- D:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- D:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- D:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- D:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\System32\netlogon.dll
[2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- D:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- D:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- D:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- D:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\System32\scecli.dll
[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=BE8C64439F1E2AF088063218C16EB9FE -- D:\Windows\System32\user32.dll
[2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- D:\ProgramData\Microsoft\Windows\SXS\32\user32.dll
[2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- D:\Users\All Users\Microsoft\Windows\SXS\32\user32.dll
[2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- D:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\System32\userinit.exe
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 23:29:06 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=1562571D6B1541098E677C3BB78709A0 -- D:\Windows\System32\winlogon.exe
[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- D:\ProgramData\Microsoft\Windows\SXS\32\winlogon.exe
[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- D:\Users\All Users\Microsoft\Windows\SXS\32\winlogon.exe
[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- D:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- D:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- D:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010.11.20 23:29:24 | 000,193,536 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\Windows\system32\sppcomapi.dll
[2 D:\Windows\system32\*.tmp files -> D:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2012.08.02 01:03:56 | 001,048,576 | -HS- | M] () -- D:\Users\Momo\ntuser.dat
[2012.08.02 01:03:56 | 000,262,144 | -HS- | M] () -- D:\Users\Momo\ntuser.dat.LOG1
[2012.03.14 20:30:47 | 000,000,000 | -HS- | M] () -- D:\Users\Momo\ntuser.dat.LOG2
[2012.03.14 21:52:45 | 000,065,536 | -HS- | M] () -- D:\Users\Momo\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2012.03.14 21:52:45 | 000,524,288 | -HS- | M] () -- D:\Users\Momo\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2012.03.14 21:52:45 | 000,524,288 | -HS- | M] () -- D:\Users\Momo\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2012.03.14 20:30:47 | 000,000,020 | -HS- | M] () -- D:\Users\Momo\ntuser.ini
[2012.04.26 14:24:58 | 000,001,326 | RHS- | M] () -- D:\Users\Momo\ntuser.pol
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
--- --- ---

