Zurück   Trojaner-Board > Sicherheit > Plagegeister aller Art und deren Bekämpfung
Trojaner: Cryptic.GL

Trojaner: Cryptic.GL


Plagegeister aller Art und deren Bekämpfung: Trojaner: Cryptic.GL

Windows 7 Hier gehören alle Fragen zum Thema Trojaner, Viren, Würmer, Dialer, Spyware und andere Plagegeister hinein.

Antwort
Seite 1 von 3 1 23
Alt 29.04.2010, 21:54   #1
Lacki
 
Trojaner: Cryptic.GL - Standard Trojaner: Cryptic.GL
Hallo alle zusammen, ich habe ein Problem. Als ich heute meinen Laptop hochfahre, zeigt mir mein AVG einen Alarm an, er meint mehrere Bedrohungen erkannt.Die betroffenen Dateien sind C:\WINDOWS\system32\sdra64.exe (und anstatt \sdra64.exe is da noch \userinit.exe)

als Infektion steht da bei beiden: Trojaner: Cryptic.GL. Ich wollte beide löschen, doch jetzt steht bei der ersten Datei: In Virenquarantäne verschoben und beim anderen das selbe wie vorm löschen: Objekt befindet sich auf der Whitelist (wichtige Systemdatei, die nicht gelöscht werde darf).
Was soll ich jetzt machen?
Bitte helft mir. Danke schon mal. Slg Lacki

Alt 29.04.2010, 21:57   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: Cryptic.GL - Standard

AW: Trojaner: Cryptic.GL



Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
Gruß,
Arne

Keine Hilfe per PN, sowas wird ignoriert! Nutze das Forum!


Trojaner-Board-Spendenkonto

Datensicherung mit Ubuntu als Notfall-Live-System

Bitte keine HijackThis Logs posten

Wie man Fragen richtig stellt

Alt 29.04.2010, 22:25   #3
Lacki
 
Trojaner: Cryptic.GL - Standard AW: Trojaner: Cryptic.GL
Der Test von dem Malwarebytes dauert, ich lasse es mal laufen und lege mich schlafe, poste dann morgen in der früh, was es ergeben hat. eine Frage noch schnell, soll ich die Teile gleich löschen die er da findet, und dann OLT machen?


Alt 30.04.2010, 10:41   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: Cryptic.GL - Standard AW: Trojaner: Cryptic.GL
Ja, mit Malwarebytes alle Funde löschen lassen.
__________________
Gruß,
Arne

Keine Hilfe per PN, sowas wird ignoriert! Nutze das Forum!


Trojaner-Board-Spendenkonto

Datensicherung mit Ubuntu als Notfall-Live-System

Bitte keine HijackThis Logs posten

Wie man Fragen richtig stellt

Alt 30.04.2010, 18:09   #5
Lacki
 
Trojaner: Cryptic.GL - Standard AW: Trojaner: Cryptic.GL
also habe alle löschen lassen, danach gleich neustart, wie des programm gesagt hat, jetzt schreibt avg wieder eine meldung, es is nur noch eine datei infiziert, und zwar C:\WINDOWS\system32\userinit.exe
hier aber mal das was malewarebytes gesagt hat:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

30.04.2010 18:01:02
mbam-log-2010-04-30 (18-01-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 187063
Laufzeit: 47 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 1
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Downloader) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Downloader) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Conny Lackner\Lokale Einstellungen\Temp\ie1B.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Conny Lackner\Lokale Einstellungen\Temp\ie3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.


Alt 30.04.2010, 18:18   #6
Lacki
 
Trojaner: Cryptic.GL - Standard AW: Trojaner: Cryptic.GL
OTL sagt dazu:

