Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher?

Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher?


Plagegeister aller Art und deren Bekämpfung: Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 26.07.2010, 10:24   #1
mindflay
 
Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher? - Standard

Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher?


Habe heute einen richtigen Kampf gegen Trojaner hinter mir. Bin mir leider nicht mehr sicher welche Datei wohl der Auslöser war, auf jeden Fall hatte Sophos Antivirus zuerst einen Trojaner vom Typ Bredolab und Agent2!K entdeckt, später dann in 4 versch. exe in system32 den Virus zbot-memA die ich aber alle unter Quarantäne stellen konnte (zbotkiller hat auch keine Funde mehr angezeigt nach einem scan)

3 Maleware Viren wurden auch noch von Malewarebytes erkannt und in Quarantäne verschoben, ich werde nachfolgend noch logs einfügen. Da es sich bei Bredolab wohl um einem ziemlich bösen Backdoortrojaner handelt, der sich noch Unterstützung holt bin ich jetzt nicht sicher ob ich alles erwischt habe.

Habe vorher noch CCleaner drüber laufen lassen, wie in der Beschreibung verlangt.

Wär super wenn jemand mal kurz drüberschaut :-) Vielen dank schon mal im voraus!

Hier der vollständige Scan von Malwarebytes

Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4347

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

26.07.2010 11:03:31
mbam-log-2010-07-26 (11-03-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|Q:\|)
Durchsuchte Objekte: 207872
Laufzeit: 43 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Und hier OTL Scan:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 7/26/2010 11:07:07 AM - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\mozzquito\Desktop
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 72.76 Gb Free Space | 48.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 100.00 Mb Total Space | 71.80 Mb Free Space | 71.80% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ****
Current User Name: *****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\mozzquito\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
PRC - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\mozzquito\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\rswin_3725.dll ()
SRV - (Sophos AutoUpdate Service) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SAVService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
SRV - (SAVAdminService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
SRV - (cvhsvc) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva337) -- C:\Windows\System32\XDva337.sys File not found
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SAVOnAccess) -- C:\Windows\System32\drivers\savonaccess.sys (Sophos Plc)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (SophosBootDriver) -- C:\Windows\System32\drivers\SophosBootDriver.sys (Sophos Plc)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation                                            )
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EB 81 7C 6A 55 B9 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/25 22:32:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/25 22:32:40 | 000,000,000 | ---D | M]
 
[2010/03/06 10:42:37 | 000,000,000 | ---D | M] -- C:\Users\Sternchen\AppData\Roaming\Mozilla\Firefox\extensions
[2010/03/06 10:42:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sternchen\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/07/25 22:32:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/07/23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/07/23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/07/23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/07/23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/07/26 10:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/07/26 00:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/26 00:22:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/25 23:01:17 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/07/25 22:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/25 14:03:12 | 000,000,000 | ---D | C] -- C:\Users\Sternchen\AppData\Local\Sophos
[2010/07/25 13:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/07/25 13:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/25 12:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\Trojancheck 6
[2010/07/25 11:08:55 | 000,000,000 | ---D | C] -- C:\Users\Sternchen\AppData\Roaming\Malwarebytes
[2010/07/25 11:08:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/07/25 11:08:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/07/25 11:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/25 11:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/25 10:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/07/18 20:07:04 | 000,000,000 | ---D | C] -- C:\Program Files\Ascaron Entertainment
[2010/07/18 13:04:19 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2010/07/18 13:04:19 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010/07/18 13:04:19 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010/07/18 13:04:19 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010/07/18 13:04:19 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010/07/18 13:04:19 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2010/07/18 13:04:19 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2010/07/18 13:04:17 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010/07/18 13:04:15 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2010/07/18 13:04:15 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2010/07/18 13:04:14 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010/07/18 13:04:14 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010/07/18 13:04:14 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2010/07/18 13:04:14 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010/07/18 13:04:14 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2010/07/18 12:58:35 | 000,000,000 | ---D | C] -- C:\Program Files\Headup Games
[2010/07/18 10:38:11 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2010/07/18 08:36:10 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010/07/18 08:36:09 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/07/18 08:36:09 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010/07/18 08:36:09 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/07/18 08:36:09 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/07/18 08:36:06 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/07/18 08:36:06 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/07/18 08:36:06 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/07/18 08:36:06 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/07/18 08:36:06 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/07/18 08:36:06 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/07/18 08:36:04 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/07/18 08:36:04 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/07/17 23:17:28 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/07/17 22:58:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/07/17 22:58:50 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/07/17 22:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/07/17 22:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
 