Extras.txtOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 02.08.2012 00:55:20 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = D:\Users\Momo\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,12 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 48,72% Memory free
6,24 Gb Paging File | 4,47 Gb Available in Paging File | 71,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 195,31 Gb Total Space | 14,19 Gb Free Space | 7,27% Space Free | Partition Type: NTFS
Drive D: | 78,13 Gb Total Space | 16,48 Gb Free Space | 21,10% Space Free | Partition Type: NTFS
Drive E: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PX1-L | User Name: Momo | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- D:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- D:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- D:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-1111964327-4217363313-2070244455-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "D:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "D:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{23CA88A9-5272-498F-8CC5-96DD1490EC1B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2A4B04A3-AEC8-4BDD-A89C-2B01D9003AB4}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{2C618816-AFDB-4A4F-81F8-65D361C93916}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{2E69ED20-04D5-44E3-A1E3-232739E93A88}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{58ECA4AA-A785-4A89-8B11-CA0522436331}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{87812800-F570-4FC7-BC89-C581D2CA61BC}" = lport=4000 | protocol=6 | dir=out | app=d:\program files\dll-files.com fixer\dllfixer.exe | 
"{8A2E4398-84BE-4FCE-B620-805FB95231FF}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{A5C2F6CB-EFA0-4AA6-90B3-77BD0106D7D4}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{ACCB03CB-0FCF-441B-9920-23BD835601C2}" = lport=4000 | protocol=6 | dir=out | app=d:\program files\dll-files.com fixer\dllfixer.exe | 
"{C6D7BC42-8600-40DD-AD01-23B563D4C6E3}" = lport=4000 | protocol=6 | dir=out | app=d:\program files\dll-files.com fixer\dllfixer.exe | 
"{E7E475A7-6559-4B6C-87EF-03C73D54FCEB}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F32C794-039F-436C-8EEC-A8DD7D90D3AD}" = dir=in | app=d:\program files\skype\phone\skype.exe | 
"{1386E2AF-8881-4689-8091-EB7392479AF6}" = protocol=6 | dir=in | app=d:\program files\utorrent\utorrent.exe | 
"{17A3C477-C782-4BFA-A794-0D7CD9CF675A}" = protocol=6 | dir=in | app=d:\program files\lolreplay\lolreplay.exe | 
"{1899B552-EDFA-4A33-B678-8481D6B5B442}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{2AFD8B7E-35D3-4E33-B87D-88BEC5686448}" = protocol=17 | dir=in | app=d:\program files\common files\lsmass.exe | 
"{3082FDB8-4569-4EC4-B14C-2F8728AFAD53}" = protocol=17 | dir=in | app=d:\program files\voipbuster.com\voipbuster\voipbuster.exe | 
"{34463476-CCF6-4DD0-A8E2-A7ED0F2548FC}" = protocol=17 | dir=in | app=d:\programdata\wscntfy.exe | 
"{39D3892B-E891-40D9-9886-DC491662A151}" = protocol=17 | dir=in | app=d:\program files\cracked steam\steam.exe | 
"{3D07AE4A-C456-474D-BCD2-0B5D52B48206}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{46736385-BB7E-42F8-B240-BDDB6CC9585F}" = protocol=6 | dir=in | app=d:\program files\cracked steam\steam.exe | 
"{4C247219-F7C3-4D06-B7A5-CFEA23C91B41}" = protocol=6 | dir=in | app=d:\program files\common files\lsmass.exe | 
"{51F7E755-C15C-4445-ACFF-E9EFAB28C97E}" = protocol=6 | dir=in | app=d:\program files\common files\lsmass.exe | 
"{54D141AA-49DB-41F8-81CB-F53F2C3D0314}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{60EC62D7-3EDC-4625-AA42-8F16CA3C58EE}" = protocol=6 | dir=in | app=d:\programdata\wscntfy.exe | 
"{63DB39BE-1FCD-4BD1-85E0-A0C2EE75C56D}" = protocol=17 | dir=in | app=d:\program files\yourfiledownloader\downloader.exe | 
"{710D35FD-BCDB-46C7-91EB-AA8C0C49893D}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{739E8F61-BE7A-414A-9A34-13C17B70B128}" = dir=in | app=d:\program files\itunes\itunes.exe | 
"{79D22AF5-8AAF-4557-9742-C75DE84787FF}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{7ED18740-E055-415C-A209-A33FD72A533B}" = protocol=17 | dir=in | app=d:\windows\system32\msiexec.exe | 
"{7FA74563-733F-44A7-AB65-F6E52A10A25A}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{897C1A1E-73D9-4533-9B61-5ACE812075F6}" = protocol=6 | dir=in | app=d:\program files\yourfiledownloader\downloader.exe | 
"{8A7B85DF-BBBF-41B0-8827-A95C711DECBE}" = protocol=6 | dir=in | app=d:\program files\yourfiledownloader\yourfile.exe | 
"{8CE188A6-5492-4E69-9EBD-9EAA2ACEACD8}" = protocol=6 | dir=in | app=d:\programdata\wscntfy.exe | 
"{96B197B4-205A-4F32-B226-BA652C639CBA}" = protocol=17 | dir=in | app=d:\program files\utorrent\utorrent.exe | 
"{9B0D85E5-900C-49F6-B7BF-1908730AD9A3}" = protocol=17 | dir=in | app=d:\programdata\wscntfy.exe | 
"{A6E48ABD-E3FB-4F39-A916-39A0046A0EB0}" = protocol=17 | dir=in | app=d:\program files\common files\lsmass.exe | 
