Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojaner: cyber crime investigation department

Trojaner: cyber crime investigation department


Log-Analyse und Auswertung: Trojaner: cyber crime investigation department

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 18.09.2012, 14:18   #1
normalootto
 
Trojaner: cyber crime investigation department - Standard

Trojaner: cyber crime investigation department


Hallo!

Ich habe mir den Trojaner eingefangen, bei dem eine Seite erscheint, dass man gegen irgendwelche Gesetze verstoßen hätte und man 100€ zahlen muss. Dabei ist kein Zugriff auf den Laptop möglich.

Ich habe bereits mit spyware versucht das Problem zu lösen, hat aber nicht geklappt.

Deshalb hier also die gewünschten txt-Dateien.

Danke schon mal für die Hilfe!


Hier die OTL (Ich hoffe, dass das in dieser Form so passt):

OTL logfile created on: 18.09.2012 14:18:43 - Run 1
OTL by OldTimer - Version 3.2.63.0 Folder = C:\Users\Tina\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

1014,12 Mb Total Physical Memory | 518,73 Mb Available Physical Memory | 51,15% Memory free
1,99 Gb Paging File | 1,54 Gb Available in Paging File | 77,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93,06 Gb Total Space | 34,04 Gb Free Space | 36,57% Space Free | Partition Type: NTFS

Computer Name: TINA-PC | User Name: Tina | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.09.18 14:04:50 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.exe
PRC - [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2010.06.19 23:22:42 | 000,016,832 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Users\Tina\Desktop\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc)
SRV - [2012.07.26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.12.16 04:40:00 | 002,368,912 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Stopped] -- C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.11.16 15:37:38 | 000,264,704 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010.05.24 17:30:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009.11.06 10:20:16 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007.01.11 13:20:56 | 000,202,360 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2006.11.13 14:11:54 | 000,136,736 | ---- | M] (Infineon Technologies AG) [Auto | Stopped] -- C:\Windows\System32\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Tina\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - [2012.06.28 17:36:14 | 000,073,216 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\WibuKey.sys -- (WIBUKEY)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.12.19 10:52:19 | 000,208,896 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2011.12.19 10:52:19 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011.12.19 10:52:19 | 000,072,576 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011.12.19 10:52:18 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2008.10.27 14:57:28 | 000,077,824 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007.08.03 06:36:10 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007.03.07 03:08:46 | 002,595,840 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32)
DRV - [2007.01.26 21:55:32 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2007.01.26 21:55:26 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2007.01.26 21:55:08 | 000,069,168 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SI3112.sys -- (SI3112)
DRV - [2006.10.19 18:19:08 | 000,010,216 | R--- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2006.10.12 20:37:14 | 000,038,952 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2006.09.19 15:58:58 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2005.12.29 17:33:40 | 000,235,008 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbvm321.sys -- (usbvm321)
DRV - [2002.11.28 21:23:24 | 000,039,048 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IcdUsb2.sys -- (ICDUSB2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B6 22 20 AA 28 68 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://findgala.com/?&uid=3127&q={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=113480&tt=090812_clr_3212_3&babsrc=SP_ss&mntrId=f4d138ff0000000000000002c780c560
IE - HKCU\..\SearchScopes\{297B1E78-84E8-4382-97AC-7EE5027551CE}: "URL" = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 49
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:6.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:6.2
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10397&locale=de_AT&apn_uid=c5b06da4-b2c8-41a0-9647-5a0499614ad4&apn_ptnrs=%5EABV&apn_sauid=34B18C2F-395B-4542-86B9-ADF271FA5D09&apn_dtid=%5EYYYYYY%5EYY%5EAT&&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.10 14:37:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.10 14:37:43 | 000,000,000 | ---D | M]