OTL logfile created on: 30.04.2010 18:10:50 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Dokumente und Einstellungen\Conny Lackner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.022,00 Mb Total Physical Memory | 489,00 Mb Available Physical Memory | 48,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 35,94 Gb Total Space | 3,86 Gb Free Space | 10,74% Space Free | Partition Type: FAT32
Drive D: | 36,32 Gb Total Space | 7,27 Gb Free Space | 20,02% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LACKI
Current User Name: Conny Lackner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Conny Lackner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG8\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programme\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Java\jre1.6.0_01\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Programme\Gemeinsame Dateien\ACD Systems\DE\DevDetect.exe (ACD Systems, Ltd.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Programme\acer\eRecovery\Monitor.exe (acer Inc.)
PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Programme\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Launch Manager\WButton.exe ()
PRC - C:\Programme\Launch Manager\LaunchAp.exe ()
PRC - C:\Programme\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
PRC - C:\Program Files\Arcade\PCMService.exe (CyberLink Corp.)
PRC - C:\Programme\Launch Manager\OSDCtrl.exe ()
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Acer\eManager\anbmServ.exe (OSA Technologies Inc.)
PRC - C:\WINDOWS\system32\sol.exe (Microsoft Corporation)
PRC - C:\Programme\Launch Manager\Powerkey.exe ()
PRC - C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd)
PRC - C:\WINDOWS\system32\brss01a.exe (brother Industries Ltd)


========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\Conny Lackner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\mfc42.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\hid.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)
MOD - C:\Programme\CyberLink\Shared Files\CLRCEngine.dll (CyberLink Corp.)
MOD - C:\WINDOWS\system32\mfc42loc.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avg8wd) -- C:\Programme\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8emc) -- C:\Programme\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (usnjsvc) -- C:\Programme\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (anbmService) -- C:\Acer\eManager\anbmServ.exe (OSA Technologies Inc.)
SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd)


========== Driver Services (SafeList) ==========

DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (VClone) -- C:\WINDOWS\system32\DRIVERS\VClone.sys (Elaborate Bytes AG)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (ElbyDelay) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (Avocent/OSA Technologies Inc.)
DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows (R) 2000 DDK provider)
DRV - (int15.sys) -- C:\Programme\acer\eRecovery\int15.sys ()
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (UBHelper) -- C:\WINDOWS\system32\drivers\UBHelper.sys ()
DRV - (HSFHWATI) -- C:\WINDOWS\system32\drivers\HSFHWATI.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (Hotkey) -- C:\WINDOWS\system32\drivers\HOTKEY.sys ()
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (POWERKEY) -- C:\Programme\Launch Manager\POWERKEY.SYS ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-flv"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-flv"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ytff-ytbm&p="


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Programme\Mozilla Firefox\components [2008.12.24 20:41:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2008.12.24 20:41:58 | 000,000,000 | ---D | M]