========== Files - Modified Within 30 Days ==========
 
[2010/07/26 11:06:51 | 000,786,432 | -HS- | M] () -- C:\Users\Sternchen\NTUSER.DAT
[2010/07/26 10:16:41 | 000,000,965 | ---- | M] () -- C:\Users\Sternchen\Desktop\CCleaner.lnk
[2010/07/26 10:03:30 | 000,017,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/26 10:03:30 | 000,017,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/26 09:55:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/26 09:55:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/26 09:55:05 | 1583,271,936 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/26 00:22:12 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2010/07/25 22:32:42 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/07/25 13:43:39 | 000,001,216 | ---- | M] () -- C:\Users\Sternchen\Desktop\Spybot - Search & Destroy.lnk
[2010/07/25 11:08:43 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/25 11:03:21 | 000,616,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/25 11:03:20 | 000,730,268 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/25 11:03:20 | 000,106,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/19 08:13:14 | 000,289,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/07/18 20:14:17 | 000,001,238 | ---- | M] () -- C:\Users\Sternchen\Desktop\Sacred.lnk
[2010/07/18 13:02:11 | 000,001,189 | ---- | M] () -- C:\Users\Public\Desktop\GREED - Black Border.lnk
 
========== Files Created - No Company Name ==========
 
[2010/07/26 10:16:41 | 000,000,965 | ---- | C] () -- C:\Users\Sternchen\Desktop\CCleaner.lnk
[2010/07/26 00:22:12 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2010/07/25 22:32:42 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/07/25 13:43:39 | 000,001,216 | ---- | C] () -- C:\Users\Sternchen\Desktop\Spybot - Search & Destroy.lnk
[2010/07/25 11:08:43 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/18 20:14:17 | 000,001,238 | ---- | C] () -- C:\Users\Sternchen\Desktop\Sacred.lnk
[2010/07/18 13:02:11 | 000,001,189 | ---- | C] () -- C:\Users\Public\Desktop\GREED - Black Border.lnk
[2010/06/05 10:46:37 | 000,697,328 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
 
========== LOP Check ==========
 
[2010/06/05 22:07:14 | 000,000,000 | ---D | M] -- C:\Users\Sternchen\AppData\Roaming\DAEMON Tools Lite
[2010/06/05 10:45:42 | 000,000,000 | ---D | M] -- C:\Users\Sternchen\AppData\Roaming\DAEMON Tools Pro
[2010/03/17 20:51:18 | 000,000,000 | ---D | M] -- C:\Users\Sternchen\AppData\Roaming\EVEMon
[2010/03/06 10:42:30 | 000,000,000 | ---D | M] -- C:\Users\Sternchen\AppData\Roaming\Foxit
[2010/03/01 17:32:00 | 000,000,000 | ---D | M] -- C:\Users\Sternchen\AppData\Roaming\OpenOffice.org
[2010/07/25 22:50:46 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---



Teil 2 von OTL

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 7/26/2010 11:07:07 AM - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\mozzquito\Desktop
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 72.76 Gb Free Space | 48.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 100.00 Mb Total Space | 71.80 Mb Free Space | 71.80% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ******
Current User Name: ******
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034759DA-E21A-4795-BFB3-C66D17FAD183}" = Sophos Anti-Virus
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{744DD571-3D2B-4BC8-B129-BF6929020CD3}" = Yu-Gi-Oh! ONLINE 3
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0061-0407-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C6866249-495A-4ED7-AD69-99336B5E86E4}" = GUILTY GEAR XX #RELOAD
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"487C950AA9A6E2CC1EEEB1B475A4B24F64A14598" = Windows Driver Package - Intel Corporation (igfx) Display  (06/03/2009 8.15.10.1808)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Ask Toolbar_is1" = Foxit Toolbar
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"EVE" = EVE Online (remove only)
"FE343B236C75B9B2EAF76AAF216635CB92B42196" = Windows Driver Package - Intel(R) Corporation (IntcHdmiAddService) MEDIA  (05/26/2009 6.10.01.2073)
"Foxit Reader" = Foxit Reader
"GREED - Black Border_is1" = GREED - Black Border
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Sacred Underworld_is1" = Sacred Underworld
"Street Gears_is1" = Street Gears
"SystemRequirementsLab" = System Requirements Lab
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 7/24/2010 8:25:42 AM | Computer Name = *** | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.3828 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: eac    Start
 Time: 01cb2b2b34865083    Termination Time: 140    Application Path: C:\Program Files\Mozilla
 Firefox\firefox.exe    Report Id: 9181bbaf-971e-11df-b3aa-00248c64ce1e  
 
Error - 7/24/2010 8:29:20 AM | Computer Name = *** | Source = VSS | ID = 8194
Description = 
 