"{BB54553B-C28C-4BD8-8860-0D27806C8D09}" = protocol=6 | dir=in | app=d:\program files\voipbuster.com\voipbuster\voipbuster.exe | 
"{D21BFE61-7F9A-40C9-8CC1-5915C1291188}" = protocol=6 | dir=in | app=d:\program files\xlink kai\kaiengine.exe | 
"{E3EA7223-A866-47C4-AB5D-572E05ED705D}" = protocol=17 | dir=in | app=d:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{E6C2752D-F479-4744-AF6F-2105EE9E4AA5}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{ED7AD0D3-8768-4DE3-8C72-538F0A753CB7}" = protocol=17 | dir=in | app=d:\program files\yourfiledownloader\yourfile.exe | 
"{F0B553BA-E80A-47C9-9C2A-6F60DB708943}" = protocol=6 | dir=in | app=d:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{F117C7D6-7BB3-4B21-9F2C-54E0FF5FA53C}" = protocol=17 | dir=in | app=d:\program files\lolreplay\lolreplay.exe | 
"{FE71B09F-3FBC-4FFC-82AD-ABDF5290A53D}" = protocol=6 | dir=in | app=d:\windows\system32\msiexec.exe | 
"{FF635BCF-5A18-4EB9-B490-1E92FB8AD098}" = protocol=17 | dir=in | app=d:\program files\xlink kai\kaiengine.exe | 
"TCP Query User{064EC7F2-2C6B-4DFD-8369-4CC4D596103F}D:\program files\cracked steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe" = protocol=6 | dir=in | app=d:\program files\cracked steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"TCP Query User{09473858-FA79-4082-A0E8-F2A23132A03F}D:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"TCP Query User{1BF8D319-8070-46C6-8DC5-05FEE2DC6F55}F:\aaaaaaaaaa\activision\call of duty - world at war\codwaw lanfixed.exe" = protocol=6 | dir=in | app=f:\aaaaaaaaaa\activision\call of duty - world at war\codwaw lanfixed.exe | 
"TCP Query User{1F96082A-FCE1-47D3-848C-A8E41ACE3376}D:\program files\xlink kai\kaiengine.exe" = protocol=6 | dir=in | app=d:\program files\xlink kai\kaiengine.exe | 
"TCP Query User{267A2A38-BE67-4C5D-A0AD-8FBE7D560094}D:\program files\call of duty modern warfare 3\iw5mp_server.exe" = protocol=6 | dir=in | app=d:\program files\call of duty modern warfare 3\iw5mp_server.exe | 
"TCP Query User{3303048D-1EA8-426C-B9C0-D31C62F95FAC}D:\users\leonhard\appdata\local\temp\{3559e99b-f04a-bf09-5de2-b868eebacb6d}\codec_enum.exe" = protocol=6 | dir=in | app=d:\users\leonhard\appdata\local\temp\{3559e99b-f04a-bf09-5de2-b868eebacb6d}\codec_enum.exe | 
"TCP Query User{39DCAD95-77D1-4F87-8D93-D21CD520A09E}D:\users\leonhard\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=d:\users\leonhard\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{3EDDD76A-5B50-4399-86CC-2F7A8B7CF364}D:\program files\sony\vegas pro 11.0\vegas110.exe" = protocol=6 | dir=in | app=d:\program files\sony\vegas pro 11.0\vegas110.exe | 
"TCP Query User{3FB78062-57E0-410A-90C8-7209E4AEDF6D}D:\users\momo\appdata\local\wscntfy.exe" = protocol=6 | dir=in | app=d:\users\momo\appdata\local\wscntfy.exe | 
"TCP Query User{44668862-8C15-4B5F-9DF6-A3CC8B2D51CC}F:\aaaaaaaaaa\activision\call of duty - world at war\codwawmp.exe" = protocol=6 | dir=in | app=f:\aaaaaaaaaa\activision\call of duty - world at war\codwawmp.exe | 
"TCP Query User{4C894443-D162-4F54-9ED8-495935A28E3C}D:\programdata\wscntfy.exe" = protocol=6 | dir=in | app=d:\programdata\wscntfy.exe | 
"TCP Query User{5969301E-6DC8-45FA-99B2-994473E5DFBF}D:\users\leonhard\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=d:\users\leonhard\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{5B5BADE8-F50E-48AF-84A1-45513D7CD695}I:\aaaaaaaaaa\cod mw3\call of duty modern warfare 3\iw5mp.exe" = protocol=6 | dir=in | app=i:\aaaaaaaaaa\cod mw3\call of duty modern warfare 3\iw5mp.exe | 
"TCP Query User{63FCA205-B647-48C7-960B-2E93373EAA1E}D:\program files\spiele\call of duty modern warfare 3\iw5mp_server.exe" = protocol=6 | dir=in | app=d:\program files\spiele\call of duty modern warfare 3\iw5mp_server.exe | 
"TCP Query User{6F97F258-0BB0-482B-A824-DC6B2CB16EC4}D:\program files\cracked steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe" = protocol=6 | dir=in | app=d:\program files\cracked steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"TCP Query User{737CCB5C-7E7C-4F31-9B0A-20D44D465143}D:\program files\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=d:\program files\jdownloader\jre\bin\javaw.exe | 
"TCP Query User{8192980C-B562-4740-B9CB-5A0DC9988C35}D:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=d:\program files\skype\phone\skype.exe | 
"TCP Query User{89383FEB-EFF6-43FB-A9BD-3F24DBF89DDE}D:\program files\activision\call of duty - world at war\codwaw lanfixed.exe" = protocol=6 | dir=in | app=d:\program files\activision\call of duty - world at war\codwaw lanfixed.exe | 
"TCP Query User{950E77CF-DCB7-4CFD-84F4-C8BC88C89CD6}G:\call of duty - black ops\blackopsmp.exe" = protocol=6 | dir=in | app=g:\call of duty - black ops\blackopsmp.exe | 
"TCP Query User{A8093F18-6A4F-4719-ACD5-AFD36A5DF7DE}D:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=d:\program files\skype\phone\skype.exe | 
