| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bundespolizei Trojaner - Ihr Computer wurde gesperrt! + OTL Fehler (The event log file is corrupted.)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.08.2012, 20:10
| #1 |
| |  Bundespolizei Trojaner - Ihr Computer wurde gesperrt! + OTL Fehler (The event log file is corrupted.) Hallo, auch ich bin nun diesem Trojaner zum Opfer gefallen. Hier der Malwarebytes-Log Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.21.09 Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking) Internet Explorer 8.0.6001.18702 bubbah :: BUBBAH-F8E574E1 [administrator] 21.08.2012 19:25:10 mbam-log-2012-08-21 (20-11-18).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 442858 Time elapsed: 45 minute(s), 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken. Folders Detected: 1 C:\nmr92.bin (Trojan.SpyEyes) -> No action taken. Files Detected: 7 C:\WINDOWS\system32\antiwpa.dll (PUP.Wpakill) -> No action taken. C:\WINDOWS\system32\ctfmon.exe (Trojan.FakeMS) -> No action taken. C:\WINDOWS.0\system32\antiwpa.dll (PUP.Wpakill) -> No action taken. C:\Documents and Settings\Ardian\Application Data\avdrn.dat (Malware.Trace) -> No action taken. C:\WINDOWS.0\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> No action taken. C:\Documents and Settings\bubbah\0.5678323600973288.exe (Exploit.Drop.UR.2) -> No action taken. C:\Documents and Settings\bubbah\Application Data\Adobe\shed\thr1.chm (Malware.Trace) -> No action taken. (end) Win32 Error. Code: 1500. The event log file is corrupted. Ich habe mal den dazugehörigen screenshot angehängt. Leider fand ich auch im Internet nichts um dieses Problem zu lösen. Hier einmal der OTL-log: OTL.txt Code:
ATTFilter OTL logfile created on: 21.08.2012 20:53:12 - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Austria | Language: DEA | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 3,22 Gb Available Physical Memory | 92,04% Memory free
5,34 Gb Paging File | 5,24 Gb Available in Paging File | 98,17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 39,46 Gb Free Space | 26,48% Space Free | Partition Type: NTFS
Computer Name: BUBBAH-F8E574E1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Administrator\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\WINDOWS.0\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
========== Win32 Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (LBTServ) -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\logishrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- c:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
========== Driver Services (SafeList) ==========
DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found
DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found
DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found
DRV - (xpsec) -- C:\WINDOWS.0\system32\drivers\xpsec.sys File not found
DRV - (xcpip) -- C:\WINDOWS.0\system32\drivers\xcpip.sys File not found
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (massfilter) -- system32\drivers\massfilter.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (EuMusDesignVirtualAudioCableWdm_s2x) -- system32\DRIVERS\vacs2xkd.sys File not found
DRV - (Changer) -- File not found
DRV - (avipbb) -- C:\WINDOWS.0\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS.0\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS.0\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (LUsbFilt) -- C:\WINDOWS.0\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS.0\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS.0\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS.0\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (atksgt) -- C:\WINDOWS.0\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS.0\system32\drivers\lirsgt.sys ()
DRV - (ati2mtag) -- C:\WINDOWS.0\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (RTL8192su) -- C:\WINDOWS.0\system32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV - (ssmdrv) -- C:\WINDOWS.0\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (AtiHdmiService) -- C:\WINDOWS.0\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (WUSB54GCv3) -- C:\WINDOWS.0\system32\drivers\WUSB54GCv3.sys (Ralink Technology, Corp.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS.0\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (atapi) -- C:\WINDOWS.0\system32\drivers\atapi.sys ()
DRV - (nvnetbus) -- C:\WINDOWS.0\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS.0\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\WINDOWS.0\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (AmdPPM) -- C:\WINDOWS.0\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (LVPr2Mon) -- C:\WINDOWS.0\system32\drivers\LVPr2Mon.sys ()
DRV - (LVMVDrv) -- C:\WINDOWS.0\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (LVcKap) -- C:\WINDOWS.0\system32\drivers\Lvckap.sys ()
DRV - (LVUSBSta) -- C:\WINDOWS.0\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) -- C:\WINDOWS.0\system32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\WINDOWS.0\system32\drivers\lv302af.sys (Logitech Inc.)
