Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bundespolizei Trojaner - Ihr Computer wurde gesperrt! + OTL Fehler (The event log file is corrupted.)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.08.2012, 20:10   #1
bubbah1012
 
Bundespolizei Trojaner - Ihr Computer wurde gesperrt! + OTL Fehler (The event log file is corrupted.) - Standard

Bundespolizei Trojaner - Ihr Computer wurde gesperrt! + OTL Fehler (The event log file is corrupted.)



Hallo,

auch ich bin nun diesem Trojaner zum Opfer gefallen.

Hier der Malwarebytes-Log
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.21.09

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
bubbah :: BUBBAH-F8E574E1 [administrator]

21.08.2012 19:25:10
mbam-log-2012-08-21 (20-11-18).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 442858
Time elapsed: 45 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Folders Detected: 1
C:\nmr92.bin (Trojan.SpyEyes) -> No action taken.

Files Detected: 7
C:\WINDOWS\system32\antiwpa.dll (PUP.Wpakill) -> No action taken.
C:\WINDOWS\system32\ctfmon.exe (Trojan.FakeMS) -> No action taken.
C:\WINDOWS.0\system32\antiwpa.dll (PUP.Wpakill) -> No action taken.
C:\Documents and Settings\Ardian\Application Data\avdrn.dat (Malware.Trace) -> No action taken.
C:\WINDOWS.0\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> No action taken.
C:\Documents and Settings\bubbah\0.5678323600973288.exe (Exploit.Drop.UR.2) -> No action taken.
C:\Documents and Settings\bubbah\Application Data\Adobe\shed\thr1.chm (Malware.Trace) -> No action taken.

(end)
         
Nun ergibt sich folgendes Problem wenn ich den OTL-scan laufen lasse.

Win32 Error. Code: 1500.
The event log file is corrupted.


Ich habe mal den dazugehörigen screenshot angehängt.
Leider fand ich auch im Internet nichts um dieses Problem zu lösen.

Hier einmal der OTL-log:
OTL.txt
Code:
ATTFilter
OTL logfile created on: 21.08.2012 20:53:12 - Run 1
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Austria | Language: DEA | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 3,22 Gb Available Physical Memory | 92,04% Memory free
5,34 Gb Paging File | 5,24 Gb Available in Paging File | 98,17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 39,46 Gb Free Space | 26,48% Space Free | Partition Type: NTFS
 
Computer Name: BUBBAH-F8E574E1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Administrator\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\WINDOWS.0\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (LBTServ) -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\logishrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- c:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found
DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found
DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found
DRV - (xpsec) -- C:\WINDOWS.0\system32\drivers\xpsec.sys File not found
DRV - (xcpip) -- C:\WINDOWS.0\system32\drivers\xcpip.sys File not found
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (massfilter) -- system32\drivers\massfilter.sys File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (EuMusDesignVirtualAudioCableWdm_s2x) -- system32\DRIVERS\vacs2xkd.sys File not found
DRV - (Changer) --  File not found
DRV - (avipbb) -- C:\WINDOWS.0\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS.0\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS.0\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (LUsbFilt) -- C:\WINDOWS.0\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS.0\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS.0\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS.0\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (atksgt) -- C:\WINDOWS.0\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS.0\system32\drivers\lirsgt.sys ()
DRV - (ati2mtag) -- C:\WINDOWS.0\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (RTL8192su) -- C:\WINDOWS.0\system32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV - (ssmdrv) -- C:\WINDOWS.0\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (AtiHdmiService) -- C:\WINDOWS.0\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (WUSB54GCv3) -- C:\WINDOWS.0\system32\drivers\WUSB54GCv3.sys (Ralink Technology, Corp.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS.0\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (atapi) -- C:\WINDOWS.0\system32\drivers\atapi.sys ()
DRV - (nvnetbus) -- C:\WINDOWS.0\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS.0\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\WINDOWS.0\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (AmdPPM) -- C:\WINDOWS.0\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (LVPr2Mon) -- C:\WINDOWS.0\system32\drivers\LVPr2Mon.sys ()
DRV - (LVMVDrv) -- C:\WINDOWS.0\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (LVcKap) -- C:\WINDOWS.0\system32\drivers\Lvckap.sys ()
DRV - (LVUSBSta) -- C:\WINDOWS.0\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) -- C:\WINDOWS.0\system32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\WINDOWS.0\system32\drivers\lv302af.sys (Logitech Inc.)
DRV - (ASPI) -- C:\WINDOWS.0\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (irsir) -- C:\WINDOWS.0\system32\drivers\irsir.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-839522115-1060284298-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\S-1-5-21-839522115-1060284298-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS.0\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Documents and Settings\All Users.WINDOWS.0\Application Data\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.21 10:47:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.22 05:42:34 | 000,000,000 | ---D | M]
 