[2008.12.24 20:42:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Conny Lackner\Anwendungsdaten\Mozilla\Extensions
[2008.12.24 20:42:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Conny Lackner\Anwendungsdaten\Mozilla\Firefox\Profiles\x4oeux2u.default\extensions
[2009.07.19 22:57:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Conny Lackner\Anwendungsdaten\Mozilla\Firefox\Profiles\x4oeux2u.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009.10.25 10:38:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Conny Lackner\Anwendungsdaten\Mozilla\Firefox\Profiles\x4oeux2u.default\extensions\chenyanxu8821@163.com
[2008.12.24 20:41:58 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.05.18 21:46:34 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.05.18 21:46:34 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.05.18 21:46:34 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.05.18 21:46:34 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.05.18 21:46:34 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.04.28 19:56:56 | 000,007,036 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 99.189.54
O1 - Hosts: 127.0.0.1 99.189.52
O1 - Hosts: 127.0.0.1 99.14.103
O1 - Hosts: 127.0.0.1 98.223.73
O1 - Hosts: 127.0.0.1 97.80.137
O1 - Hosts: 127.0.0.1 95.134.16
O1 - Hosts: 127.0.0.1 95.133.8.
O1 - Hosts: 127.0.0.1 95.133.23
O1 - Hosts: 127.0.0.1 95.133.23
O1 - Hosts: 127.0.0.1 95.133.14
O1 - Hosts: 127.0.0.1 95.133.11
O1 - Hosts: 127.0.0.1 95.105.17
O1 - Hosts: 127.0.0.1 94.53.2.1
O1 - Hosts: 127.0.0.1 94.23.201
O1 - Hosts: 127.0.0.1 94.179.55
O1 - Hosts: 127.0.0.1 94.179.48
O1 - Hosts: 127.0.0.1 94.179.19
O1 - Hosts: 127.0.0.1 94.179.11
O1 - Hosts: 127.0.0.1 94.178.65
O1 - Hosts: 127.0.0.1 93.39.197
O1 - Hosts: 127.0.0.1 93.186.17
O1 - Hosts: 127.0.0.1 93.136.83
O1 - Hosts: 127.0.0.1 93.112.91
O1 - Hosts: 127.0.0.1 92.86.197
O1 - Hosts: 272 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Programme\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe (Wistron)
O4 - HKLM..\Run: [Device Detector] File not found
O4 - HKLM..\Run: [eRecoveryService] C:\WINDOWS\system32\Check.exe (acer Inc.)
O4 - HKLM..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrOSD] C:\Programme\Launch Manager\OSDCtrl.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PowerKey] C:\Programme\Launch Manager\PowerKey.exe ()
O4 - HKLM..\Run: [preload] C:\WINDOWS\RUNXMLPL.EXE (Wistron)
O4 - HKLM..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe File not found
O4 - HKLM..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl05a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [Wbutton] C:\Programme\Launch Manager\Wbutton.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Status Monitor.lnk = C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Windows Live Search - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - C:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - C:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Conny Lackner\Anwendungsdaten\Mozilla\Firefox\Desktop Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Conny Lackner\Anwendungsdaten\Mozilla\Firefox\Desktop Hintergrund.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.29 22:05:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Conny Lackner\Anwendungsdaten\Malwarebytes
[2010.04.29 22:04:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 22:04:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.29 22:04:57 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.29 22:04:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.04.29 22:02:39 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Conny Lackner\Desktop\OTL.exe
[2010.04.29 22:01:43 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Conny Lackner\Desktop\mbam-setup.exe
[2010.04.24 19:16:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2010.04.24 19:16:06 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2010.04.24 19:16:05 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2010.04.21 14:06:27 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stu2.exe
[2010.04.09 21:21:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Conny Lackner\Anwendungsdaten\Armagetron
[2010.04.09 21:21:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Armagetron
[2010.04.08 21:49:09 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Conny Lackner\Recent
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.04.30 18:05:28 | 000,000,692 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2010.04.30 18:03:36 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.04.30 18:03:26 | 000,000,097 | ---- | M] () -- C:\WINDOWS\ComponentList.xml
[2010.04.30 18:03:08 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.30 18:03:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.30 18:02:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.30 18:02:54 | 1071,878,144 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.30 18:02:08 | 005,242,880 | -H-- | M] () -- C:\Dokumente und Einstellungen\Conny Lackner\NTUSER.DAT
[2010.04.30 18:01:56 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Conny Lackner\ntuser.ini
[2010.04.30 18:01:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010.04.30 18:01:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010.04.30 18:00:02 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.30 17:37:08 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2010.04.29 22:05:02 | 000,000,584 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.29 22:04:30 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Conny Lackner\Desktop\mbam-setup.exe
[2010.04.29 22:03:10 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Conny Lackner\Desktop\OTL.exe
[2010.04.29 21:58:14 | 003,072,054 | ---- | M] () -- C:\Dokumente und Einstellungen\Conny Lackner\Desktop\virus bild 1.bmp
[2010.04.29 21:58:04 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.04.29 21:57:36 | 003,072,054 | ---- | M] () -- C:\Dokumente und Einstellungen\Conny Lackner\Desktop\virus bild.bmp
[2010.04.29 18:17:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.28 22:02:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010.04.28 22:02:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010.04.27 22:38:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010.04.27 22:38:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010.04.26 22:41:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010.04.26 22:41:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010.04.24 19:19:38 | 000,078,336 | ---- | M] () -- C:\Dokumente und Einstellungen\Conny Lackner\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.24 18:20:38 | 000,001,795 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2010.04.24 14:21:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010.04.24 14:21:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010.04.22 22:39:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010.04.22 22:39:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010.04.21 23:55:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010.04.21 23:55:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010.04.21 19:13:30 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010.04.21 14:08:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010.04.21 14:08:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010.04.21 14:06:28 | 000,000,000 | -H-- | M] () -- C:\lol.dat