"TCP Query User{AEE7BA7E-FE01-4AA5-8629-4D94CDE7A51E}D:\users\leonhard\appdata\local\temp\rar$exa0.811\iw5mp_server.exe" = protocol=6 | dir=in | app=d:\users\leonhard\appdata\local\temp\rar$exa0.811\iw5mp_server.exe | 
"TCP Query User{B9F2266C-75E5-4E9E-8925-67441A98AB77}D:\program files\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=d:\program files\lolreplay\lolreplay.exe | 
"TCP Query User{C2372C53-384A-4159-92C3-7168A37DA601}D:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=d:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{C52FD7DA-2CE0-4665-8CD1-96FE7FC0CDE6}D:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"TCP Query User{C5EC6D15-183B-4A65-AC9A-9209C9ABE030}D:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=d:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{D056D877-15C2-436C-BD8B-AC37221E6AA0}D:\program files\spiele\call of duty modern warfare 3\iw5mp.exe" = protocol=6 | dir=in | app=d:\program files\spiele\call of duty modern warfare 3\iw5mp.exe | 
"TCP Query User{D659AC1E-E75A-4785-91FB-F1385CFB7B71}D:\program files\common files\lsmass.exe" = protocol=6 | dir=in | app=d:\program files\common files\lsmass.exe | 
"TCP Query User{D7769235-84C0-4C40-970F-85CFAE17ACAE}C:\programme\xlink kai\kaiengine.exe" = protocol=6 | dir=in | app=c:\programme\xlink kai\kaiengine.exe | 
"TCP Query User{DF3688A4-AF86-4CF9-866F-D3EB56D532CF}D:\program files\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=d:\program files\pando networks\media booster\pmb.exe | 
"TCP Query User{E584436F-36AB-4E62-8D74-6BA0219ED722}D:\program files\call of duty modern warfare 3\iw5mp.exe" = protocol=6 | dir=in | app=d:\program files\call of duty modern warfare 3\iw5mp.exe | 
"TCP Query User{ED04B110-595F-4D45-A7F7-EB60CC1ED8C9}F:\call of duty - black ops\blackopsmp.exe" = protocol=6 | dir=in | app=f:\call of duty - black ops\blackopsmp.exe | 
"TCP Query User{F031E205-8191-4A38-A2AC-47088C0588FB}D:\program files\steam\steam.exe" = protocol=6 | dir=in | app=d:\program files\steam\steam.exe | 
"TCP Query User{F18B493D-D431-4710-B74D-13D230831A38}D:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"TCP Query User{F6A3E1E0-BC19-476F-80AA-F55CCAE5106C}D:\users\leonhard\downloads\utorrent.exe" = protocol=6 | dir=in | app=d:\users\leonhard\downloads\utorrent.exe | 
"TCP Query User{F990ACF0-D7E1-4EA5-80E5-D8B4C1A328BE}D:\program files\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=d:\program files\pando networks\media booster\pmb.exe | 
"TCP Query User{FD9CD066-4241-4350-BD36-3EB5A95BD52B}F:\aaaaaaaaaa\cod mw3\call of duty modern warfare 3\iw5sp.exe" = protocol=6 | dir=in | app=f:\aaaaaaaaaa\cod mw3\call of duty modern warfare 3\iw5sp.exe | 
"UDP Query User{07EBE539-B6BF-4DC8-9EAF-08081343D80B}D:\program files\xlink kai\kaiengine.exe" = protocol=17 | dir=in | app=d:\program files\xlink kai\kaiengine.exe | 
"UDP Query User{0A2031FD-D281-4B95-8215-8C6419797AED}D:\program files\cracked steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe" = protocol=17 | dir=in | app=d:\program files\cracked steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"UDP Query User{0B386EBE-D7AD-4030-B098-3C8B482FB28B}D:\program files\cracked steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe" = protocol=17 | dir=in | app=d:\program files\cracked steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"UDP Query User{0DADC9E4-CD9B-4287-AA4B-1DAB87CAB5F6}D:\programdata\wscntfy.exe" = protocol=17 | dir=in | app=d:\programdata\wscntfy.exe | 
"UDP Query User{0DF75900-7FC4-486D-8E1E-D25E7F40E8B5}D:\program files\call of duty modern warfare 3\iw5mp.exe" = protocol=17 | dir=in | app=d:\program files\call of duty modern warfare 3\iw5mp.exe | 
"UDP Query User{0FF952E9-DA89-4AEC-ABD4-E2C36637CCF0}D:\program files\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=d:\program files\jdownloader\jre\bin\javaw.exe | 
"UDP Query User{14038F46-6868-4B32-9F2A-84CEB8B1B72E}D:\users\leonhard\appdata\local\temp\{3559e99b-f04a-bf09-5de2-b868eebacb6d}\codec_enum.exe" = protocol=17 | dir=in | app=d:\users\leonhard\appdata\local\temp\{3559e99b-f04a-bf09-5de2-b868eebacb6d}\codec_enum.exe | 
"UDP Query User{1B5DE88B-DB21-4EDB-8270-7BF63453402D}G:\call of duty - black ops\blackopsmp.exe" = protocol=17 | dir=in | app=g:\call of duty - black ops\blackopsmp.exe | 
"UDP Query User{22E69DFE-222D-4560-BD4F-5D61460C9CFE}D:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"UDP Query User{284377BB-E3E2-4200-9C4D-FC64365E7F94}D:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=d:\program files\skype\phone\skype.exe | 
"UDP Query User{291F6918-1649-4734-B4F3-95C66A5FE19B}C:\programme\xlink kai\kaiengine.exe" = protocol=17 | dir=in | app=c:\programme\xlink kai\kaiengine.exe | 
"UDP Query User{2DBF8DF5-DF8B-42D1-9CCA-00219189D126}F:\aaaaaaaaaa\activision\call of duty - world at war\codwawmp.exe" = protocol=17 | dir=in | app=f:\aaaaaaaaaa\activision\call of duty - world at war\codwawmp.exe | 