DRV - (ASPI) -- C:\WINDOWS.0\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (irsir) -- C:\WINDOWS.0\system32\drivers\irsir.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-839522115-1060284298-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\S-1-5-21-839522115-1060284298-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS.0\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Documents and Settings\All Users.WINDOWS.0\Application Data\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.21 10:47:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.22 05:42:34 | 000,000,000 | ---D | M]
[2011.11.27 02:29:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.07.21 10:47:50 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.23 19:42:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.23 19:42:15 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS.0\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\.DEFAULT..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" File not found
O4 - HKU\S-1-5-18..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" File not found
O4 - HKU\S-1-5-20..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [AWPA1] D:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPA2] E:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPA3] F:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPA4] G:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPA5] H:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPA6] I:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPA7] J:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPA8] K:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPA9] L:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAa] M:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAb] N:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAc] O:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAd] P:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAe] Q:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAf] R:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAg] S:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAh] T:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAi] U:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAj] V:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAk] W:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAl] X:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAm] Y:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAn] Z:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPA1] D:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPA2] E:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPA3] F:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPA4] G:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPA5] H:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPA6] I:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPA7] J:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPA8] K:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPA9] L:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAa] M:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAb] N:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAc] O:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAd] P:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAe] Q:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAf] R:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAg] S:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAh] T:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAi] U:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAj] V:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAk] W:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAl] X:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAm] Y:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAn] Z:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPA1] D:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPA2] E:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPA3] F:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPA4] G:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPA5] H:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPA6] I:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPA7] J:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPA8] K:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPA9] L:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAa] M:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAb] N:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAc] O:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAd] P:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAe] Q:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAf] R:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAg] S:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAh] T:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAi] U:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAj] V:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAk] W:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAl] X:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAm] Y:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAn] Z:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPA1] D:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPA2] E:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPA3] F:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPA4] G:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPA5] H:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPA6] I:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPA7] J:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPA8] K:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPA9] L:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAa] M:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAb] N:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAc] O:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAd] P:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAe] Q:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAf] R:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAg] S:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAh] T:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAi] U:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAj] V:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAk] W:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAl] X:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAm] Y:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAn] Z:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-839522115-1060284298-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS.0\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS.0\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS.0\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS.0\system32\nvLsp.dll (NVIDIA)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DDC40D9-5538-49AC-91DC-5E7DDC6ED235}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{119145B6-08E0-4905-BA54-9F548BEFFD75}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.0\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS.0\system32\userinit.exe) - C:\WINDOWS.0\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS.0\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.06.05 17:13:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.08.21 19:23:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.21 19:23:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes
[2012.08.21 19:23:15 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS.0\System32\drivers\mbam.sys
[2012.08.21 19:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.21 19:20:02 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL(1).exe
[2012.08.21 19:13:26 | 000,000,000 | -HSD | C] -- C:\WINDOWS.0\CSC
[2012.08.21 18:53:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\igpwcyiyqxzevxn
[2012.08.15 05:04:06 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\localspl.dll
[2012.08.15 05:04:03 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\netapi32.dll
[2012.08.15 05:04:03 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\browser.dll
[2012.08.09 00:09:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.08.09 00:09:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Common Files
[2012.08.08 23:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Avira
[2012.08.08 23:03:18 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS.0\System32\drivers\ssmdrv.sys
[2012.08.08 23:03:16 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\WINDOWS.0\System32\drivers\avipbb.sys
[2012.08.08 23:03:16 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\WINDOWS.0\System32\drivers\avgntflt.sys
[2012.08.08 23:03:16 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS.0\System32\drivers\avkmgr.sys
[2012.08.08 23:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.08.08 23:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Avira
[9 C:\WINDOWS.0\System32\*.tmp files -> C:\WINDOWS.0\System32\*.tmp -> ]
[5 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.08.21 20:53:55 | 000,433,224 | ---- | M] () -- C:\WINDOWS.0\System32\perfh009.dat
[2012.08.21 20:53:55 | 000,067,798 | ---- | M] () -- C:\WINDOWS.0\System32\perfc009.dat
[2012.08.21 20:49:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS.0\bootstat.dat
[2012.08.21 19:23:18 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.21 18:53:05 | 000,000,051 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\joxbzhknwkmleyj
[2012.08.21 18:52:59 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\btneuzoq.exe
[2012.08.21 18:27:00 | 000,000,834 | ---- | M] () -- C:\WINDOWS.0\tasks\Adobe Flash Player Updater.job
[2012.08.19 23:14:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL(1).exe
[2012.08.15 21:40:31 | 000,139,648 | ---- | M] () -- C:\WINDOWS.0\System32\FNTCACHE.DAT
[2012.08.15 06:20:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS.0\imsins.BAK
[2012.08.15 04:27:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS.0\System32\FlashPlayerApp.exe
[2012.08.15 04:27:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS.0\System32\FlashPlayerCPLApp.cpl
[2012.08.14 22:25:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS.0\tasks\AppleSoftwareUpdate.job
[2012.08.13 01:42:07 | 000,001,230 | ---- | M] () -- C:\WINDOWS.0\System32\wpa.dbl
[9 C:\WINDOWS.0\System32\*.tmp files -> C:\WINDOWS.0\System32\*.tmp -> ]
[5 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.08.21 19:23:18 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.21 18:53:05 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\btneuzoq.exe
[2012.08.21 18:53:00 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\joxbzhknwkmleyj
[2012.08.15 06:18:30 | 000,001,374 | ---- | C] () -- C:\WINDOWS.0\imsins.BAK
[2012.02.16 06:43:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS.0\System32\iacenc.dll
[2012.01.30 21:49:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS.0\System32\d3d9caps.dat
[2011.04.14 17:47:10 | 000,281,760 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\atksgt.sys
[2011.04.14 17:47:09 | 000,025,888 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\lirsgt.sys
[2010.11.05 22:52:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS.0\System32\Access.dat
[2010.10.04 05:54:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS.0\System32\ezsidmv.dat
[2010.09.28 10:37:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS.0\HMHud.INI
[2010.09.06 07:41:31 | 000,000,038 | ---- | C] () -- C:\WINDOWS.0\AviSplitter.INI
[2010.09.02 21:03:36 | 000,023,008 | -H-- | C] () -- C:\WINDOWS.0\System32\mlfcache.dat
[2010.08.30 21:41:20 | 000,004,857 | ---- | C] () -- C:\WINDOWS.0\Ascd_tmp.ini
[2010.08.30 21:41:19 | 000,010,288 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\ASUSHWIO.SYS
[2010.08.30 20:31:50 | 000,219,348 | ---- | C] () -- C:\WINDOWS.0\System32\atiicdxx.dat
[2010.08.30 20:19:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS.0\ativpsrm.bin
[2010.08.30 20:19:10 | 000,003,948 | R--- | C] () -- C:\WINDOWS.0\System32\drivers\nvphy.bin
[2010.08.30 20:15:09 | 000,004,249 | ---- | C] () -- C:\WINDOWS.0\ODBCINST.INI
[2010.08.30 20:13:23 | 000,165,376 | ---- | C] () -- C:\WINDOWS.0\System32\unrar.dll
[2010.08.30 20:12:38 | 000,139,648 | ---- | C] () -- C:\WINDOWS.0\System32\FNTCACHE.DAT
[2010.08.30 19:27:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS.0\nsreg.dat
[2010.08.30 19:25:32 | 000,887,724 | ---- | C] () -- C:\WINDOWS.0\System32\ativva6x.dat
[2010.08.30 19:25:32 | 000,000,003 | ---- | C] () -- C:\WINDOWS.0\System32\ativva5x.dat
[2010.08.30 19:10:54 | 000,015,312 | R--- | C] () -- C:\WINDOWS.0\System32\RaCoInst.dat
[2010.08.30 19:02:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS.0\bootstat.dat
[2010.08.30 18:53:14 | 000,235,008 | ---- | C] () -- C:\WINDOWS.0\System32\psisdecd.dll
[2010.08.30 18:44:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS.0\System32\emptyregdb.dat
[2010.08.30 18:37:13 | 000,020,992 | ---- | C] () -- C:\WINDOWS.0\System32\CabTool.exe
[2010.08.29 23:54:53 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\hngmfc.dat
========== LOP Check ==========
