| |
| |||||||
Log-Analyse und Auswertung: Cyber Crime Investigation Department VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
01.09.2012, 16:42
| #1 |
| |  Cyber Crime Investigation Department Virus Hallo, meinen bruder hat es auch mit dem Virus erwischt. Bitte um hilfe. Ich habe sein System mit OTLPENet.exe gescannt und das is das Ergebnis OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 9/1/2012 6:27:15 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.86 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 119.24 Gb Total Space | 17.68 Gb Free Space | 14.82% Space Free | Partition Type: NTFS
Drive E: | 931.41 Gb Total Space | 702.57 Gb Free Space | 75.43% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/06/03 20:41:40 | 000,216,080 | ---- | M] (Nitro PDF Software) [Auto] -- D:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2011/12/02 23:18:12 | 000,204,288 | ---- | M] (AMD) [Auto] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/29 01:34:34 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/24 10:25:11 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand] -- D:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/16 10:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto] -- D:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/07/03 07:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/05/14 11:48:57 | 000,076,888 | ---- | M] () [Auto] -- D:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/05/01 19:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/01 18:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/03/07 22:23:00 | 004,109,472 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- D:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2011/02/22 06:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011/02/22 06:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 07:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/19 12:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto] -- D:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/07/03 07:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/05/02 09:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/04/27 04:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/04/24 18:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/12/03 01:51:40 | 010,588,160 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/12/02 22:22:06 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/07/28 23:40:57 | 000,079,104 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand] -- D:\Windows\System32\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/07/28 23:40:56 | 000,056,960 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand] -- D:\Windows\System32\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/04/21 14:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/14 23:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2009/11/17 19:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/03/18 10:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/01/17 10:51:44 | 000,018,816 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Lycosa.sys -- (Lycosa)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Martin_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\Martin_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKU\Martin_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 95 A0 48 B9 38 88 CD 01 [binary data]
IE - HKU\Martin_ON_D\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - Reg Error: Key error. File not found
IE - HKU\Martin_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Martin_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_4_402_265.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: D:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.122.0: D:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: D:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: D:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nitropdf.com/NitroPDF: D:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: D:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/31 04:57:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012/06/19 15:00:54 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/31 04:57:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/20 21:54:08 | 000,001,392 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/08/31 04:57:02 | 000,002,465 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/20 