Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Bundespolizei Trojaner - Ihr Computer wurde gesperrt! + OTL Fehler (The event log file is corrupted.) (https://www.trojaner-board.de/122567-bundespolizei-trojaner-computer-wurde-gesperrt-otl-fehler-the-event-log-file-is-corrupted.html)

bubbah1012 21.08.2012 20:10
Bundespolizei Trojaner - Ihr Computer wurde gesperrt! + OTL Fehler (The event log file is corrupted.)
 
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo,

auch ich bin nun diesem Trojaner zum Opfer gefallen.

Hier der Malwarebytes-Log
Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.21.09

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
bubbah :: BUBBAH-F8E574E1 [administrator]

21.08.2012 19:25:10
mbam-log-2012-08-21 (20-11-18).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 442858
Time elapsed: 45 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Folders Detected: 1
C:\nmr92.bin (Trojan.SpyEyes) -> No action taken.

Files Detected: 7
C:\WINDOWS\system32\antiwpa.dll (PUP.Wpakill) -> No action taken.
C:\WINDOWS\system32\ctfmon.exe (Trojan.FakeMS) -> No action taken.
C:\WINDOWS.0\system32\antiwpa.dll (PUP.Wpakill) -> No action taken.
C:\Documents and Settings\Ardian\Application Data\avdrn.dat (Malware.Trace) -> No action taken.
C:\WINDOWS.0\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> No action taken.
C:\Documents and Settings\bubbah\0.5678323600973288.exe (Exploit.Drop.UR.2) -> No action taken.
C:\Documents and Settings\bubbah\Application Data\Adobe\shed\thr1.chm (Malware.Trace) -> No action taken.

(end)
Nun ergibt sich folgendes Problem wenn ich den OTL-scan laufen lasse.

Win32 Error. Code: 1500.
The event log file is corrupted.

Ich habe mal den dazugehörigen screenshot angehängt.
Leider fand ich auch im Internet nichts um dieses Problem zu lösen.

Hier einmal der OTL-log:
OTL.txt
Code:
OTL logfile created on: 21.08.2012 20:53:12 - Run 1
OTL by OldTimer - Version 3.2.58.1    Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Austria | Language: DEA | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 3,22 Gb Available Physical Memory | 92,04% Memory free
5,34 Gb Paging File | 5,24 Gb Available in Paging File | 98,17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 39,46 Gb Free Space | 26,48% Space Free | Partition Type: NTFS
 
Computer Name: BUBBAH-F8E574E1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Administrator\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\WINDOWS.0\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (LBTServ) -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\logishrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- c:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found
DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found
DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found
DRV - (xpsec) -- C:\WINDOWS.0\system32\drivers\xpsec.sys File not found
DRV - (xcpip) -- C:\WINDOWS.0\system32\drivers\xcpip.sys File not found
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (massfilter) -- system32\drivers\massfilter.sys File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (EuMusDesignVirtualAudioCableWdm_s2x) -- system32\DRIVERS\vacs2xkd.sys File not found
DRV - (Changer) --  File not found
DRV - (avipbb) -- C:\WINDOWS.0\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS.0\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS.0\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (LUsbFilt) -- C:\WINDOWS.0\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS.0\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS.0\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS.0\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (atksgt) -- C:\WINDOWS.0\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS.0\system32\drivers\lirsgt.sys ()
DRV - (ati2mtag) -- C:\WINDOWS.0\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (RTL8192su) -- C:\WINDOWS.0\system32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                          )
DRV - (ssmdrv) -- C:\WINDOWS.0\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (AtiHdmiService) -- C:\WINDOWS.0\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (WUSB54GCv3) -- C:\WINDOWS.0\system32\drivers\WUSB54GCv3.sys (Ralink Technology, Corp.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS.0\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (atapi) -- C:\WINDOWS.0\system32\drivers\atapi.sys ()
DRV - (nvnetbus) -- C:\WINDOWS.0\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS.0\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\WINDOWS.0\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (AmdPPM) -- C:\WINDOWS.0\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (LVPr2Mon) -- C:\WINDOWS.0\system32\drivers\LVPr2Mon.sys ()
DRV - (LVMVDrv) -- C:\WINDOWS.0\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (LVcKap) -- C:\WINDOWS.0\system32\drivers\Lvckap.sys ()
DRV - (LVUSBSta) -- C:\WINDOWS.0\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) -- C:\WINDOWS.0\system32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\WINDOWS.0\system32\drivers\lv302af.sys (Logitech Inc.)
DRV - (ASPI) -- C:\WINDOWS.0\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (irsir) -- C:\WINDOWS.0\system32\drivers\irsir.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-839522115-1060284298-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\S-1-5-21-839522115-1060284298-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS.0\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Documents and Settings\All Users.WINDOWS.0\Application Data\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.21 10:47:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.22 05:42:34 | 000,000,000 | ---D | M]
 