"UDP Query User{323114DE-AEA2-49D9-AFA8-00569928E185}D:\program files\spiele\call of duty modern warfare 3\iw5mp_server.exe" = protocol=17 | dir=in | app=d:\program files\spiele\call of duty modern warfare 3\iw5mp_server.exe | 
"UDP Query User{331CA6BE-D227-4E6C-8C6B-AE9AA3D4067E}D:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=d:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{3753E1AB-1771-46F7-95E9-B4462D7570C9}D:\program files\spiele\call of duty modern warfare 3\iw5mp.exe" = protocol=17 | dir=in | app=d:\program files\spiele\call of duty modern warfare 3\iw5mp.exe | 
"UDP Query User{54CE616F-08D0-4A0C-933D-1D513F33C834}D:\program files\call of duty modern warfare 3\iw5mp_server.exe" = protocol=17 | dir=in | app=d:\program files\call of duty modern warfare 3\iw5mp_server.exe | 
"UDP Query User{58E9A4B6-D6F7-4970-9393-279C3BB41A02}D:\program files\activision\call of duty - world at war\codwaw lanfixed.exe" = protocol=17 | dir=in | app=d:\program files\activision\call of duty - world at war\codwaw lanfixed.exe | 
"UDP Query User{62113AA3-20B7-4FBC-9A78-1AF1A2183F72}D:\users\leonhard\appdata\local\temp\rar$exa0.811\iw5mp_server.exe" = protocol=17 | dir=in | app=d:\users\leonhard\appdata\local\temp\rar$exa0.811\iw5mp_server.exe | 
"UDP Query User{709E7A86-4692-4092-8998-2923568AEFBD}D:\users\momo\appdata\local\wscntfy.exe" = protocol=17 | dir=in | app=d:\users\momo\appdata\local\wscntfy.exe | 
"UDP Query User{79139600-D783-4BA0-8A24-83AEEDD84986}D:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=d:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{8527A5EE-E021-4C35-8B7D-80CACF93A63C}F:\call of duty - black ops\blackopsmp.exe" = protocol=17 | dir=in | app=f:\call of duty - black ops\blackopsmp.exe | 
"UDP Query User{8C316C5A-2BC2-4E22-ADB0-248545BF0FB7}F:\aaaaaaaaaa\cod mw3\call of duty modern warfare 3\iw5sp.exe" = protocol=17 | dir=in | app=f:\aaaaaaaaaa\cod mw3\call of duty modern warfare 3\iw5sp.exe | 
"UDP Query User{8F9266AF-F992-4430-9859-A1F54CD300B3}D:\program files\common files\lsmass.exe" = protocol=17 | dir=in | app=d:\program files\common files\lsmass.exe | 
"UDP Query User{957A5947-ADDF-4DF9-A2FD-C53FB25A010E}D:\program files\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=d:\program files\pando networks\media booster\pmb.exe | 
"UDP Query User{967BB62F-826D-4822-836C-6E92F58FC0BF}D:\program files\steam\steam.exe" = protocol=17 | dir=in | app=d:\program files\steam\steam.exe | 
"UDP Query User{A9E2C40B-2ACC-4DD9-83AB-F5D2DE63ADB1}D:\program files\sony\vegas pro 11.0\vegas110.exe" = protocol=17 | dir=in | app=d:\program files\sony\vegas pro 11.0\vegas110.exe | 
"UDP Query User{ACD6DB40-A95B-428C-B5FC-BEEE8A4A96B7}D:\users\leonhard\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=d:\users\leonhard\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{B594F158-445C-4E76-9C57-526E93D48957}D:\program files\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=d:\program files\pando networks\media booster\pmb.exe | 
"UDP Query User{CA06EB6B-7630-45BB-AEA3-DB24F5C98778}D:\users\leonhard\downloads\utorrent.exe" = protocol=17 | dir=in | app=d:\users\leonhard\downloads\utorrent.exe | 
"UDP Query User{D0AE43DF-3F4C-47F8-A885-13E70DAE1210}D:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"UDP Query User{D6E6B6FC-3766-4787-A752-9C9F64339D46}D:\users\leonhard\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=d:\users\leonhard\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{DBC185DE-C29A-4A41-AF31-932356020E1E}I:\aaaaaaaaaa\cod mw3\call of duty modern warfare 3\iw5mp.exe" = protocol=17 | dir=in | app=i:\aaaaaaaaaa\cod mw3\call of duty modern warfare 3\iw5mp.exe | 
"UDP Query User{DC38BB98-DC16-4587-9C59-85FE344BC50C}F:\aaaaaaaaaa\activision\call of duty - world at war\codwaw lanfixed.exe" = protocol=17 | dir=in | app=f:\aaaaaaaaaa\activision\call of duty - world at war\codwaw lanfixed.exe | 
"UDP Query User{E854256A-E104-43C3-BA60-1F22E8DBA3C6}D:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=d:\program files\skype\phone\skype.exe | 
"UDP Query User{E9A2269E-EF5F-4F97-AA5A-B7A84283DF21}D:\program files\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=d:\program files\lolreplay\lolreplay.exe | 
"UDP Query User{EA82A464-1321-489D-A068-9F874BB1DF77}D:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0FF3D021-5ED4-11E1-8FD8-F04DA23A5C58}" = Vegas Pro 11.0
"{10F19A25-A5FE-1334-1A48-C37032A08208}" = AMD VISION Engine Control Center
"{147894EE-5ED4-11E1-A8FF-F04DA23A5C58}" = MSVCRT Redists
"{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18246ED0-1970-9D8C-EB0F-2BF4962327DD}" = CCC Help French
"{189B9ACF-DBA6-4F52-8726-2E11049FB1F7}" = HydraVision
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1B5C78D9-CC19-C054-F6D2-9E0650E969F3}" = AMD AVIVO Codecs
"{1DA27F36-93EB-E82F-2DA3-48F13C0153CD}" = Catalyst Control Center InstallProxy
"{20E7BC40-33F6-4A81-9D52-B58349326206}" = Bcool