[2010.04.21 14:06:26 | 000,014,848 | ---- | M] () -- C:\WINDOWS\System32\userinit.exe
[2010.04.20 20:42:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010.04.20 20:42:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010.04.19 18:23:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010.04.19 18:23:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010.04.19 18:02:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010.04.19 18:02:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010.04.19 18:02:00 | 006,898,334 | -H-- | M] () -- C:\Dokumente und Einstellungen\Conny Lackner\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.04.16 16:20:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010.04.16 16:20:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010.04.15 22:14:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010.04.15 22:14:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010.04.14 19:58:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.04.14 19:52:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010.04.14 19:52:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010.04.14 00:03:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010.04.14 00:03:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010.04.12 20:54:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010.04.12 20:54:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010.04.11 21:16:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010.04.11 21:16:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010.04.11 11:31:32 | 000,736,866 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.11 11:31:32 | 000,322,190 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.04.11 11:31:32 | 000,316,184 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.11 11:31:32 | 000,050,434 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.04.11 11:31:32 | 000,041,842 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.10 04:33:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010.04.10 04:33:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010.04.09 21:45:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2010.04.09 21:45:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010.04.09 21:21:38 | 000,000,445 | ---- | M] () -- C:\Dokumente und Einstellungen\Conny Lackner\Desktop\Armagetron Advanced.lnk
[2010.04.09 21:21:14 | 002,954,651 | ---- | M] () -- C:\Dokumente und Einstellungen\Conny Lackner\Desktop\armagetronad-0.2.8.3.1.gcc.win32(2).exe
[2010.04.09 21:17:28 | 000,010,164 | ---- | M] () -- C:\Dokumente und Einstellungen\Conny Lackner\Desktop\armagetronad-0.2.8.3.1.gcc.win32.exe
[2010.04.09 19:23:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2010.04.09 19:23:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.29 22:05:01 | 000,000,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.29 21:58:12 | 003,072,054 | ---- | C] () -- C:\Dokumente und Einstellungen\Conny Lackner\Desktop\virus bild 1.bmp
[2010.04.29 21:57:34 | 003,072,054 | ---- | C] () -- C:\Dokumente und Einstellungen\Conny Lackner\Desktop\virus bild.bmp
[2010.04.24 18:20:37 | 000,001,795 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2010.04.21 14:06:27 | 000,000,000 | -H-- | C] () -- C:\lol.dat
[2010.04.14 19:53:41 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010.04.09 21:21:36 | 000,000,445 | ---- | C] () -- C:\Dokumente und Einstellungen\Conny Lackner\Desktop\Armagetron Advanced.lnk
[2010.04.09 21:20:28 | 002,954,651 | ---- | C] () -- C:\Dokumente und Einstellungen\Conny Lackner\Desktop\armagetronad-0.2.8.3.1.gcc.win32(2).exe
[2010.04.09 21:18:15 | 000,010,164 | ---- | C] () -- C:\Dokumente und Einstellungen\Conny Lackner\Desktop\armagetronad-0.2.8.3.1.gcc.win32.exe
[2010.01.22 13:12:30 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.01.22 13:12:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.10.21 18:10:35 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009.10.21 18:10:35 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009.10.21 18:10:35 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009.04.19 12:31:23 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009.04.19 12:31:22 | 000,000,468 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009.04.19 12:31:22 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009.04.19 12:28:50 | 000,027,114 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009.01.01 12:13:20 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008.11.06 18:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008.08.31 17:46:37 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.08.30 22:26:46 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008.08.30 22:18:43 | 000,000,692 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2005.04.08 17:43:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.04.08 15:52:30 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005.04.08 15:51:29 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005.04.08 15:51:29 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005.04.08 15:51:29 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005.04.08 15:51:29 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005.04.08 15:47:21 | 000,000,048 | ---- | C] () -- C:\WINDOWS\Apire Series.ini
[2005.04.08 15:45:03 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005.04.08 15:44:33 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys
[2005.04.08 15:39:04 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005.04.08 15:39:02 | 000,001,150 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005.04.08 15:39:01 | 000,872,448 | ---- | C] () -- C:\WINDOWS\iconv.dll
[2005.04.08 15:39:01 | 000,743,424 | ---- | C] () -- C:\WINDOWS\libxml2.dll
[2005.04.08 15:39:01 | 000,081,920 | ---- | C] () -- C:\WINDOWS\Capsule.dll
[2004.12.17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004.09.13 12:30:03 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002.03.21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002.03.04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001.12.26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1999.01.27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997.06.13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
< End of report >