[2011.11.27 02:29:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.07.21 10:47:50 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.23 19:42:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.23 19:42:15 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS.0\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\.DEFAULT..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" File not found
O4 - HKU\S-1-5-18..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" File not found
O4 - HKU\S-1-5-20..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [AWPA1] D:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPA2] E:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPA3] F:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPA4] G:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPA5] H:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPA6] I:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPA7] J:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPA8] K:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPA9] L:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAa] M:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAb] N:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAc] O:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAd] P:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAe] Q:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAf] R:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAg] S:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAh] T:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAi] U:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAj] V:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAk] W:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAl] X:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAm] Y:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [AWPAn] Z:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPA1] D:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPA2] E:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPA3] F:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPA4] G:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPA5] H:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPA6] I:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPA7] J:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPA8] K:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPA9] L:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAa] M:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAb] N:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAc] O:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAd] P:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAe] Q:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAf] R:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAg] S:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAh] T:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAi] U:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAj] V:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAk] W:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAl] X:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAm] Y:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [AWPAn] Z:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPA1] D:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPA2] E:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPA3] F:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPA4] G:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPA5] H:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPA6] I:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPA7] J:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPA8] K:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPA9] L:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAa] M:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAb] N:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAc] O:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAd] P:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAe] Q:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAf] R:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAg] S:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAh] T:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAi] U:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAj] V:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAk] W:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAl] X:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAm] Y:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [AWPAn] Z:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPA1] D:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPA2] E:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPA3] F:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPA4] G:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPA5] H:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPA6] I:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPA7] J:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPA8] K:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPA9] L:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAa] M:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAb] N:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAc] O:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAd] P:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAe] Q:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAf] R:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAg] S:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAh] T:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAi] U:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAj] V:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAk] W:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAl] X:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAm] Y:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [AWPAn] Z:\OEM\KEYS\XP\XP_PRO\ANTIWPA.EXE File not found
