Backdoor.Win32.Spammy.lx problehm

madde25

so habe die sachen hochgeladen!!

gruß martin



All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1449085533-319408153-1176483877-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Updater deleted successfully.
C:\Users\madde\AppData\Local\Temp\svchost.bat moved successfully.
Registry value HKEY_USERS\S-1-5-21-1449085533-319408153-1176483877-1001\Software\Microsoft\Windows\CurrentVersion\Run\\System32 deleted successfully.
C:\Users\madde\AppData\Roaming\system32.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1449085533-319408153-1176483877-1001\Software\Microsoft\Windows\CurrentVersion\Run\\mssend deleted successfully.
File move failed. C:\Users\madde\AppData\Roaming\xssend2\svcnost.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-1449085533-319408153-1176483877-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CatDBmap3xx deleted successfully.
C:\Users\madde\AppData\Local\iTunesPadHelper\CatDBmap3xx.DLL moved successfully.
C:\Users\madde\AppData\Local\iTunesPadHelper folder moved successfully.
Folder move failed. C:\Users\madde\AppData\Roaming\xssend2 scheduled to be moved on reboot.
C:\Users\madde\AppData\Roaming\ru3wuo1yertdxffnten2v1tinwz1fzz2 folder moved successfully.
========== FILES ==========
File\Folder C:\Dokumente und Einstellungen\Rene.HOME-PC\Lokale Einstellungen\Temp\Bt1.exe not found.
File\Folder [2010.12.29 09:02:22 | 000,208,896 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Bwukoa.exe not found.
File\Folder [2010.12.29 09:02:15 | 000,299,008 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\sshnas21.dll not found.
File\Folder [2010.12.30 13:26:04 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job not found.
File\Folder [2010.12.30 13:25:49 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job not found.
File\Folder [2010.12.30 13:13:04 | 000,000,244 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56502 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: madde
->Flash cache emptied: 103744 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: madde
->Temp folder emptied: 5283122121 bytes
->Temporary Internet Files folder emptied: 8878166 bytes
->Java cache emptied: 12394810 bytes
->FireFox cache emptied: 57453579 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 4856976 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 346191882 bytes
RecycleBin emptied: 2512615932 bytes

Total Files Cleaned = 7.844,00 mb


OTL by OldTimer - Version 3.2.18.2 log created on 12302010_185732

Files\Folders moved on Reboot...
File\Folder C:\Users\madde\AppData\Roaming\xssend2\svcnost.exe not found!
C:\Users\madde\AppData\Roaming\xssend2 folder moved successfully.

Registry entries deleted on Reboot...