[2009.11.18 11:02:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Extensions
[2012.08.27 10:34:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\3d1mk27p.default\extensions
[2009.11.18 11:03:27 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\3d1mk27p.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012.08.03 15:50:05 | 000,001,210 | ---- | M] () -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\3d1mk27p.default\searchplugins\search.xml
[2012.08.10 14:37:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.11 16:13:18 | 000,006,531 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [Regedit32] C:\Windows\system32\regedit.exe File not found
O4 - Startup: C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C8B73157-8752-429E-A465-3F361C76AE89} https://shop.hofer-fotos-druck.at/shop/activex/aldi_at_express_upload.cab (AldiAtActiveFormX Element)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1330879B-1724-4B65-8809-1AE435FDB3FE}: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FE05107-31EB-44EE-A210-A2A792311E74}: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE21E4DC-9B7C-453E-AFC3-89B50A18E8E1}: NameServer = 194.24.128.100 81.3.216.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCE8F952-8A56-4EC5-BD76-49D70508313D}: DhcpNameServer = 212.186.211.21 195.34.133.21
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{441854db-2a1e-11e1-b2ba-00014a9dfd75}\Shell - "" = AutoRun
O33 - MountPoints2\{441854db-2a1e-11e1-b2ba-00014a9dfd75}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{441854e9-2a1e-11e1-b2ba-00014a9dfd75}\Shell - "" = AutoRun
O33 - MountPoints2\{441854e9-2a1e-11e1-b2ba-00014a9dfd75}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.09.18 14:17:05 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.exe
[2012.09.15 18:15:11 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\Krems. Kahlenberg, Garten mit Hugo, Christa & Tante Resi
[2012.08.30 10:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.08.30 10:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.08.30 10:20:37 | 000,000,000 | R--D | C] -- C:\Program Files\Skype

========== Files - Modified Within 30 Days ==========

[2012.09.18 14:18:20 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.18 14:18:20 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.18 14:18:20 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.18 14:18:20 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.18 14:17:50 | 000,000,000 | ---- | M] () -- C:\Users\Tina\defogger_reenable
[2012.09.18 14:14:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.18 14:14:00 | 797,532,160 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.18 14:05:52 | 000,302,592 | ---- | M] () -- C:\Users\Tina\Desktop\qwg37ikj.exe
[2012.09.18 14:04:50 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.exe
[2012.09.18 14:03:40 | 000,050,477 | ---- | M] () -- C:\Users\Tina\Desktop\Defogger.exe
[2012.09.18 13:52:56 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.18 13:52:56 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.18 13:52:42 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.18 11:40:46 | 000,001,321 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Netzwerk Server.lnk
[2012.09.12 13:06:11 | 000,001,893 | ---- | M] () -- C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.30 10:20:38 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.08.23 11:05:15 | 002,279,936 | ---- | M] () -- C:\Users\Tina\Desktop\Scrap.shs

========== Files Created - No Company Name ==========

[2012.09.18 14:17:50 | 000,000,000 | ---- | C] () -- C:\Users\Tina\defogger_reenable
[2012.09.18 14:17:08 | 000,050,477 | ---- | C] () -- C:\Users\Tina\Desktop\Defogger.exe
[2012.09.18 14:17:02 | 000,302,592 | ---- | C] () -- C:\Users\Tina\Desktop\qwg37ikj.exe
[2012.09.12 13:06:11 | 000,001,893 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.09.12 13:05:47 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.08.30 10:20:38 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.08.23 11:04:17 | 002,279,936 | ---- | C] () -- C:\Users\Tina\Desktop\Scrap.shs
[2012.08.02 13:43:52 | 000,003,584 | ---- | C] () -- C:\Users\Tina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.28 17:38:25 | 000,057,552 | ---- | C] () -- C:\Windows\System32\WkDos.exe
[2011.07.25 12:16:56 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.07.25 12:14:44 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.11.07 20:30:14 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010.11.07 20:30:14 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010.11.07 20:30:14 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010.11.07 20:30:14 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010.11.07 20:30:14 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010.11.07 20:30:14 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010.11.07 20:30:14 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010.11.07 20:30:14 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010.11.07 20:30:14 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010.11.07 20:30:14 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010.11.07 20:30:14 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010.11.07 20:30:14 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010.11.07 20:30:14 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010.11.07 20:30:14 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010.11.07 20:30:14 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010.11.07 20:30:14 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010.11.07 20:30:14 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010.11.07 20:30:14 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010.11.07 20:30:14 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.11.07 20:29:21 | 000,065,793 | ---- | C] () -- C:\Windows\System32\esfw7c.bin
[2010.11.07 20:28:33 | 000,000,025 | ---- | C] () -- C:\Windows\CDE V500DEFGIPSRUk.ini
[2010.10.07 12:15:43 | 000,122,880 | ---- | C] () -- C:\Windows\System32\trc.dll
[2010.10.07 12:15:00 | 000,124,264 | R--- | C] () -- C:\Windows\System32\mp3dec.dll
[2010.10.07 12:15:00 | 000,010,600 | R--- | C] () -- C:\Windows\System32\IcdSptSvps.dll
[2010.10.07 12:14:59 | 000,081,920 | R--- | C] () -- C:\Windows\System32\dsp_trc.dll
[2010.09.27 11:43:40 | 000,074,220 | ---- | C] () -- C:\Windows\hpqins16.dat
[2010.04.26 21:03:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2011.11.17 07:38:39 | 000,002,048 | -HS- | M] () -- C:\Users\Tina\AppData\Local\{a3217515-756b-ada8-93d0-50547a381930}\@
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== LOP Check ==========

