| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner TR/Dropper.Gen in C:\\windows\system32\sdra64.exe - was muss ich tun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.04.2010, 15:07
| #16 |
| /// Helfer-Team  |  Trojaner TR/Dropper.Gen in C:\\windows\system32\sdra64.exe - was muss ich tun? Hi, ja sieht gut aus. Poste mir bitte ein neues OTL-Logfile, damit ich sehe, ob evtl. noch was aktiv ist. Dann sind wir so gut wie durch  |
|
28.04.2010, 17:29
| #17 |
 | Trojaner TR/Dropper.Gen in C:\\windows\system32\sdra64.exe - was muss ich tun? Hi,
__________________soll ich einen "normalen" OTL-Scan machen oder einen wie zuletzt und diesen einen Absatz einfügen? VG, Helli |
|
28.04.2010, 17:44
| #18 |
| /// Helfer-Team | Trojaner TR/Dropper.Gen in C:\\windows\system32\sdra64.exe - was muss ich tun? Hi,
__________________nein, einen ganz normalen Scan, so wie am Anfang. Es wird aber nur eine neue OTL.txt erstellt, keine Extras.txt
__________________ |
|
28.04.2010, 20:14
| #19 |
| | Trojaner TR/Dropper.Gen in C:\\windows\system32\sdra64.exe - was muss ich tun? Hi, hier ist die OTL.txt: OTL logfile created on: 28.04.2010 21:06:18 - Run 4 OTL by OldTimer - Version 3.2.1.3 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free 3,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 25,76 Gb Total Space | 6,12 Gb Free Space | 23,77% Space Free | Partition Type: FAT32 Drive D: | 26,97 Gb Total Space | 20,63 Gb Free Space | 76,48% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ACER-A9CE03BBC6 Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe () PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\COCIManager.exe () PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\lxcycoms.exe ( ) PRC - C:\Programme\Lexmark 3400 Series\ezprint.exe (Lexmark International Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.) PRC - C:\Acer\Empowering Technology\ePower\epm-dm.exe (Acer Inc) PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron) PRC - C:\Programme\Launch Manager\WButton.exe () PRC - C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.) PRC - C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.) PRC - C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.) PRC - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe (Cyberlink) PRC - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe () PRC - C:\Programme\Launch Manager\LaunchAp.exe () PRC - C:\Programme\Launch Manager\OSDCtrl.exe () PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\Programme\Launch Manager\Powerkey.exe () ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\sysenv.dll (HiTRUST) MOD - C:\WINDOWS\system32\MSNChatHook.dll () MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.) MOD - C:\WINDOWS\system32\MFC71u.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\MFC71DEU.DLL (Microsoft Corporation) MOD - C:\WINDOWS\system32\msvcr71.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (LVPrcSrv) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (lxcy_device) -- C:\WINDOWS\System32\lxcycoms.exe ( ) SRV - (AWService) -- C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.) SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe () SRV - (CyberLink Media Library Service) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys () DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation) DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies) DRV - (NdisFilt) -- C:\WINDOWS\system32\drivers\NdisFilt.sys (OSA Technologies) DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company) DRV - (NETMNT) -- C:\WINDOWS\system32\drivers\NETMNT.sys () DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows (R) 2000 DDK provider) DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation ) DRV - (PCANDIS5) -- C:\WINDOWS\system32\PCANDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation) DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation) DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA) DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) DRV - (Hotkey) -- C:\WINDOWS\system32\drivers\HOTKEY.sys () DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (POWERKEY) -- C:\Programme\Launch Manager\POWERKEY.SYS () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.tagesschau.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.03.26 14:45:36 | 000,000,000 | ---D | M] [2007.11.26 10:33:12 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2006.09.26 12:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll O1 HOSTS File: ([2004.08.04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll (HiTRUST) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll (HiTRUST) O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan) O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe (Wistron) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe () O4 - HKLM..\Run: [EPM-DM] c:\Acer\Empowering Technology\ePower\epm-dm.exe (Acer Inc) O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.) O4 - HKLM..\Run: [EzPrint] C:\Programme\Lexmark 3400 Series\ezprint.exe (Lexmark International Inc.) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LMgrOSD] C:\Programme\Launch Manager\OSDCtrl.exe () O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Programme\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [LXCYCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.DLL () O4 - HKLM..\Run: [lxcymon.exe] C:\Programme\Lexmark 3400 Series\lxcymon.exe () O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PowerKey] C:\Programme\Launch Manager\PowerKey.exe () O4 - HKLM..