Alt 30.04.2010, 18:20   #7
Lacki
 
Trojaner: Cryptic.GL - Standard AW: Trojaner: Cryptic.GL
Und unter Extras von OTL:

OTL Extras logfile created on: 30.04.2010 18:10:50 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Dokumente und Einstellungen\Conny Lackner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.022,00 Mb Total Physical Memory | 489,00 Mb Available Physical Memory | 48,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 35,94 Gb Total Space | 3,86 Gb Free Space | 10,74% Space Free | Partition Type: FAT32
Drive D: | 36,32 Gb Total Space | 7,27 Gb Free Space | 20,02% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LACKI
Current User Name: Conny Lackner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Programme\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "D:\programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNetisabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- File not found
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- File not found
"C:\Programme\AVG\AVG8\avgupd.exe" = C:\Programme\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG8\avgemc.exe" = C:\Programme\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG8\avgnsx.exe" = C:\Programme\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\groove.exe" = C:\Programme\Microsoft Office\Office12\groove.exe:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\WINDOWS\System32\dpvsetup.exe" = C:\WINDOWS\System32\dpvsetup.exe:*isabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\TrackMania Original\TmOriginal.exe" = C:\Programme\TrackMania Original\TmOriginal.exe:*:Enabled:TmOriginal -- File not found
"\\zocker\STRONGHOLD\Stronghold Crusader.exe" = \\zocker\STRONGHOLD\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader.exe
"D:\Programme\Orbitdownloader\orbitdm.exe" = D:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Programme\Orbitdownloader\orbitnet.exe" = D:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- File not found
"C:\Dokumente und Einstellungen\Conny Lackner\Desktop\blobby\volley.exe" = C:\Dokumente und Einstellungen\Conny Lackner\Desktop\blobby\volley.exe:*isabled:volley -- File not found
"C:\Dokumente und Einstellungen\Conny Lackner\Desktop\VLCPortable\App\vlc\vlc.exe" = C:\Dokumente und Einstellungen\Conny Lackner\Desktop\VLCPortable\App\vlc\vlc.exe:*:Enabled:VLC media player -- File not found
"C:\Programme\Steam\steamapps\lackl\counter-strike source\hl2.exe" = C:\Programme\Steam\steamapps\lackl\counter-strike source\hl2.exe:*:Enabled:hl2 -- File not found
"C:\Programme\Empire Interactive\FlatOut2\FlatOut2.exe" = C:\Programme\Empire Interactive\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2 -- File not found
"D:\programme\Empire Interactive\Strangelite\Starship Troopers\STGame.exe" = D:\programme\Empire Interactive\Strangelite\Starship Troopers\STGame.exe:*isabled:Starship Troopers -- File not found
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found
"D:\programme\ICQ6.5\ICQ.exe" = D:\programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ -- (ICQ, LLC.)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*isabled:Firefox -- (Mozilla Corporation)
"D:\programme\Armagetron Advanced\armagetronad.exe" = D:\programme\Armagetron Advanced\armagetronad.exe:*:Enabled:armagetronad -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{135D3939-F9CD-4520-A008-9C4B852A2DBC}" = OneCare Advisor (Windows Live Toolbar)
"{13AD0F5B-FF8C-4625-851D-A83D4BE74716}" = Smart Menus (Windows Live Toolbar)
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{151ACDE2-C3AC-43AA-A77E-12A5D8B2A934}" = Popupblocker (Windows Live Toolbar)
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{22B099A6-55E1-4605-8401-05564320101C}" = Windows Live Outlook-Toolbar (Windows Live Toolbar)
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Arcade 3.0
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{28E151E2-A495-4C41-A94C-D3682E10F57E}" = Windows Live Toolbar
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A75BDE6-418E-4DB9-8601-C9E5225E0059}" = Feederkennung (Windows Live Toolbar)
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6266BA75-45FA-4B1A-B21F-E04A90C273E5}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AE25201-3E12-4FA2-9E65-67CD475D9263}" = ACDSee 9 Foto-Manager
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9AA761E6-CA51-4FF2-A552-D51638BF0595}" = Battle Realms
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A20A58C4-6784-4B4B-86CC-94E2E3671031}" = Nero 7 Ultra Edition
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-000000000001}" = Adobe Reader 6.0 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B06B842F-2450-494F-BBDE-217CDC151A37}" = NTI Backup NOW! 4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B81EB1DB-8F56-4852-BCEB-B598DF3F63E6}_is1" = Mustrum 2.0.7
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.0.8.3
"{DA2C339B-A405-439B-AD24-07765EF9F233}" = Browsen mit Registerkarten (Windows Live Toolbar)
"{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}" = Windows Live Favorites für Windows Live Toolbar
"{E7A744FD-E1B8-4FF6-ADC1-EA4C32181457}" = TIxx21/x515
"{E98412A2-8AB2-4BCE-AB3F-384B0239557E}" = NTI CD & DVD-Maker
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Any Video Converter_is1" = Any Video Converter 2.7.2
"Armagetron Advanced" = Armagetron Advanced 0.2.8.3.1.gcc
"ATI Display Driver" = ATI Display Driver
"AVG8Uninstall" = AVG 8.5
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_00801025" = SoftV90 Data Fax Modem with SmartCP
"Defraggler" = Defraggler (remove only)
"Diablo II" = Diablo II
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"InstallShield_{B06B842F-2450-494F-BBDE-217CDC151A37}" = NTI Backup NOW! 4
"InstallShield_{E7A744FD-E1B8-4FF6-ADC1-EA4C32181457}" = Texas Instruments PCIxx21/x515 drivers.
"InstallShield_{E98412A2-8AB2-4BCE-AB3F-384B0239557E}" = NTI CD & DVD-Maker Gold
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Orbit_is1" = Orbit Downloader
"QuickTime" = QuickTime
"save2pc Light_is1" = save2pc Light 4.0
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Videograbber_is1" = Videograbber4.3
"ViewpointMediaPlayer" = Viewpoint Media Player
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.3
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09.04.2010 07:00:19 | Computer Name = LACKI | Source = Google Update | ID = 20
Description =