[2011.11.27 02:29:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.07.21 10:47:50 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.23 19:42:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.23 19:42:15 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS.0\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\.DEFAULT..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" File not found
O4 - HKU\S-1-5-18..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" File not found
O4 - HKU\S-1-5-20..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [AWPA1] D:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPA2] E:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPA3] F:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPA4] G:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPA5] H:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPA6] I:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPA7] J:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPA8] K:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPA9] L:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAa] M:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAb] N:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAc] O:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAd] P:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAe] Q:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAf] R:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAg] S:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAh] T:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAi] U:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAj] V:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAk] W:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAl] X:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAm] Y:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAn] Z:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPA1] D:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPA2] E:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPA3] F:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPA4] G:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPA5] H:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPA6] I:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPA7] J:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPA8] K:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPA9] L:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAa] M:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAb] N:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAc] O:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAd] P:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAe] Q:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAf] R:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAg] S:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAh] T:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAi] U:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAj] V:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAk] W:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAl] X:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAm] Y:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAn] Z:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPA1] D:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPA2] E:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPA3] F:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPA4] G:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPA5] H:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPA6] I:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPA7] J:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPA8] K:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPA9] L:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAa] M:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAb] N:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAc] O:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAd] P:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAe] Q:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAf] R:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAg] S:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAh] T:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAi] U:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAj] V:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAk] W:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAl] X:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAm] Y:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAn] Z:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPA1] D:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPA2] E:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPA3] F:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPA4] G:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPA5] H:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPA6] I:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPA7] J:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPA8] K:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPA9] L:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAa] M:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAb] N:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAc] O:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAd] P:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAe] Q:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAf] R:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAg] S:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAh] T:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAi] U:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAj] V:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAk] W:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAl] X:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAm] Y:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAn] Z:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-839522115-1060284298-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS.0\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS.0\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS.0\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS.0\system32\nvLsp.dll (NVIDIA)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DDC40D9-5538-49AC-91DC-5E7DDC6ED235}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{119145B6-08E0-4905-BA54-9F548BEFFD75}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.0\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS.0\system32\userinit.exe) - C:\WINDOWS.0\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS.0\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.06.05 17:13:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.21 19:23:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.21 19:23:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes
[2012.08.21 19:23:15 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS.0\System32\drivers\mbam.sys
[2012.08.21 19:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.21 19:20:02 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL(1).exe
[2012.08.21 19:13:26 | 000,000,000 | -HSD | C] -- C:\WINDOWS.0\CSC
[2012.08.21 18:53:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\igpwcyiyqxzevxn
[2012.08.15 05:04:06 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\localspl.dll
[2012.08.15 05:04:03 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\netapi32.dll
[2012.08.15 05:04:03 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\browser.dll
[2012.08.09 00:09:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.08.09 00:09:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Common Files
[2012.08.08 23:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Avira
[2012.08.08 23:03:18 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS.0\System32\drivers\ssmdrv.sys
[2012.08.08 23:03:16 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\WINDOWS.0\System32\drivers\avipbb.sys
[2012.08.08 23:03:16 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\WINDOWS.0\System32\drivers\avgntflt.sys
[2012.08.08 23:03:16 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS.0\System32\drivers\avkmgr.sys
[2012.08.08 23:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.08.08 23:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Avira
[9 C:\WINDOWS.0\System32\*.tmp files -> C:\WINDOWS.0\System32\*.tmp -> ]
[5 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.21 20:53:55 | 000,433,224 | ---- | M] () -- C:\WINDOWS.0\System32\perfh009.dat
[2012.08.21 20:53:55 | 000,067,798 | ---- | M] () -- C:\WINDOWS.0\System32\perfc009.dat
[2012.08.21 20:49:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS.0\bootstat.dat
[2012.08.21 19:23:18 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.21 18:53:05 | 000,000,051 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\joxbzhknwkmleyj
[2012.08.21 18:52:59 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\btneuzoq.exe
[2012.08.21 18:27:00 | 000,000,834 | ---- | M] () -- C:\WINDOWS.0\tasks\Adobe Flash Player Updater.job
[2012.08.19 23:14:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL(1).exe
[2012.08.15 21:40:31 | 000,139,648 | ---- | M] () -- C:\WINDOWS.0\System32\FNTCACHE.DAT
[2012.08.15 06:20:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS.0\imsins.BAK
[2012.08.15 04:27:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS.0\System32\FlashPlayerApp.exe
[2012.08.15 04:27:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS.0\System32\FlashPlayerCPLApp.cpl
[2012.08.14 22:25:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS.0\tasks\AppleSoftwareUpdate.job
[2012.08.13 01:42:07 | 000,001,230 | ---- | M] () -- C:\WINDOWS.0\System32\wpa.dbl
[9 C:\WINDOWS.0\System32\*.tmp files -> C:\WINDOWS.0\System32\*.tmp -> ]
[5 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.21 19:23:18 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.21 18:53:05 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\btneuzoq.exe
[2012.08.21 18:53:00 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\joxbzhknwkmleyj
[2012.08.15 06:18:30 | 000,001,374 | ---- | C] () -- C:\WINDOWS.0\imsins.BAK
[2012.02.16 06:43:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS.0\System32\iacenc.dll
[2012.01.30 21:49:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS.0\System32\d3d9caps.dat
[2011.04.14 17:47:10 | 000,281,760 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\atksgt.sys
[2011.04.14 17:47:09 | 000,025,888 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\lirsgt.sys
[2010.11.05 22:52:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS.0\System32\Access.dat
[2010.10.04 05:54:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS.0\System32\ezsidmv.dat
[2010.09.28 10:37:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS.0\HMHud.INI
[2010.09.06 07:41:31 | 000,000,038 | ---- | C] () -- C:\WINDOWS.0\AviSplitter.INI
[2010.09.02 21:03:36 | 000,023,008 | -H-- | C] () -- C:\WINDOWS.0\System32\mlfcache.dat
[2010.08.30 21:41:20 | 000,004,857 | ---- | C] () -- C:\WINDOWS.0\Ascd_tmp.ini
[2010.08.30 21:41:19 | 000,010,288 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\ASUSHWIO.SYS
[2010.08.30 20:31:50 | 000,219,348 | ---- | C] () -- C:\WINDOWS.0\System32\atiicdxx.dat
[2010.08.30 20:19:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS.0\ativpsrm.bin
[2010.08.30 20:19:10 | 000,003,948 | R--- | C] () -- C:\WINDOWS.0\System32\drivers\nvphy.bin
[2010.08.30 20:15:09 | 000,004,249 | ---- | C] () -- C:\WINDOWS.0\ODBCINST.INI
[2010.08.30 20:13:23 | 000,165,376 | ---- | C] () -- C:\WINDOWS.0\System32\unrar.dll
[2010.08.30 20:12:38 | 000,139,648 | ---- | C] () -- C:\WINDOWS.0\System32\FNTCACHE.DAT
[2010.08.30 19:27:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS.0\nsreg.dat
[2010.08.30 19:25:32 | 000,887,724 | ---- | C] () -- C:\WINDOWS.0\System32\ativva6x.dat
[2010.08.30 19:25:32 | 000,000,003 | ---- | C] () -- C:\WINDOWS.0\System32\ativva5x.dat
[2010.08.30 19:10:54 | 000,015,312 | R--- | C] () -- C:\WINDOWS.0\System32\RaCoInst.dat
[2010.08.30 19:02:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS.0\bootstat.dat
[2010.08.30 18:53:14 | 000,235,008 | ---- | C] () -- C:\WINDOWS.0\System32\psisdecd.dll
[2010.08.30 18:44:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS.0\System32\emptyregdb.dat
[2010.08.30 18:37:13 | 000,020,992 | ---- | C] () -- C:\WINDOWS.0\System32\CabTool.exe
[2010.08.29 23:54:53 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\hngmfc.dat
 