Error - 7/25/2010 4:51:32 AM | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 7/25/2010 6:55:04 AM | Computer Name = *** | Source = Application Error | ID = 1000
Description = Faulting application name: tc6.exe, version: 6.0.0.0, time stamp: 
0x2a425e19  Faulting module name: tc6.exe, version: 6.0.0.0, time stamp: 0x2a425e19
Exception
 code: 0xc0000005  Fault offset: 0x00001f6c  Faulting process id: 0x134  Faulting application
 start time: 0x01cb2be7ba5345c2  Faulting application path: C:\Program Files\Trojancheck
 6\tc6.exe  Faulting module path: C:\Program Files\Trojancheck 6\tc6.exe  Report Id:
 13cf1942-97db-11df-85c3-00248c64ce1e
 
Error - 7/25/2010 6:56:04 AM | Computer Name = **** | Source = Application Error | ID = 1000
Description = Faulting application name: tc6.exe, version: 6.0.0.0, time stamp: 
0x2a425e19  Faulting module name: tc6.exe, version: 6.0.0.0, time stamp: 0x2a425e19
Exception
 code: 0xc0000005  Fault offset: 0x00001f6c  Faulting process id: 0x11e4  Faulting application
 start time: 0x01cb2be7e7977189  Faulting application path: C:\Program Files\Trojancheck
 6\tc6.exe  Faulting module path: C:\Program Files\Trojancheck 6\tc6.exe  Report Id:
 37865d4a-97db-11df-85c3-00248c64ce1e
 
Error - 7/25/2010 7:22:52 AM | Computer Name = **** | Source = Application Error | ID = 1000
Description = Faulting application name: a2emergencykit.exe, version: 1.0.0.10, 
time stamp: 0x4c43c2d3  Faulting module name: ntdll.dll, version: 6.1.7600.16559, 
time stamp: 0x4ba9b21e  Exception code: 0xc0000005  Fault offset: 0x000555ea  Faulting
 process id: 0x1154  Faulting application start time: 0x01cb2beaec7b4407  Faulting application
 path: C:\Users\mozzquito\Documents\TROJANERTOD\run\a2emergencykit.exe  Faulting module
 path: C:\Windows\SYSTEM32\ntdll.dll  Report Id: f6381371-97de-11df-85c3-00248c64ce1e
 
Error - 7/25/2010 7:35:10 AM | Computer Name = *** | Source = Application Error | ID = 1000
Description = Faulting application name: a2emergencykit.exe, version: 1.0.0.10, 
time stamp: 0x4c43c2d3  Faulting module name: ntdll.dll, version: 6.1.7600.16559, 
time stamp: 0x4ba9b21e  Exception code: 0xc0000005  Fault offset: 0x000555ea  Faulting
 process id: 0x12ac  Faulting application start time: 0x01cb2bec5fa15f24  Faulting application
 path: C:\Users\mozzquito\Documents\TROJANERTOD\run\a2emergencykit.exe  Faulting module
 path: C:\Windows\SYSTEM32\ntdll.dll  Report Id: ae690735-97e0-11df-85c3-00248c64ce1e
 
Error - 7/25/2010 12:35:41 PM | Computer Name = **** | Source = Sophos Anti-Virus | ID = 131073
Description = No versions of component 'MessageResDSFactory' are registered. MessageResDSFactory
 cannot be returned.
 
Error - 7/25/2010 12:35:41 PM | Computer Name = **** | Source = Sophos Anti-Virus | ID = 131073
Description = No versions of component 'MessageResDSFactory' are registered. MessageResDSFactory
 cannot be returned.
 
Error - 7/26/2010 3:36:57 AM | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://***.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
[ System Events ]
Error - 7/25/2010 4:50:14 PM | Computer Name = *** | Source = Service Control Manager | ID = 7031
Description = The Akamai NetSession Interface service terminated unexpectedly.  
It has done this 1 time(s).  The following corrective action will be taken in 1000
 milliseconds: Restart the service.
 
Error - 7/25/2010 4:53:54 PM | Computer Name = *** | Source = EventLog | ID = 6008
Description = The previous system shutdown at 22:50:08 on ?25.?07.?2010 was unexpected.
 
Error - 7/25/2010 4:54:33 PM | Computer Name = *** | Source = BugCheck | ID = 1001
Description = 
 
Error - 7/25/2010 5:29:37 PM | Computer Name = *** | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{867F2A12-9895-45D2-937E-B1BCB503662A}
 because another computer on the network has the same name.  The server could not
 start.
 
Error - 7/26/2010 3:47:43 AM | Computer Name = *** | Source = Service Control Manager | ID = 7031
Description = The Akamai NetSession Interface service terminated unexpectedly.  
It has done this 1 time(s).  The following corrective action will be taken in 1000
 milliseconds: Restart the service.
 
Error - 7/26/2010 3:49:33 AM | Computer Name = **** | Source = EventLog | ID = 6008
Description = The previous system shutdown at 09:47:44 on ?26.?07.?2010 was unexpected.
 