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29D07EFD-7573-9A5F-1A74-4FB4B9184730}" = CCC Help Swedish
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2EF17083-57D4-4D64-AE4F-55F32A2C4571}" = Codecv
"{3626DA21-09B2-C64E-7CC8-674EEFBCDB53}" = CCC Help Norwegian
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" = NETGEAR WNDA3100v2 wireless USB 2.0 adapter
"{400F6E99-D662-2C80-F973-EFE51F7E8689}" = CCC Help Dutch
"{40579567-65A8-C644-805D-AE6FB1FAADA9}" = AMD Catalyst Install Manager
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4653DA78-3DB2-4F38-A35D-675CA0AF49CA}" = ArcSoft ShowBiz
"{46F2587F-284F-AAD9-160B-C6238143B0B9}" = CCC Help Russian
"{48B36F68-31CB-9B23-355C-A456D2E557E5}" = CCC Help Chinese Traditional
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57BC1FEB-421D-469C-B07B-C8095596A224}" = XLink Kai
"{5B58EF61-85F2-4977-97A5-84C19F926579}" = SweetPacks Toolbar for Internet Explorer 4.5
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62887984-9C88-85E5-E530-E7763F7B855A}" = CCC Help Turkish
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{694C704F-36C6-579C-5760-4BC5939D5734}" = CCC Help Spanish
"{6A8ABAA6-00B4-FABD-CA82-DEDB3513B927}" = CCC Help Korean
"{6BBA932D-07C3-161B-C862-9568C57DE229}" = CCC Help Thai
"{6C0577F8-1A75-2CE8-C3EA-33076BCEA75E}" = CCC Help Polish
"{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D9D8134-9FA3-4FFF-ADA1-BF609F29997A}_is1" = Cinema 4D version R12
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84C19F04-6DA8-7E5C-273E-647B49DC2C6C}" = CCC Help Chinese Standard
"{86931FD7-C385-1EA1-628E-4CE1ED572B28}" = CCC Help Italian
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98DEB421-373E-50D1-2497-FF43E8F10C34}" = AMD Drag and Drop Transcoding
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B754908E-3C3A-893A-1C91-03FBA7D9C513}" = CCC Help Finnish
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C2F5DEC2-F0E7-0E88-FCF8-22671AAA26A3}" = Catalyst Control Center Localization All
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"{C4D6CF2F-4497-07B3-9748-66F5EDB3CAD0}" = CCC Help English
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CABD1746-37AE-BCF8-DC84-4FECAF6D54B7}" = CCC Help Czech
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D33C9F5F-D419-9023-A3D4-37270795321E}" = AMD Fuel
"{D6C67506-3B4E-C2F0-C3E1-3429BD30AB44}" = CCC Help Japanese
"{D886BB13-35A9-4BC8-501F-59E6FDA3D77C}" = CCC Help Portuguese
"{DC99E31C-B2F1-0B4B-5FE3-C3288FE1ED35}" = Catalyst Control Center Graphics Previews Common
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{DE0A5F59-BF33-C7AA-4085-14156F364B09}" = CCC Help Greek
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E09A814D-1713-A0C5-D301-5D92C59942A2}" = CCC Help German
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EE77405A-E228-9170-7C52-ED91905AC876}" = ccc-utility
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F00D2A31-91A7-E202-7D88-18244EB03926}" = CCC Help Danish
"{F1611587-EA33-4B20-BDFD-58EAD0A080BA}" = Magic Bullet Suite 32-bit
"{F19FCD9C-41D7-E1D8-A6BC-323965C89E4F}" = CCC Help Hungarian
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FCED93CA-D124-E9A6-500C-5DBFD284FB67}" = AMD Media Foundation Decoders
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"5513-1208-7298-9440" = JDownloader 0.9
"6F64DF2E-3B8E-41DB-89E4-75BD3F370CDE_is1" = Cracked Steam
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Akamai" = Akamai NetSession Interface Service
"Astroburn Lite" = Astroburn Lite
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"BabylonToolbar" = Babylon toolbar on IE
"Call of Duty Modern Warfare 3 (c) Activision_is1" = Call of Duty Modern Warfare 3 (c) Activision version 1
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Lite" = DAEMON Tools Lite
"DarkSteam" = DarkSteam
"DivX Setup" = DivX-Setup
"Fraps" = Fraps (remove only)
"Google Chrome" = Google Chrome
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"iLivid" = iLivid
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallShield_{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{F1611587-EA33-4B20-BDFD-58EAD0A080BA}" = Magic Bullet Suite 32-bit
"LOLReplay" = LOLReplay
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NSS" = Norton Security Scan
"PacSteamT" = PacSteamT
"PaintToolSAI" = PaintTool SAI Ver.1
"PowerISO" = PowerISO
"Steam App 23360" = FINAL FANTASY XI
"Steam App 32120" = Chainz 2: Relinked
"Steam App 32440" = Lego Star Wars Saga
"Steam App 32510" = Lego Star Wars 3: The Clone Wars
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 47850" = FIFA Manager 11
"Steam App 91310" = Dead Island
"Steam App 99830" = Crysis 2
"TuneUpMedia" = TuneUp Companion 2.4.2
"Tunngle beta_is1" = Tunngle beta
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"VoipBuster_is1" = VoipBuster
"WinRAR archiver" = WinRAR 4.11 (32-bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1111964327-4217363313-2070244455-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
 