21:54:08 | 000,001,153 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/04/20 21:54:08 | 000,006,805 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/04/20 21:54:08 | 000,001,178 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/04/20 21:54:08 | 000,001,105 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - D:\Program Files (x86)\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - D:\Program Files (x86)\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] D:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Razer Imperator Driver] D:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [StartCCC] D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] D:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Martin_ON_D..\Run: [AdobeBridge] File not found
O4 - HKU\Martin_ON_D..\Run: [Akamai NetSession Interface] File not found
O4 - HKU\Martin_ON_D..\Run: [RocketDock] D:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.153.32.129 213.153.32.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/09/01 08:10:26 | 000,000,000 | ---D | C] -- D:\Users\Martin\AppData\Roaming\Malwarebytes
[2012/09/01 08:09:56 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/01 08:09:55 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- D:\Windows\System32\drivers\mbam.sys
[2012/09/01 08:09:55 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/01 08:09:55 | 000,000,000 | ---D | C] -- D:\ProgramData\Malwarebytes
[2012/09/01 08:09:19 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- D:\Users\Martin\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/29 13:09:00 | 000,000,000 | ---D | C] -- D:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ATI Tray Tools
[2012/08/29 12:52:04 | 000,000,000 | ---D | C] -- D:\Users\Martin\AppData\Roaming\atitray
[2012/08/29 12:52:01 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Ray Adams
[2012/08/21 06:24:01 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\Java
[2012/08/21 06:23:53 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Oracle
[2012/08/21 06:23:47 | 000,227,760 | ---- | C] (Oracle Corporation) -- D:\Windows\SysWow64\javaws.exe
[2012/08/21 06:23:45 | 000,174,064 | ---- | C] (Oracle Corporation) -- D:\Windows\SysWow64\javaw.exe
[2012/08/21 06:23:45 | 000,174,064 | ---- | C] (Oracle Corporation) -- D:\Windows\SysWow64\java.exe
[2012/08/21 06:23:42 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Java
[2012/08/20 13:53:38 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2
[2012/08/20 13:53:37 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Cheat Engine 6.2
[2012/08/20 05:42:04 | 000,000,000 | ---D | C] -- D:\Users\Martin\Documents\ArmA 2 Other Profiles
[2012/08/15 21:01:10 | 000,237,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2012/08/15 21:01:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\url.dll
[2012/08/15 21:01:10 | 000,096,768 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmled.dll
[2012/08/15 21:01:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmled.dll
[2012/08/15 21:01:09 | 002,312,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2012/08/15 21:01:09 | 001,494,528 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
[2012/08/15 21:01:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\inetcpl.cpl
[2012/08/15 21:01:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2012/08/15 21:01:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll
[2012/08/15 21:01:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieUnatt.exe
[2012/08/15 21:01:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieUnatt.exe
[2012/08/15 21:01:08 | 001,800,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript9.dll
[2012/08/15 21:01:08 | 000,816,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll
[2012/08/15 21:01:08 | 000,717,824 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript.dll
[2012/08/15 19:44:36 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
[2012/08/15 15:52:43 | 000,000,000 | ---D | C] -- D:\Users\Martin\AppData\Local\SIX_Projects
[2012/08/15 15:43:27 | 000,000,000 | ---D | C] -- D:\Users\Martin\AppData\Roaming\six-updater
[2012/08/15 15:43:21 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Six Projects
[2012/08/15 03:19:21 | 000,751,104 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\win32spl.dll
[2012/08/15 03:19:21 | 000,503,808 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\srcore.dll