O4 - HKU\S-1-5-21-839522115-1060284298-682003330-500..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-839522115-1060284298-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS.0\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS.0\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS.0\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS.0\system32\nvLsp.dll (NVIDIA)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DDC40D9-5538-49AC-91DC-5E7DDC6ED235}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{119145B6-08E0-4905-BA54-9F548BEFFD75}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.0\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS.0\system32\userinit.exe) - C:\WINDOWS.0\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS.0\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.06.05 17:13:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.21 19:23:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.21 19:23:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes
[2012.08.21 19:23:15 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS.0\System32\drivers\mbam.sys
[2012.08.21 19:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.21 19:20:02 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL(1).exe
[2012.08.21 19:13:26 | 000,000,000 | -HSD | C] -- C:\WINDOWS.0\CSC
[2012.08.21 18:53:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\igpwcyiyqxzevxn
[2012.08.15 05:04:06 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\localspl.dll
[2012.08.15 05:04:03 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\netapi32.dll
[2012.08.15 05:04:03 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\browser.dll
[2012.08.09 00:09:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.08.09 00:09:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Common Files
[2012.08.08 23:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Avira
[2012.08.08 23:03:18 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS.0\System32\drivers\ssmdrv.sys
[2012.08.08 23:03:16 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\WINDOWS.0\System32\drivers\avipbb.sys
[2012.08.08 23:03:16 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\WINDOWS.0\System32\drivers\avgntflt.sys
[2012.08.08 23:03:16 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS.0\System32\drivers\avkmgr.sys
[2012.08.08 23:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.08.08 23:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Avira
[9 C:\WINDOWS.0\System32\*.tmp files -> C:\WINDOWS.0\System32\*.tmp -> ]
[5 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.21 20:53:55 | 000,433,224 | ---- | M] () -- C:\WINDOWS.0\System32\perfh009.dat
[2012.08.21 20:53:55 | 000,067,798 | ---- | M] () -- C:\WINDOWS.0\System32\perfc009.dat
[2012.08.21 20:49:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS.0\bootstat.dat
[2012.08.21 19:23:18 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.21 18:53:05 | 000,000,051 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\joxbzhknwkmleyj
[2012.08.21 18:52:59 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\btneuzoq.exe
[2012.08.21 18:27:00 | 000,000,834 | ---- | M] () -- C:\WINDOWS.0\tasks\Adobe Flash Player Updater.job
[2012.08.19 23:14:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL(1).exe
[2012.08.15 21:40:31 | 000,139,648 | ---- | M] () -- C:\WINDOWS.0\System32\FNTCACHE.DAT
[2012.08.15 06:20:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS.0\imsins.BAK
[2012.08.15 04:27:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS.0\System32\FlashPlayerApp.exe
[2012.08.15 04:27:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS.0\System32\FlashPlayerCPLApp.cpl
[2012.08.14 22:25:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS.0\tasks\AppleSoftwareUpdate.job
[2012.08.13 01:42:07 | 000,001,230 | ---- | M] () -- C:\WINDOWS.0\System32\wpa.dbl
[9 C:\WINDOWS.0\System32\*.tmp files -> C:\WINDOWS.0\System32\*.tmp -> ]
[5 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.21 19:23:18 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.21 18:53:05 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\btneuzoq.exe
[2012.08.21 18:53:00 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\joxbzhknwkmleyj
[2012.08.15 06:18:30 | 000,001,374 | ---- | C] () -- C:\WINDOWS.0\imsins.BAK
[2012.02.16 06:43:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS.0\System32\iacenc.dll
[2012.01.30 21:49:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS.0\System32\d3d9caps.dat
[2011.04.14 17:47:10 | 000,281,760 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\atksgt.sys
[2011.04.14 17:47:09 | 000,025,888 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\lirsgt.sys
[2010.11.05 22:52:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS.0\System32\Access.dat
[2010.10.04 05:54:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS.0\System32\ezsidmv.dat
[2010.09.28 10:37:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS.0\HMHud.INI
[2010.09.06 07:41:31 | 000,000,038 | ---- | C] () -- C:\WINDOWS.0\AviSplitter.INI
[2010.09.02 21:03:36 | 000,023,008 | -H-- | C] () -- C:\WINDOWS.0\System32\mlfcache.dat
[2010.08.30 21:41:20 | 000,004,857 | ---- | C] () -- C:\WINDOWS.0\Ascd_tmp.ini
[2010.08.30 21:41:19 | 000,010,288 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\ASUSHWIO.SYS
[2010.08.30 20:31:50 | 000,219,348 | ---- | C] () -- C:\WINDOWS.0\System32\atiicdxx.dat
[2010.08.30 20:19:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS.0\ativpsrm.bin
[2010.08.30 20:19:10 | 000,003,948 | R--- | C] () -- C:\WINDOWS.0\System32\drivers\nvphy.bin
[2010.08.30 20:15:09 | 000,004,249 | ---- | C] () -- C:\WINDOWS.0\ODBCINST.INI
[2010.08.30 20:13:23 | 000,165,376 | ---- | C] () -- C:\WINDOWS.0\System32\unrar.dll
[2010.08.30 20:12:38 | 000,139,648 | ---- | C] () -- C:\WINDOWS.0\System32\FNTCACHE.DAT
[2010.08.30 19:27:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS.0\nsreg.dat
[2010.08.30 19:25:32 | 000,887,724 | ---- | C] () -- C:\WINDOWS.0\System32\ativva6x.dat
[2010.08.30 19:25:32 | 000,000,003 | ---- | C] () -- C:\WINDOWS.0\System32\ativva5x.dat
[2010.08.30 19:10:54 | 000,015,312 | R--- | C] () -- C:\WINDOWS.0\System32\RaCoInst.dat
[2010.08.30 19:02:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS.0\bootstat.dat
[2010.08.30 18:53:14 | 000,235,008 | ---- | C] () -- C:\WINDOWS.0\System32\psisdecd.dll
[2010.08.30 18:44:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS.0\System32\emptyregdb.dat
[2010.08.30 18:37:13 | 000,020,992 | ---- | C] () -- C:\WINDOWS.0\System32\CabTool.exe
[2010.08.29 23:54:53 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\hngmfc.dat
 