========== Last 10 Event Log Errors ==========
 
Error: Unable to start EventLog service!
 
< End of report >
         
--- --- ---

Alt 02.08.2012, 01:07   #10
ServerCrash
 
Cyber Criminal Investigation Department Virus/Trojaner - Standard

Cyber Criminal Investigation Department Virus/Trojaner



sorry doppelt gepostet *editiert*

Alt 02.08.2012, 01:15   #11
markusg
/// Malware-holic
 
Cyber Criminal Investigation Department Virus/Trojaner - Standard

Cyber Criminal Investigation Department Virus/Trojaner



dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
PRC - D:\Users\Momo\AppData\Roaming\Microsoft\Windows\Drivers\Drivers.exe (Microsoft Corp.)
PRC - D:\Users\Momo\AppData\Roaming\Microsoft\Windows\Java\Runtime.exe (Microsoft Corp.)
PRC - D:\Users\Momo\AppData\Local\wscntfy.exe (Test3)
O4 - HKLM..\Run: [Windows Audio Device Graph Isolation] D:\Users\Leonhard\AppData\Roaming\Microsoft\Windows\Templates\audiodh.exe (Microsoft® Windows®
Operating System)
O4 - HKLM..\Run: [Windows-Audio Driver] D:\ProgramData\wscntfy.exe (Test3)
O4 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002..\Run: [Adobe(R) Updater] D:\Users\Momo\AppData\Roaming\Microsoft\Windows\Drivers\Drivers.exe (Microsoft
Corp.)
O4 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002..\Run: [Java(TM)Runtime] D:\Users\Momo\AppData\Roaming\Microsoft\Windows\Java\Runtime.exe (Microsoft
Corp.)
O4 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002..\Run: [Windows Audio Device Graph Isolation] D:\Users\Momo\AppData\Roaming\Microsoft\Windows\Templates\audiodh.exe
(Microsoft® Windows® Operating System)
O4 - HKU\S-1-5-21-1111964327-4217363313-2070244455-1002..\Run: [Windows-Audio Driver] D:\Users\Momo\AppData\Local\wscntfy.exe (Test3)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Windows-Network Component = D:\Program Files\Common Files\lsmass.exe (Test3)
O20 - HKLM Winlogon: UserInit - (D:\Users\Leonhard\AppData\Roaming\Microsoft\Windows\Drivers\Drivers.exe) - D:\Users\Leonhard\AppData\Roaming\Microsoft\Windows\Drivers\Drivers.exe
(Microsoft Corp.)
O20 - HKLM Winlogon: UserInit - (D:\Users\Leonhard\AppData\Roaming\Microsoft\Windows\Java\Runtime.exe) - D:\Users\Leonhard\AppData\Roaming\Microsoft\Windows\Java\Runtime.exe
(Microsoft Corp.)
ActiveX: {1dfddf0d-6a31-11e1-8cbd-806e6f6e6963} - D:\ProgramData\wscntfy.exe -r
ActiveX: {9E090F62-4FE1-F6FB-971E-AC3ABBCEFA15} - D:\ProgramData\wscntfy.exe -r
 :Files
D:\Users\Momo\AppData\Roaming\Microsoft\Windows\Drivers\Drivers.exe
D:\Users\Momo\AppData\Roaming\Microsoft\Windows\Java\Runtime.exe
D:\Users\Momo\AppData\Local\wscntfy.exe
D:\Program Files\Common Files\lsmass.exe
:Commands
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

für eine weitere analyse benötige ich mal folgendes.
D:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache
dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte
Trojaner-Board Upload Channel
wenn dies erledigt ist, bittemelden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.08.2012, 13:41   #12
ServerCrash
 
Cyber Criminal Investigation Department Virus/Trojaner - Standard

Cyber Criminal Investigation Department Virus/Trojaner



========== OTL ==========
Process Drivers.exe killed successfully!
Process Runtime.exe killed successfully!
Process wscntfy.exe killed successfully!
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Audio Device Graph Isolation scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
D:\Users\Leonhard\AppData\Roaming\Microsoft\Windows\Templates\audiodh.exe moved successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Windows-Audio Driver scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
File move failed. D:\ProgramData\wscntfy.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-1111964327-4217363313-2070244455-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe(R) Updater deleted successfully.
D:\Users\Momo\AppData\Roaming\Microsoft\Windows\Drivers\Drivers.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1111964327-4217363313-2070244455-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Java(TM)Runtime deleted successfully.
D:\Users\Momo\AppData\Roaming\Microsoft\Windows\Java\Runtime.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1111964327-4217363313-2070244455-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Audio Device Graph Isolation deleted successfully.
D:\Users\Momo\AppData\Roaming\Microsoft\Windows\Templates\audiodh.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1111964327-4217363313-2070244455-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Windows-Audio Driver deleted successfully.
D:\Users\Momo\AppData\Local\wscntfy.exe moved successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Windows-Network Component scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
File move failed. D:\Programme\Common Files\lsmass.exe scheduled to be moved on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:\Users\Leonhard\AppData\Roaming\Microsoft\Windows\Drivers\Drivers.exe scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
D:\Users\Leonhard\AppData\Roaming\Microsoft\Windows\Drivers\Drivers.exe moved successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:\Users\Leonhard\AppData\Roaming\Microsoft\Windows\Java\Runtime.exe scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
D:\Users\Leonhard\AppData\Roaming\Microsoft\Windows\Java\Runtime.exe moved successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1dfddf0d-6a31-11e1-8cbd-806e6f6e6963}\ scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1dfddf0d-6a31-11e1-8cbd-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{1dfddf0d-6a31-11e1-8cbd-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1dfddf0d-6a31-11e1-8cbd-806e6f6e6963}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9E090F62-4FE1-F6FB-971E-AC3ABBCEFA15}\ scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E090F62-4FE1-F6FB-971E-AC3ABBCEFA15}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{9E090F62-4FE1-F6FB-971E-AC3ABBCEFA15}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E090F62-4FE1-F6FB-971E-AC3ABBCEFA15}\ not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.55.0 log created on 08022012_132950