[2012/08/15 03:19:20 | 000,956,928 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\localspl.dll
[2012/08/15 03:19:20 | 000,492,032 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\win32spl.dll
[2012/08/15 03:19:20 | 000,073,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\netapi32.dll
[2012/08/15 03:19:20 | 000,067,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\splwow64.exe
[2012/08/15 03:19:20 | 000,059,392 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\browcli.dll
[2012/08/15 03:19:20 | 000,041,984 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\browcli.dll
[2012/08/14 07:44:35 | 000,000,000 | ---D | C] -- D:\ProgramData\TERA
[2012/08/11 20:18:58 | 000,000,000 | ---D | C] -- D:\Users\Martin\Desktop\Plugins
[2012/08/11 19:57:31 | 000,000,000 | ---D | C] -- D:\Users\Martin\Desktop\Welten
[2012/08/10 14:22:22 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/08/09 07:39:38 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012/08/06 16:15:09 | 000,000,000 | ---D | C] -- D:\Users\Martin\AppData\Local\mcpatcher
[2012/08/06 15:32:43 | 000,000,000 | ---D | C] -- D:\Users\Martin\Desktop\Bukkit
========== Files - Modified Within 30 Days ==========
[2012/09/01 11:16:44 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/09/01 11:16:09 | 004,503,728 | ---- | M] () -- D:\ProgramData\nud0repor.pad
[2012/09/01 11:08:41 | 000,022,080 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/01 11:08:41 | 000,022,080 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/01 11:01:51 | 000,001,106 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/01 11:01:28 | 2078,801,919 | -HS- | M] () -- D:\hiberfil.sys
[2012/09/01 08:42:00 | 000,001,110 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/01 08:24:00 | 000,000,884 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/01 08:09:56 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/01 08:06:24 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- D:\Users\Martin\Desktop\mbam-setup-1.62.0.1300.exe
[2012/09/01 07:55:46 | 000,001,889 | ---- | M] () -- D:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/08/29 01:34:34 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/29 01:34:34 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/28 06:15:29 | 000,283,304 | ---- | M] () -- D:\Windows\SysWow64\PnkBstrB.xtr
[2012/08/28 06:15:29 | 000,283,304 | ---- | M] () -- D:\Windows\SysWow64\PnkBstrB.exe
[2012/08/26 14:27:28 | 000,283,304 | ---- | M] () -- D:\Windows\SysWow64\PnkBstrB.ex0
[2012/08/23 09:47:32 | 000,001,528 | ---- | M] () -- D:\Users\Martin\Desktop\DayZ.lnk
[2012/08/21 06:23:42 | 000,174,064 | ---- | M] (Oracle Corporation) -- D:\Windows\SysWow64\javaw.exe
[2012/08/21 06:23:42 | 000,174,064 | ---- | M] (Oracle Corporation) -- D:\Windows\SysWow64\java.exe
[2012/08/20 13:53:38 | 000,001,089 | ---- | M] () -- D:\Users\Martin\Desktop\Cheat Engine.lnk
[2012/08/20 13:53:38 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2
[2012/08/16 02:48:54 | 000,000,000 | ---- | M] () -- D:\Users\Martin\Documents\ts3_clientui-win64-1343657352-2012-08-16 08_48_54.241368.dmp
[2012/08/15 21:17:33 | 005,036,904 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2012/08/15 19:44:36 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
[2012/08/15 15:43:21 | 000,002,573 | ---- | M] () -- D:\Users\Public\Desktop\Six Updater.lnk
[2012/08/15 15:43:21 | 000,002,573 | ---- | M] () -- D:\Users\Public\Desktop\Six Launcher.lnk
[2012/08/15 15:43:21 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Six Projects
[2012/08/15 13:35:00 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/08/12 16:29:03 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\CraftBukkit
[2012/08/10 14:22:22 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/08/09 09:04:13 | 000,001,622 | ---- | M] () -- D:\Users\Public\Desktop\Bukkit Operator Panel.lnk
[2012/08/09 07:39:51 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2012/08/09 07:39:51 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012/08/06 16:58:21 | 001,624,358 | ---- | M] () -- D:\Users\Martin\Desktop\mcpatcher-2.4.1_01.exe
========== Files Created - No Company Name ==========
[2012/09/01 07:55:46 | 004,503,728 | ---- | C] () -- D:\ProgramData\nud0repor.pad
[2012/09/01 07:55:46 | 000,001,889 | ---- | C] () -- D:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/08/23 08:42:34 | 000,001,528 | ---- | C] () -- D:\Users\Martin\Desktop\DayZ.lnk