========== LOP Check ==========
 
[2012.04.09 14:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HEM Data
[2010.08.30 18:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010.07.11 18:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2010.08.02 16:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2010.06.24 17:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010.06.21 11:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010.06.08 11:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010.07.11 13:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tunngle
[2010.06.05 19:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XHEO INC
[2010.06.16 19:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.06.08 11:30:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2011.11.09 20:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Boss Media
[2012.08.09 00:09:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Common Files
[2012.05.04 15:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\id Software
[2012.08.21 18:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\igpwcyiyqxzevxn
[2012.02.18 17:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Nitro PDF
[2012.08.09 00:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\TechSmith
[2012.08.09 00:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\TuneUp Software
[2010.11.05 05:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Tunngle
[2010.09.03 04:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\XHEO INC
[2011.09.14 14:08:22 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2012.08.09 00:09:45 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2010.08.30 19:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.08.30 20:34:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.06.16 05:06:29 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Ardian\Application Data\.#
[2010.08.28 23:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardian\Application Data\HEM Data
[2010.07.11 18:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardian\Application Data\id Software
[2010.06.05 17:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardian\Application Data\Opera
[2010.07.04 04:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardian\Application Data\postgresql
[2010.06.11 02:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardian\Application Data\RayV
[2010.08.15 03:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardian\Application Data\TeamViewer
[2010.06.21 02:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardian\Application Data\TS3Client
[2010.06.08 11:31:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardian\Application Data\TuneUp Software
[2010.07.13 01:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardian\Application Data\Tunngle
[2010.08.28 02:23:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardian\Application Data\uTorrent
[2011.04.14 17:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\Absolute Poker
[2012.02.18 16:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\Downloaded Installations
[2011.04.01 22:09:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\DVDVideoSoftIEHelpers
[2011.07.15 19:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\Garena
[2011.01.24 22:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\GetRightToGo
[2011.04.07 21:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\HEM Data
[2012.04.12 18:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\HoldemManager
[2011.10.31 23:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\id Software
[2011.09.12 21:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\Leadertech
[2011.05.25 20:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\LolClient
[2012.02.18 17:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\Nitro PDF
[2011.05.17 06:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\Notepad++
[2010.12.02 18:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\OpenOffice.org
[2010.08.30 19:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\Opera
[2012.08.21 19:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\Orbit
[2010.09.28 10:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\postgresql
[2011.02.18 21:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\Program Files
[2012.03.29 13:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\ProgSense
[2012.04.12 18:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\Roaming
[2012.03.07 16:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\TeamViewer
[2012.08.09 01:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\TS3Client
[2012.08.09 00:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\TuneUp Software
[2010.11.05 05:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\Tunngle
[2012.08.19 23:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bubbah\Application Data\uTorrent
[2010.06.05 17:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\uTorrent
[2010.08.30 18:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User.WINDOWS.0\Application Data\uTorrent
[2011.09.21 14:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\TuneUp Software
[2010.08.30 18:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\postgres\Application Data\uTorrent
 
========== Purity Check ==========
 
 

< End of report >
         
Wie gehe ich nun vor?

Vielen Dank für die Hilfe.
MFG
Miniaturansicht angehängter Grafiken
Bundespolizei Trojaner - Ihr Computer wurde gesperrt! + OTL Fehler (The event log file is corrupted.)-untitled.jpg  

Alt 21.08.2012, 22:06   #2
markusg
/// Malware-holic
 
Bundespolizei Trojaner - Ihr Computer wurde gesperrt! + OTL Fehler (The event log file is corrupted.) - Standard

Bundespolizei Trojaner - Ihr Computer wurde gesperrt! + OTL Fehler (The event log file is corrupted.)



hi
du nutzt ne illegale windows version
antiwpa.dll
deshalb gibts hier nur hilfe beim neu aufsetzen:
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________

__________________

Alt 21.08.2012, 22:50   #3
bubbah1012
 
Bundespolizei Trojaner - Ihr Computer wurde gesperrt! + OTL Fehler (The event log file is corrupted.) - Standard

Bundespolizei Trojaner - Ihr Computer wurde gesperrt! + OTL Fehler (The event log file is corrupted.)