[2012.08.11 16:13:07 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Babylon
[2012.08.11 16:13:49 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\BabylonToolbar
[2012.09.17 15:28:49 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\BitTorrent
[2012.09.18 13:52:13 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Dropbox
[2010.11.07 20:38:02 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\EPSON
[2012.06.28 18:50:18 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Graphisoft
[2010.04.24 17:00:46 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Infineon
[2010.11.04 10:10:35 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

 

Themen zu Trojaner: cyber crime investigation department
adobe, antivir, autorun, avira, avira searchfree toolbar, bho, crime, defender, explorer, firefox, format, google, logfile, netzwerk, object, opera, pdfforge toolbar, plug-in, problem, programme, registry, scan, senden, software, spyware, temp, trojaner, windows


« Avast meldet 3 Archivbomben | Trojan.0Access / Trojan.Sirefef / TR/Crypt.XPACK.Gen »


Ähnliche Themen: Trojaner: cyber crime investigation department


  1. Cyber Crime Investigation Department Cyber Crime Investigation Department
    Plagegeister aller Art und deren Bekämpfung - 02.11.2014 (3)
  2. Cyber Crime Investigation Department trojaner
    Mülltonne - 01.11.2014 (1)
  3. Cyber crime investigation department - Trojaner
    Log-Analyse und Auswertung - 13.01.2013 (13)
  4. polizei cyber crime investigation department trojaner
    Log-Analyse und Auswertung - 23.12.2012 (14)
  5. Cyber Crime Investigation Department
    Plagegeister aller Art und deren Bekämpfung - 16.12.2012 (2)
  6. Cyber Crime Investigation Department
    Log-Analyse und Auswertung - 13.11.2012 (11)
  7. Cyber Crime Investigation Department - OTL-txt
    Log-Analyse und Auswertung - 24.10.2012 (13)
  8. Cyber Crime Investigation Department-Trojaner
    Log-Analyse und Auswertung - 24.10.2012 (19)
  9. Cyber Crime Investigation Department Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (13)
  10. cyber crime investigation department
    Plagegeister aller Art und deren Bekämpfung - 04.10.2012 (16)
  11. Trojaner - Cyber Crime Investigation Department
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (12)
  12. Trojaner: Cyber crime investigation department
    Plagegeister aller Art und deren Bekämpfung - 24.09.2012 (7)
  13. Trojaner - Cyber Crime Investigation Department Österreich
    Log-Analyse und Auswertung - 17.09.2012 (12)
  14. Cyber Crime Investigation Department Österreich - Trojaner
    Log-Analyse und Auswertung - 15.09.2012 (34)
  15. Cyber Crime Investigation Department Trojaner
    Log-Analyse und Auswertung - 06.09.2012 (12)
  16. Cyber Crime Investigation Department Trojaner
    Log-Analyse und Auswertung - 02.09.2012 (11)
  17. Cyber Crime Investigation Department
    Plagegeister aller Art und deren Bekämpfung - 31.08.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner: cyber crime investigation department - Hallo! Ich habe mir den Trojaner eingefangen, bei dem eine Seite erscheint, dass man gegen irgendwelche Gesetze verstoßen hätte und man 100€ zahlen muss. Dabei ist kein Zugriff auf den - Trojaner: cyber crime investigation department...
Archiv
Du betrachtest: Trojaner: cyber crime investigation department auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19