========== LOP Check ==========
 
[2012.04.09 14:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HEM Data
[2010.08.30 18:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010.07.11 18:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2010.08.02 16:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2010.06.24 17:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010.06.21 11:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010.06.08 11:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010.07.11 13:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tunngle
[2010.06.05 19:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XHEO INC
[2010.06.16 19:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.06.08 11:30:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2011.11.09 20:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Boss Media
[2012.08.09 00:09:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Common Files
[2012.05.04 15:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\id Software
[2012.08.21 18:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\igpwcyiyqxzevxn
[2012.02.18 17:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Nitro PDF
[2012.08.09 00:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\TechSmith
[2012.08.09 00:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\TuneUp Software
[2010.11.05 05:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Tunngle
[2010.09.03 04:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\XHEO INC
[2011.09.14 14:08:22 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2012.08.09 00:09:45 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2010.08.30 19:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.08.30 20:34:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.06.16 05:06:29 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Ardian\Application Data\.#
[2010.08.28 23:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardian\Application Data\HEM Data
[2010.07.11 18:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardian\Application Data\id Software
[2010.06.05 17:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardian\Application Data\Opera
[2010.07.04 04:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardian\Application Data\postgresql
[2010.06.11 02:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardian\Application Data\RayV
[2010.08.15 03:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardian\Application Data\TeamViewer
[2010.06.21 02:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardian\Application Data\TS3Client
[2010.06.08 11:31:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardian\Application Data\TuneUp Software
[2010.07.13 01:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardian\Application Data\Tunngle
[2010.08.28 02:23:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardian\Application Data\uTorrent
[2011.04.14 17:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\Absolute Poker
[2012.02.18 16:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\Downloaded Installations
[2011.04.01 22:09:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\DVDVideoSoftIEHelpers
[2011.07.15 19:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\Garena
[2011.01.24 22:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\GetRightToGo
[2011.04.07 21:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\HEM Data
[2012.04.12 18:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\HoldemManager
[2011.10.31 23:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\id Software
[2011.09.12 21:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\Leadertech
[2011.05.25 20:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\LolClient
[2012.02.18 17:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\Nitro PDF
[2011.05.17 06:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\Notepad++
[2010.12.02 18:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\OpenOffice.org
[2010.08.30 19:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\Opera
[2012.08.21 19:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\Orbit
[2010.09.28 10:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\postgresql
[2011.02.18 21:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\Program Files
[2012.03.29 13:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\ProgSense
[2012.04.12 18:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\Roaming
[2012.03.07 16:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\TeamViewer
[2012.08.09 01:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\TS3Client
[2012.08.09 00:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\TuneUp Software
[2010.11.05 05:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\Tunngle
[2012.08.19 23:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\uTorrent
[2010.06.05 17:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\uTorrent
[2010.08.30 18:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User.WINDOWS.0\Application Data\uTorrent
[2011.09.21 14:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\TuneUp Software
[2010.08.30 18:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\postgres\Application Data\uTorrent
 
========== Purity Check ==========
 
 

< End of report >
Wie gehe ich nun vor?

Vielen Dank für die Hilfe.
MFG

markusg 21.08.2012 22:06
hi
du nutzt ne illegale windows version
antiwpa.dll
deshalb gibts hier nur hilfe beim neu aufsetzen:
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

bubbah1012 21.08.2012 22:50
Liste der Anhänge anzeigen (Anzahl: 1)
Fängt ja schonmal gut an. Bekomme direkt beim Versuch TweakUI zu installieren die angehängten Fehlermeldungen.
'Ignore' auszuwählen bringt auch nichts.
Bin im abgesicherten Modus mit networking.

Danke nochmals für die Mühe.

markusg 22.08.2012 17:28
dann deaktiviere autorun manuell


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:37 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19