Ich hoffe das ist das richtige Dokument

PS: Das "MovedFiles.rar" hab ich schon hochgeladen^^

Falls du den Namen brauchst, es heißt "MovedFiles.rar_1"

Geändert von ServerCrash (02.08.2012 um 13:46 Uhr)

Alt 02.08.2012, 14:17   #13
markusg
/// Malware-holic
 
Cyber Criminal Investigation Department Virus/Trojaner - Standard

Cyber Criminal Investigation Department Virus/Trojaner



danke, bitte noch den cache ordner hochladen im upload channel
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.08.2012, 14:49   #14
ServerCrash
 
Cyber Criminal Investigation Department Virus/Trojaner - Standard

Cyber Criminal Investigation Department Virus/Trojaner



welchen Cache-Ordner?
weiß nicht was du meinst sorry^^
wo ist der zu finden?

Alt 02.08.2012, 15:26   #15
markusg
/// Malware-holic
 
Cyber Criminal Investigation Department Virus/Trojaner - Standard

Cyber Criminal Investigation Department Virus/Trojaner



für eine weitere analyse benötige ich mal folgendes.
D:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache
dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte
Trojaner-Board Upload Channel
wenn dies erledigt ist, bittemelden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Cyber Criminal Investigation Department Virus/Trojaner
anhang, babylon toolbar, babylontoolbar, codecv, cyber, department, drücke, englisch, extras.txt, gefunde, hoffe, hänge, investigation, langs, otl.txt, plug-in, polizei, poweriso, scan, schonmal, search the web, sweetim, sweetpacks, troja, trojaner, virus/trojaner, weiterhelfen, wisst, zwischen



Ähnliche Themen: Cyber Criminal Investigation Department Virus/Trojaner


  1. Cyber Crime Investigation Department trojaner
    Mülltonne - 01.11.2014 (1)
  2. Cyber crime investigation department - Trojaner
    Log-Analyse und Auswertung - 13.01.2013 (13)
  3. polizei cyber crime investigation department trojaner
    Log-Analyse und Auswertung - 23.12.2012 (14)
  4. Cyber Crime Investigation Department Virus
    Plagegeister aller Art und deren Bekämpfung - 28.10.2012 (12)
  5. cyber crime investigation department österreich - virus?
    Log-Analyse und Auswertung - 24.10.2012 (2)
  6. Cyber Crime Investigation Department-Trojaner
    Log-Analyse und Auswertung - 24.10.2012 (19)
  7. Cyber Crime Investigation Department Virus
    Log-Analyse und Auswertung - 23.10.2012 (4)
  8. Polizei Virus - Cyber Crime Investigation Department
    Log-Analyse und Auswertung - 09.10.2012 (28)
  9. Cyber Crime Investigation Department Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (13)
  10. Trojaner - Cyber Crime Investigation Department
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (12)
  11. Trojaner: Cyber crime investigation department
    Plagegeister aller Art und deren Bekämpfung - 24.09.2012 (7)
  12. Trojaner: cyber crime investigation department
    Log-Analyse und Auswertung - 19.09.2012 (10)
  13. Cyber Crime Investigation Department Trojaner
    Log-Analyse und Auswertung - 06.09.2012 (12)
  14. Cyber Crime Investigation Department Virus
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (10)
  15. Cyber Crime Investigation Department Virus
    Plagegeister aller Art und deren Bekämpfung - 03.09.2012 (5)
  16. Cyber Crime Investigation Department Trojaner
    Log-Analyse und Auswertung - 02.09.2012 (11)
  17. Bitte um Hilfe gegen Virus cyber crime investigation department österreich
    Plagegeister aller Art und deren Bekämpfung - 02.09.2012 (11)

Zum Thema Cyber Criminal Investigation Department Virus/Trojaner - Ich habe einen Trojaner auf meinem PC einen "Polizei"-Virus da steht ich muss 100€ bezahlen. Ich WEIß, dass es ein Virus/Trojaner ist, aber ich habe im Internet sonst nichts gefunden - Cyber Criminal Investigation Department Virus/Trojaner...
Archiv
Du betrachtest: Cyber Criminal Investigation Department Virus/Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.