Fängt ja schonmal gut an. Bekomme direkt beim Versuch TweakUI zu installieren die angehängten Fehlermeldungen.
'Ignore' auszuwählen bringt auch nichts.
Bin im abgesicherten Modus mit networking.

Danke nochmals für die Mühe.
__________________
Miniaturansicht angehängter Grafiken
Bundespolizei Trojaner - Ihr Computer wurde gesperrt! + OTL Fehler (The event log file is corrupted.)-fehler.jpg  

Alt 22.08.2012, 17:28   #4
markusg
/// Malware-holic
 
Bundespolizei Trojaner - Ihr Computer wurde gesperrt! + OTL Fehler (The event log file is corrupted.) - Standard

Bundespolizei Trojaner - Ihr Computer wurde gesperrt! + OTL Fehler (The event log file is corrupted.)



dann deaktiviere autorun manuell
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Bundespolizei Trojaner - Ihr Computer wurde gesperrt! + OTL Fehler (The event log file is corrupted.)
administrator, adobe, avira, bho, bonjour, computer, downloader, explorer, fehler, file, firefox, flash player, format, gesperrt, log, log file, logfile, nvidia, opera, problem, pup.wpakill, realtek, registry, software, system, trojaner



Ähnliche Themen: Bundespolizei Trojaner - Ihr Computer wurde gesperrt! + OTL Fehler (The event log file is corrupted.)


  1. Ihr Computer wurde automatisch gesperrt Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (2)
  2. Ihr Computer wurde gesperrt - Bundespolizei - UKASH
    Plagegeister aller Art und deren Bekämpfung - 09.11.2012 (22)
  3. Trojaner: Ihr Computer wurde gesperrt Bundespolizei Ukash
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (10)
  4. Bundespolizei - Computer wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (6)
  5. Ihr Computer wurde gesperrt - Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 29.09.2012 (2)
  6. Bundespolizei- Ihr Computer wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (6)
  7. Bundespolizei - Computer wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 15.09.2012 (51)
  8. Computer wurde gesperrt von der Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (2)
  9. Bundespolizei- Ihr Computer wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (7)
  10. BUNDESPOLIZEI - Ihr Computer wurde gesperrt
    Log-Analyse und Auswertung - 22.08.2012 (12)
  11. Ihr Computer wurde gesperrt - Bundespolizei Trojaner
    Log-Analyse und Auswertung - 21.08.2012 (10)
  12. Bundespolizei/Ukash/Ihr Computer wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (2)
  13. BUNDESPOLIZEI / Ihr Computer wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 03.08.2012 (31)
  14. Ihr Computer wurde gesperrt Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (5)
  15. Bundespolizei - Computer wurde gesperrt
    Log-Analyse und Auswertung - 09.07.2012 (1)
  16. http://www.trojaner-board.de/116052-bundespolizei-computer-wurde-gesperrt.html
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (1)
  17. BUNDESPOLIZEI - Ihr Computer wurde gesperrt
    Anleitungen, FAQs & Links - 29.05.2012 (0)

Zum Thema Bundespolizei Trojaner - Ihr Computer wurde gesperrt! + OTL Fehler (The event log file is corrupted.) - Hallo, auch ich bin nun diesem Trojaner zum Opfer gefallen. Hier der Malwarebytes-Log Code: Alles auswählen Aufklappen ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.21.09 Windows XP Service Pack 3 - Bundespolizei Trojaner - Ihr Computer wurde gesperrt! + OTL Fehler (The event log file is corrupted.)...
Archiv
Du betrachtest: Bundespolizei Trojaner - Ihr Computer wurde gesperrt! + OTL Fehler (The event log file is corrupted.) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.