Error - 09.04.2010 08:00:14 | Computer Name = LACKI | Source = Google Update | ID = 20
Description =

Error - 09.04.2010 09:00:05 | Computer Name = LACKI | Source = Google Update | ID = 20
Description =

Error - 09.04.2010 10:00:05 | Computer Name = LACKI | Source = Google Update | ID = 20
Description =

Error - 09.04.2010 11:00:05 | Computer Name = LACKI | Source = Google Update | ID = 20
Description =

Error - 09.04.2010 12:00:05 | Computer Name = LACKI | Source = Google Update | ID = 20
Description =

Error - 09.04.2010 13:00:05 | Computer Name = LACKI | Source = Google Update | ID = 20
Description =

Error - 09.04.2010 14:00:09 | Computer Name = LACKI | Source = Google Update | ID = 20
Description =

Error - 17.04.2010 10:00:19 | Computer Name = LACKI | Source = Google Update | ID = 20
Description =

Error - 20.04.2010 09:00:08 | Computer Name = LACKI | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 22.04.2010 11:17:33 | Computer Name = LACKI | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst AVG8
E-mail Scanner.

Error - 22.04.2010 11:17:33 | Computer Name = LACKI | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AVG8 E-mail Scanner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 24.04.2010 11:36:08 | Computer Name = LACKI | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst AVG8
E-mail Scanner.

Error - 24.04.2010 11:36:08 | Computer Name = LACKI | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AVG8 E-mail Scanner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 26.04.2010 15:56:23 | Computer Name = LACKI | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst AVG8
E-mail Scanner.

Error - 26.04.2010 15:56:23 | Computer Name = LACKI | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AVG8 E-mail Scanner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 28.04.2010 11:15:14 | Computer Name = LACKI | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Windows
User Mode Driver Framework.

Error - 28.04.2010 11:15:15 | Computer Name = LACKI | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows User Mode Driver Framework" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053

Error - 30.04.2010 12:03:24 | Computer Name = LACKI | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume2" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.