Error - 7/26/2010 3:50:09 AM | Computer Name = *** | Source = BugCheck | ID = 1001
Description = 
 
Error - 7/26/2010 3:52:55 AM | Computer Name = *** | Source = Service Control Manager | ID = 7031
Description = The Akamai NetSession Interface service terminated unexpectedly.  
It has done this 1 time(s).  The following corrective action will be taken in 1000
 milliseconds: Restart the service.
 
Error - 7/26/2010 3:55:22 AM | Computer Name = **** | Source = EventLog | ID = 6008
Description = The previous system shutdown at 09:54:20 on ?26.?07.?2010 was unexpected.
 
Error - 7/26/2010 3:55:46 AM | Computer Name = *** | Source = BugCheck | ID = 1001
Description = 
 
 
< End of report >
--- --- ---
Geändert von mindflay (26.07.2010 um 10:39 Uhr)

 

Themen zu Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher?
action center, akamai, antivirus, ask toolbar, autorun, backdoor, bho, black, browser, components, corp./icp, error, exe, failed, firefox, firefox.exe, flash player, fontcache, format, install.exe, keine funde, langs, location, logfile, maleware, mozilla, nicht sicher, ntdll.dll, nvstor.sys, oldtimer, otl scan, otl.exe, port, problem, programdata, realtek, registry, required, rundll, saver, scan, searchplugins, security, shell32.dll, sptd.sys, super, system, taskhost.exe, trojaner, viren, webcheck, xdva337


« Antivir Solution Pro entfernt - was muss noch entfernt werden? | PC spielt plötzlich unbekannte Music ab! »


Ähnliche Themen: Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher?


  1. Win8.1: Trojaner gefunden, nicht sicher ob entfernt
    Plagegeister aller Art und deren Bekämpfung - 03.02.2015 (17)
  2. System care antivirus entfernt - PC sicher und sauber?
    Log-Analyse und Auswertung - 28.08.2013 (4)
  3. Mehrere Trojaner (bublik.I.9 und 10, PWS.Zbot, Ransom.Blocker) von Avira entdeckt!
    Log-Analyse und Auswertung - 12.05.2013 (11)
  4. File Restore Trojaner - ist er sicher entfernt?
    Log-Analyse und Auswertung - 16.11.2012 (2)
  5. Spyware.zbot von malwarebytes gefunden und angeblich entfernt - bin ich sicher oder versteckt es sich nur?
    Plagegeister aller Art und deren Bekämpfung - 31.10.2012 (5)
  6. Mehrere Trojaner (Zbot) nach Live Security Platimun-Befall gefunden
    Plagegeister aller Art und deren Bekämpfung - 18.09.2012 (9)
  7. war mit Verschlüsselungs-Trojaner infiziert - sicher entfernt?
    Plagegeister aller Art und deren Bekämpfung - 11.06.2012 (3)
  8. Trojaner Security Shield sicher vom System entfernt?
    Log-Analyse und Auswertung - 06.04.2012 (12)
  9. Mehrere Malware plus appconf32.exe gelöscht. System sicher?
    Log-Analyse und Auswertung - 20.03.2012 (8)
  10. Trojaner sicher entfernt? oder recovery cd starten?
    Alles rund um Windows - 10.03.2012 (2)
  11. Trojan:Win32/Bublik.b vom MSEssentials entfernt. Ist das System jetzt sicher?
    Log-Analyse und Auswertung - 17.02.2012 (4)
  12. mehrere Trojaner (Spy Banker, Stolen Data, Malware Gen/Trace, Trojan Passwords, Zbot)
    Log-Analyse und Auswertung - 20.12.2011 (21)
  13. Personal Shield Pro v2.2 entfernt. Ist das System wieder sicher?
    Log-Analyse und Auswertung - 10.07.2011 (1)
  14. Mehrere Trojaner wie Bubnix.ZM, Bubnix.abd.1, Bredolab.AA.312 :-(
    Plagegeister aller Art und deren Bekämpfung - 12.10.2010 (0)
  15. virtumonde.dll und mehrere Trojaner - Pc jetzt sicher?
    Plagegeister aller Art und deren Bekämpfung - 08.08.2010 (13)
  16. Security Master AV entfernt. System nun sicher?
    Plagegeister aller Art und deren Bekämpfung - 30.07.2010 (11)
  17. Trojaner sicher entfernt? - HJT-Logfile
    Log-Analyse und Auswertung - 04.04.2008 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher? - Habe heute einen richtigen Kampf gegen Trojaner hinter mir. Bin mir leider nicht mehr sicher welche Datei wohl der Auslöser war, auf jeden Fall hatte Sophos Antivirus zuerst einen Trojaner - Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher?...
Archiv
Du betrachtest: Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131