[2012.04.09 14:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HEM Data
[2010.08.30 18:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010.07.11 18:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2010.08.02 16:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2010.06.24 17:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010.06.21 11:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010.06.08 11:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010.07.11 13:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tunngle
[2010.06.05 19:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XHEO INC
[2010.06.16 19:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.06.08 11:30:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2011.11.09 20:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Boss Media
[2012.08.09 00:09:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Common Files
[2012.05.04 15:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\id Software
[2012.08.21 18:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\igpwcyiyqxzevxn
[2012.02.18 17:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Nitro PDF
[2012.08.09 00:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\TechSmith
[2012.08.09 00:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\TuneUp Software
[2010.11.05 05:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Tunngle
[2010.09.03 04:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\XHEO INC
[2011.09.14 14:08:22 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2012.08.09 00:09:45 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2010.08.30 19:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.08.30 20:34:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.06.16 05:06:29 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Ardian\Application Data\.#
[2010.08.28 23:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardian\Application Data\HEM Data
[2010.07.11 18:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardian\Application Data\id Software
[2010.06.05 17:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardian\Application Data\Opera
[2010.07.04 04:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardian\Application Data\postgresql
[2010.06.11 02:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardian\Application Data\RayV
[2010.08.15 03:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardian\Application Data\TeamViewer
[2010.06.21 02:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardian\Application Data\TS3Client
[2010.06.08 11:31:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardian\Application Data\TuneUp Software
[2010.07.13 01:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardian\Application Data\Tunngle
[2010.08.28 02:23:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardian\Application Data\uTorrent
[2011.04.14 17:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\Absolute Poker
[2012.02.18 16:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\Downloaded Installations
[2011.04.01 22:09:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\DVDVideoSoftIEHelpers
[2011.07.15 19:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\Garena
[2011.01.24 22:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\GetRightToGo
[2011.04.07 21:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\HEM Data
[2012.04.12 18:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\HoldemManager
[2011.10.31 23:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\id Software
[2011.09.12 21:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\Leadertech
[2011.05.25 20:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\LolClient
[2012.02.18 17:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\Nitro PDF
[2011.05.17 06:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\Notepad++
[2010.12.02 18:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\OpenOffice.org
[2010.08.30 19:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\Opera
[2012.08.21 19:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\Orbit
[2010.09.28 10:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\postgresql
[2011.02.18 21:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\Program Files
[2012.03.29 13:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\ProgSense
[2012.04.12 18:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\Roaming
[2012.03.07 16:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\TeamViewer
[2012.08.09 01:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\TS3Client
[2012.08.09 00:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\TuneUp Software
[2010.11.05 05:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\Tunngle
[2012.08.19 23:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\uTorrent
[2010.06.05 17:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\uTorrent
[2010.08.30 18:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User.WINDOWS.0\Application Data\uTorrent
[2011.09.21 14:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\TuneUp Software
[2010.08.30 18:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\postgres\Application Data\uTorrent
========== Purity Check ==========
< End of report >
Vielen Dank für die Hilfe. MFG |
|
21.08.2012, 22:06
| #2 |
| /// Malware-holic   | Bundespolizei Trojaner - Ihr Computer wurde gesperrt! + OTL Fehler (The event log file is corrupted.) hi
__________________du nutzt ne illegale windows version antiwpa.dll deshalb gibts hier nur hilfe beim neu aufsetzen: der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ |
|
21.08.2012, 22:50
| #3 |
| | Bundespolizei Trojaner - Ihr Computer wurde gesperrt! + OTL Fehler (The event log file is corrupted.) Fängt ja schonmal gut an. Bekomme direkt beim Versuch TweakUI zu installieren die angehängten Fehlermeldungen.
__________________'Ignore' auszuwählen bringt auch nichts. Bin im abgesicherten Modus mit networking. Danke nochmals für die Mühe. |
|
22.08.2012, 17:28
| #4 |
| /// Malware-holic | Bundespolizei Trojaner - Ihr Computer wurde gesperrt! + OTL Fehler (The event log file is corrupted.) dann deaktiviere autorun manuell
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Bundespolizei Trojaner - Ihr Computer wurde gesperrt! + OTL Fehler (The event log file is corrupted.) |
| administrator, adobe, avira, bho, bonjour, computer, downloader, explorer, fehler, file, firefox, flash player, format, gesperrt, log, log file, logfile, nvidia, opera, plug-in, problem, pup.wpakill, realtek, registry, software, system, trojaner |
Linear-Darstellung