Error - 30.04.2010 12:05:04 | Computer Name = LACKI | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
gagp30kx
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde


< End of report >

Alt 30.04.2010, 18:56   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: Cryptic.GL - Standard AW: Trojaner: Cryptic.GL
Zitat:
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
Was machst Du mit so einem uralten FF? Solltest Du schleunigst aktualisieren...

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code: 
:OTL
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
Gruß,
Arne

Keine Hilfe per PN, sowas wird ignoriert! Nutze das Forum!


Trojaner-Board-Spendenkonto

Datensicherung mit Ubuntu als Notfall-Live-System

Bitte keine HijackThis Logs posten

Wie man Fragen richtig stellt

Alt 30.04.2010, 19:29   #9
Lacki
 
Trojaner: Cryptic.GL - Standard AW: Trojaner: Cryptic.GL
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 713579 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 6726148 bytes

User: Conny Lackner
->Temp folder emptied: 16015186 bytes
->Temporary Internet Files folder emptied: 166420729 bytes
->Java cache emptied: 8892 bytes
->FireFox cache emptied: 39878980 bytes
->Flash cache emptied: 1820 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 79144557 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 295,00 mb


OTL by OldTimer - Version 3.2.3.0 log created on 04302010_192103

Files\Folders moved on Reboot...
C:\Dokumente und Einstellungen\Conny Lackner\Lokale Einstellungen\Temp\in9.tmp moved successfully.
C:\WINDOWS\temp\T30DebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


AVG hat nach Neustart immer noch was zu meckern, das übliche...

Alt 30.04.2010, 19:40   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: Cryptic.GL - Standard AW: Trojaner: Cryptic.GL
So, dann mach jetzt mal nen Durchgang mit CF:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Gruß,
Arne

Keine Hilfe per PN, sowas wird ignoriert! Nutze das Forum!


Trojaner-Board-Spendenkonto

Datensicherung mit Ubuntu als Notfall-Live-System

Bitte keine HijackThis Logs posten

Wie man Fragen richtig stellt

Antwort
Seite 1 von 3 1 23

Stichworte zu Trojaner: Cryptic.GL
alarm, andere, anderen, avg, bedrohungen, befindet, c:\windows, dateien, gelöscht, gen, helft, heute, infektion, laptop, löschen, quarantäne, system, system32, systemdatei, troja, trojaner, verschoben, wichtige, windows, zusammen


« Vorheriges Thema | Nächstes Thema »

Ähnliche Themen: Trojaner: Cryptic.GL


  1. Trojaner "Cryptic.bjl"
    Plagegeister aller Art und deren Bekämpfung - 05.12.2010 (30)
  2. Trojaner: Cryptic.HV lässt sich mit Virensoftware nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 14.09.2010 (24)
  3. Trojaner Cryptic.ADE in Systemdatei svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 23.06.2010 (17)
  4. Trojaner Cryptic.HK
    Plagegeister aller Art und deren Bekämpfung - 27.05.2010 (30)
  5. Trojaner: Cryptic.NP
    Diskussionsforum - 23.05.2010 (9)
  6. Trojaner: SHeur3.WGQ, Trojaner: Cryptic.NN, ,FakeAlert
    Plagegeister aller Art und deren Bekämpfung - 16.05.2010 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung- GMER - Rootkit Scanner

- Anleitung Rootkit.TDSS entfernen

- Worm.Bagle entfernen mit Findykill

- Secunia Personal Software Inspector (PSI)

- Anleitung: AntiVir 2010 entfernen

- Anleitung: Rootkit RKIT/Kryptic entfernen

- Avira AntiVir Rescue System

- Kaspersky Rescue Disk


Zum Thema Trojaner: Cryptic.GL - Hallo alle zusammen, ich habe ein Problem. Als ich heute meinen Laptop hochfahre, zeigt mir mein AVG einen Alarm an, er meint mehrere Bedrohungen erkannt.Die betroffenen Dateien sind C:\WINDOWS\system32\sdra64.exe (und Windows 7 Trojaner: Cryptic.GL...
Archiv
Du betrachtest: Trojaner: Cryptic.GL auf Trojaner-Board

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20