[2012/08/20 13:53:38 | 000,001,089 | ---- | C] () -- D:\Users\Martin\Desktop\Cheat Engine.lnk
[2012/08/16 02:48:54 | 000,000,000 | ---- | C] () -- D:\Users\Martin\Documents\ts3_clientui-win64-1343657352-2012-08-16 08_48_54.241368.dmp
[2012/08/15 15:43:21 | 000,002,573 | ---- | C] () -- D:\Users\Public\Desktop\Six Updater.lnk
[2012/08/15 15:43:21 | 000,002,573 | ---- | C] () -- D:\Users\Public\Desktop\Six Launcher.lnk
[2012/08/09 09:04:13 | 000,001,622 | ---- | C] () -- D:\Users\Public\Desktop\Bukkit Operator Panel.lnk
[2012/08/06 16:58:16 | 001,624,358 | ---- | C] () -- D:\Users\Martin\Desktop\mcpatcher-2.4.1_01.exe
[2012/06/01 07:51:41 | 001,589,442 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/14 11:42:03 | 000,283,304 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrB.exe
[2012/05/14 11:42:02 | 002,580,552 | ---- | C] () -- D:\Windows\SysWow64\pbsvc.exe
[2012/05/14 11:42:02 | 000,076,888 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrA.exe
[2012/05/01 14:10:35 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin
[2012/05/01 14:09:27 | 000,204,960 | ---- | C] () -- D:\Windows\SysWow64\ativvsvl.dat
[2012/05/01 14:09:27 | 000,157,152 | ---- | C] () -- D:\Windows\SysWow64\ativvsva.dat
[2012/05/01 14:09:27 | 000,003,917 | ---- | C] () -- D:\Windows\SysWow64\atipblag.dat
[2012/05/01 14:01:45 | 000,056,832 | ---- | C] () -- D:\Windows\SysWow64\igdde32.dll
[2012/05/01 14:01:44 | 013,359,616 | ---- | C] () -- D:\Windows\SysWow64\ig4icd32.dll
[2012/05/01 14:01:44 | 000,963,116 | ---- | C] () -- D:\Windows\SysWow64\igkrng600.bin
[2012/05/01 14:01:44 | 000,218,304 | ---- | C] () -- D:\Windows\SysWow64\igfcg600m.bin
[2012/05/01 14:01:44 | 000,145,804 | ---- | C] () -- D:\Windows\SysWow64\igcompkrng600.bin
[2011/12/02 22:28:12 | 000,069,632 | ---- | C] () -- D:\Windows\SysWow64\amdave32.dll
[2011/12/02 16:19:48 | 000,059,904 | ---- | C] () -- D:\Windows\SysWow64\OpenVideo.dll
[2011/12/02 16:19:36 | 000,054,784 | ---- | C] () -- D:\Windows\SysWow64\OVDecode.dll
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
========== LOP Check ==========
[2012/07/22 16:02:29 | 000,000,000 | ---D | M] -- D:\ProgramData\2DBoy
[2012/05/01 13:54:28 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2012/05/15 18:28:04 | 000,000,000 | ---D | M] -- D:\ProgramData\Battle.net
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2012/05/01 13:54:28 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2012/05/14 11:32:11 | 000,000,000 | ---D | M] -- D:\ProgramData\EA Core
[2012/05/14 15:00:12 | 000,000,000 | ---D | M] -- D:\ProgramData\EA Logs
[2012/05/14 11:32:13 | 000,000,000 | ---D | M] -- D:\ProgramData\Electronic Arts
[2012/05/15 11:32:15 | 000,000,000 | ---D | M] -- D:\ProgramData\EPSON
[2012/05/01 13:54:28 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2012/06/10 11:39:29 | 000,000,000 | ---D | M] -- D:\ProgramData\FileOpen
[2012/06/10 11:39:22 | 000,000,000 | ---D | M] -- D:\ProgramData\Nitro PDF
[2012/08/17 10:50:53 | 000,000,000 | ---D | M] -- D:\ProgramData\Origin
[2012/05/26 17:26:25 | 000,000,000 | ---D | M] -- D:\ProgramData\PACE Anti-Piracy
[2012/08/31 11:22:56 | 000,000,000 | ---D | M] -- D:\ProgramData\PMB Files
[2012/05/28 07:36:55 | 000,000,000 | ---D | M] -- D:\ProgramData\regid.1986-12.com.adobe
[2012/05/29 11:12:37 | 000,000,000 | ---D | M] -- D:\ProgramData\SplitMediaLabs
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2012/05/01 13:54:28 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2012/07/29 15:45:05 | 000,000,000 | ---D | M] -- D:\ProgramData\TechSmith
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2012/08/14 07:44:35 | 000,000,000 | ---D | M] -- D:\ProgramData\TERA
[2012/05/15 10:48:16 | 000,000,000 | ---D | M] -- D:\ProgramData\UDL
[2012/05/01 13:54:28 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2012/07/24 14:52:11 | 000,032,632 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 1241 bytes -> D:\Users\Martin\AppData\Local:45weHEocjinorlA2IdGY13
< End of report >
eine Extra.txt datei hat es bei ihm nicht erstellt. mfg Reborn |
| Themen zu Cyber Crime Investigation Department Virus |
| adobe, adobe flash player, akamai, antivir, autorun, avira, bho, crime, cyber crime, defender, desktop, error, explorer, firefox, flash player, format, google earth, helper, home, langs, launch, logfile, microsoft, opera, pdf, plug-in, realtek, registry, software, system, virus |
Baum-Darstellung