\Run: [preload] C:\WINDOWS\RUNXMLPL.EXE (Wistron) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Wbutton] C:\Programme\Launch Manager\Wbutton.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0 O8 - Extra context menu item: &Sample Toolband Serach - C:\WINDOWS\System32\ToolBand.dll (HiTRUST) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Geräteerkennung) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.33 83.169.186.97 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe () O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2c58885e-9616-11dc-ac9e-0016ce2c743e}\Shell\AutoRun\command - "" = C:\WINDOWS\explorer.exe -- [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{2c58885e-9616-11dc-ac9e-0016ce2c743e}\Shell\explore\Command - "" = C:\WINDOWS\explorer.exe -- [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{2c58885e-9616-11dc-ac9e-0016ce2c743e}\Shell\open\Command - "" = C:\WINDOWS\explorer.exe -- [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.04.27 11:51:22 | 000,000,000 | ---D | C] -- C:\_OTL [2010.04.19 21:35:15 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.04.19 21:14:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2010.04.19 21:14:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.19 21:14:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.04.19 21:14:17 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.19 21:14:17 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.04.19 21:13:28 | 005,918,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\***\Eigene Dateien\mbam-setup-1.45.exe [2010.04.19 20:06:18 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\***\Eigene Dateien\HiJackThis.exe [2010.04.17 16:14:44 | 000,000,000 | ---D | C] -- C:\Programme\CDex [2010.04.17 16:13:54 | 008,697,544 | ---- | C] (Georgy Berdyshev) -- C:\Dokumente und Einstellungen\***\Eigene Dateien\CDex-win32-1.70-b4-2009.exe [2010.04.09 16:26:49 | 000,000,000 | ---D | C] -- C:\Programme\CamStudio [2010.03.31 12:56:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2010.03.18 12:15:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Temp [2010.02.25 15:10:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Temp [2009.06.22 12:29:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google [2009.05.22 11:31:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2007.04.15 11:39:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia [2007.01.25 11:50:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google [2007.01.25 11:50:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Google [2007.01.04 16:34:19 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyinpa.dll [2007.01.04 16:34:19 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyiesc.dll [2007.01.04 16:31:21 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyserv.dll [2007.01.04 16:31:21 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyusb1.dll [2007.01.04 16:31:20 | 000,536,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcylmpm.dll [2007.01.04 16:31:20 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyprox.dll [2007.01.04 16:31:20 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcypplc.dll [2007.01.04 16:31:18 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyhbn3.dll [2007.01.04 16:31:18 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomm.dll [2007.01.04 16:31:17 | 000,610,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomc.dll [2004.09.13 12:37:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2004.09.13 12:37:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2004.09.13 12:24:52 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft [2004.09.13 12:24:52 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft ========== Files - Modified Within 30 Days ========== [2010.04.28 21:06:14 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1802197209-1933737886-4094737418-1005.job [2010.04.28 21:06:14 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1802197209-1933737886-4094737418-1005.job [2010.04.28 20:20:02 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.04.28 13:17:38 | 000,000,451 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini [2010.04.28 13:17:06 | 000,000,097 | ---- | M] () -- C:\WINDOWS\ComponentList.xml [2010.04.28 13:17:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.04.28 13:16:58 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.04.28 13:15:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.04.28 13:15:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.04.28 13:15:12 | 2137,509,888 | -HS- | M] () -- C:\hiberfil.sys [2010.04.28 01:30:10 | 008,388,608 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT [2010.04.28 01:30:10 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini [2010.04.20 21:31:08 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\gzlpgcvz.exe [2010.04.19 22:51:50 | 000,006,144 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.19 22:32:34 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010.04.19 21:35:24 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.04.19 21:13:44 | 005,918,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\***\Eigene Dateien\mbam-setup-1.45.exe [2010.04.19 20:06:20 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\***\Eigene Dateien\HiJackThis.exe [2010.04.17 16:13:56 | 008,697,544 | ---- | M] (Georgy Berdyshev) -- C:\Dokumente und Einstellungen\***\Eigene Dateien\CDex-win32-1.70-b4-2009.exe [2010.04.17 15:44:38 | 000,073,797 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\MDR-Volo.pdf [2010.04.14 00:47:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.04.09 16:26:56 | 000,000,569 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CamStudio.lnk [2010.04.09 16:26:34 | 001,364,995 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\CamStudio20.exe [2010.04.06 14:42:26 | 000,001,617 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 8.lnk [2010.03.30 20:09:50 | 000,001,037 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\MA-Aufgaben.rtf ========== Files Created - No Company Name ========== [2010.04.20 21:31:05 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\gzlpgcvz.exe [2010.04.17 15:44:36 | 000,073,797 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\MDR-Volo.pdf [2010.04.09 16:26:55 | 000,000,569 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CamStudio.lnk [2010.04.09 16:26:30 | 001,364,995 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\CamStudio20.exe [2010.04.06 14:42:25 | 000,001,617 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 8.lnk [2010.03.30 20:09:48 | 000,001,037 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\MA-Aufgaben.rtf [2010.02.02 23:30:59 | 000,006,144 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.07 23:53:58 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009.11.26 00:55:20 | 000,000,063 | ---- | C] () -- C:\Dokumente und Einstellungen\***\jagex_runescape_preferences2.dat [2009.11.15 00:22:09 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI [2009.10.27 20:42:50 | 000,003,690 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.jmf-resource [2009.10.25 20:22:14 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\advd.dll [2009.10.25 20:22:14 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\auth.dll [2009.10.07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2009.10.07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll [2009.08.28 17:36:35 | 000,000,038 | ---- | C] () -- C:\Dokumente und Einstellungen\***\jagex_runescape_preferences.dat [2009.06.20 21:04:18 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2008.11.19 00:15:26 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2008.10.29 17:08:50 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2008.03.06 13:06:57 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat [2008.01.26 19:13:24 | 000,005,655 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Z [2008.01.25 18:33:31 | 000,000,012 | ---- | C] () -- C:\WINDOWS\SetDSL.ini [2008.01.25 18:19:52 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll [2007.09.13 02:24:36 | 000,000,172 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007.06.08 14:39:10 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll [2007.06.03 21:09:14 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2007.02.17 17:59:08 | 000,000,174 | ---- | C] () -- C:\WINDOWS\Tcsofla.INI [2007.02.07 17:07:31 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2007.02.07 17:07:31 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\MP2enc.dll [2007.01.04 16:34:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcyvs.dll [2007.01.04 16:34:18 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\lxcycoin.dll [2007.01.04 16:33:52 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\lxcydrs.dll [2007.01.04 16:33:52 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcycaps.dll [2007.01.04 16:33:51 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcycnv4.dll [2007.01.04 16:31:22 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lxcyinst.dll [2006.12.15 15:53:34 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2006.12.15 15:53:34 | 000,000,342 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2006.12.15 15:50:27 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2006.12.15 15:50:27 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2006.12.15 15:50:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2006.12.15 15:50:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll [2006.12.15 15:50:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll [2006.12.15 15:50:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll [2006.09.07 19:30:46 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.09.07 19:15:39 | 000,000,116 | ---- | C] () -- C:\Dokumente und Einstellungen\***\LuResult.txt [2006.06.16 16:33:00 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2006.05.26 17:58:12 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.05.26 17:31:43 | 000,822,784 | ---- | C] () -- C:\WINDOWS\System32\UIVCL.dll [2006.05.26 17:31:43 | 000,152,576 | ---- | C] () -- C:\WINDOWS\System32\CryptoAPI.dll [2006.05.26 17:31:43 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Outlook Addin.dll [2006.05.26 17:31:43 | 000,082,432 | ---- | C] () -- C:\WINDOWS\System32\keyManager.dll [2006.05.26 17:31:43 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\LogSPWusage.dll [2006.05.26 17:31:43 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll [2006.05.26 17:31:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll [2006.05.26 17:31:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll [2006.05.26 17:31:43 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll [2006.05.26 17:31:43 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll [2006.05.26 17:30:53 | 000,000,451 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini [2006.05.26 17:28:02 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys [2006.05.26 17:24:51 | 000,007,600 | ---- | C] () -- C:\Dokumente und Einstellungen\***\launApp.log [2006.05.26 17:24:51 | 000,000,348 | ---- | C] () -- C:\Dokumente und Einstellungen\***\results.txt [2006.05.26 17:24:49 | 008,388,608 | -H-- | C] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT [2006.05.26 17:24:49 | 000,001,024 | -H-- | C] () -- C:\Dokumente und Einstellungen\***\ntuser.dat.LOG [2006.05.26 17:24:49 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\***\ntuser.ini [2006.05.26 17:24:05 | 000,262,144 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.DAT [2006.05.26 17:24:05 | 000,001,024 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.DAT.LOG [2006.05.26 11:41:46 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2005.12.06 10:51:34 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll [2005.12.06 10:50:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2005.12.06 10:50:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll [2005.12.06 10:50:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll [2005.12.06 10:50:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll [2005.07.05 08:09:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005.05.02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys [2005.01.21 11:48:06 | 000,225,280 | ---- | C] () -- C:\WINDOWS\Capsule.dll [2004.09.07 14:23:16 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2003.12.29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll [2003.11.24 15:55:48 | 000,743,424 | ---- | C] () -- C:\WINDOWS\libxml2.dll [2003.11.24 15:55:32 | 000,872,448 | ---- | C] () -- C:\WINDOWS\iconv.dll [2003.07.21 16:52:40 | 000,001,150 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2001.12.26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001.09.03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll < End of report > VG, Helli |
|
28.04.2010, 20:36
| #20 |
| /// Helfer-Team | Trojaner TR/Dropper.Gen in C:\\windows\system32\sdra64.exe - was muss ich tun? Hi, ja, das Log sieht sauber aus. Kein Hinweis mehr auf Malware. Bitte abschließend einen Online-Scan durchführen: ESET Online Scanner
|
|
07.05.2010, 17:26
| #21 |
| | Trojaner TR/Dropper.Gen in C:\\windows\system32\sdra64.exe - was muss ich tun? Hi, hat etwas länger gedauert, aber hier ist es: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=1825645127cca147b93db8a65277c798 # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-04-28 10:17:36 # local_time=2010-04-29 12:17:36 (+0100, Westeuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1797 16775125 100 100 0 48003645 147318 0 # compatibility_mode=8192 67108863 100 0 161 161 0 0 # scanned=32031 # found=1 # cleaned=0 # scan_time=8337 C:\WINDOWS\system32\userinit.exe a variant of Win32/Kryptik.CEI trojan (unable to clean) 00000000000000000000000000000000 I # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=1825645127cca147b93db8a65277c798 # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-05-02 10:15:15 # local_time=2010-05-03 12:15:15 (+0100, Westeuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1797 16775125 100 100 0 48350184 25031 0 # compatibility_mode=8192 67108863 100 0 346700 346700 0 0 # scanned=51708 # found=1 # cleaned=0 # scan_time=7257 C:\WINDOWS\system32\userinit.exe a variant of Win32/Kryptik.CEI trojan (unable to clean) 00000000000000000000000000000000 I # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=1825645127cca147b93db8a65277c798 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-05-07 04:13:46 # local_time=2010-05-07 06:13:46 (+0100, Westeuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1797 16775125 100 100 68793 48753041 254947 0 # compatibility_mode=8192 67108863 100 0 749557 749557 0 0 # scanned=110877 # found=5 # cleaned=4 # scan_time=14710 C:\WINDOWS\system32\userinit.exe a variant of Win32/Kryptik.CEI trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{20805B88-0A57-49FE-94C0-35B1D4357244}\RP732\A0106584.EXE a variant of Win32/Kryptik.DBC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{20805B88-0A57-49FE-94C0-35B1D4357244}\RP733\A0106883.EXE a variant of Win32/Kryptik.DBC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{20805B88-0A57-49FE-94C0-35B1D4357244}\RP719\A0105048.dll a variant of Win32/Kryptik.CLY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{20805B88-0A57-49FE-94C0-35B1D4357244}\RP727\A0106108.exe a variant of Win32/Kryptik.DCD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C |
|
15.05.2010, 10:14
| #22 |
| /// Helfer-Team | Trojaner TR/Dropper.Gen in C:\\windows\system32\sdra64.exe - was muss ich tun? Hi, sorry, dass ich mich so lange nicht gemeldet habe, ich hatte selbst einen Virus außerhalb des PCs  Die korrupte userinit.exe ist immer noch da zu sein. Erstelle mir bitte ein neues OTL-Logfile
|
|
15.05.2010, 16:47
| #23 |
| | Trojaner TR/Dropper.Gen in C:\\windows\system32\sdra64.exe - was muss ich tun? Hallo, wenigstens ist dein Virus bekämpft.... Hier sind die Logfiles: Code:
ATTFilter OTL logfile created on: 15.05.2010 17:33:55 - Run 5 OTL by OldTimer - Version 3.2.1.3 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free 3,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 25,76 Gb Total Space | 6,34 Gb Free Space | 24,62% Space Free | Partition Type: FAT32 Drive D: | 26,97 Gb Total Space | 20,56 Gb Free Space | 76,23% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ACER-A9CE03BBC6 Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe () PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\COCIManager.exe () PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\lxcycoms.exe ( ) PRC - C:\Programme\Lexmark 3400 Series\ezprint.exe (Lexmark International Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.) PRC - C:\Acer\Empowering Technology\ePower\epm-dm.exe (Acer Inc) PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron) PRC - C:\Programme\Launch Manager\WButton.exe () PRC - C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.) PRC - C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.) PRC - C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.) PRC - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe (Cyberlink) PRC - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe () PRC - C:\Programme\Launch Manager\LaunchAp.exe () PRC - C:\Programme\Launch Manager\OSDCtrl.exe () PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\Programme\Launch Manager\Powerkey.exe () ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\sysenv.dll (HiTRUST) MOD - C:\WINDOWS\system32\MSNChatHook.dll () MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.) MOD - C:\WINDOWS\system32\MFC71u.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\MFC71DEU.DLL (Microsoft Corporation) MOD - C:\WINDOWS\system32\msvcr71.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (LVPrcSrv) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (lxcy_device) -- C:\WINDOWS\System32\lxcycoms.exe ( ) SRV - (AWService) -- C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.) SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe () SRV - (CyberLink Media Library Service) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys () DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation) DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies) DRV - (NdisFilt) -- C:\WINDOWS\system32\drivers\NdisFilt.sys (OSA Technologies) DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company) DRV - (NETMNT) -- C:\WINDOWS\system32\drivers\NETMNT.sys () DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows (R) 2000 DDK provider) DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation ) DRV - (PCANDIS5) -- C:\WINDOWS\system32\PCANDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation) DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation) DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA) DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) DRV - (Hotkey) -- C:\WINDOWS\system32\drivers\HOTKEY.sys () DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (POWERKEY) -- C:\Programme\Launch Manager\POWERKEY.SYS () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.tagesschau.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.03.26 14:45:36 | 000,000,000 | ---D | M] [2007.11.26 10:33:12 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2006.09.26 12:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll O1 HOSTS File: ([2004.08.04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll (HiTRUST) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll (HiTRUST) O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan) O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe (Wistron) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe () O4 - HKLM..\Run: [EPM-DM] c:\Acer\Empowering Technology\ePower\epm-dm.exe (Acer Inc) O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.) O4 - HKLM..\Run: [EzPrint] C:\Programme\Lexmark 3400 Series\ezprint.exe (Lexmark International Inc.) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LMgrOSD] C:\Programme\Launch Manager\OSDCtrl.exe () O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Programme\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [LXCYCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.DLL () O4 - HKLM..\Run: [lxcymon.exe] C:\Programme\Lexmark 3400 Series\lxcymon.exe () O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PowerKey] C:\Programme\Launch Manager\PowerKey.exe () O4 - HKLM..\Run: [preload] C:\WINDOWS\RUNXMLPL.EXE (Wistron) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Wbutton] C:\Programme\Launch Manager\Wbutton.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0 O8 - Extra context menu item: &Sample Toolband Serach - C:\WINDOWS\System32\ToolBand.dll (HiTRUST) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Geräteerkennung) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.33 83.169.186.97 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe () O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2c58885e-9616-11dc-ac9e-0016ce2c743e}\Shell\AutoRun\command - "" = C:\WINDOWS\explorer.exe -- [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{2c58885e-9616-11dc-ac9e-0016ce2c743e}\Shell\explore\Command - "" = C:\WINDOWS\explorer.exe -- [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{2c58885e-9616-11dc-ac9e-0016ce2c743e}\Shell\open\Command - "" = C:\WINDOWS\explorer.exe -- [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.07 18:30:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\backups [2010.04.27 11:51:22 | 000,000,000 | ---D | C] -- C:\_OTL [2010.04.19 21:35:15 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.04.19 21:14:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2010.04.19 21:14:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.19 21:14:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.04.19 21:14:17 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.19 21:14:17 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.04.19 21:13:28 | 005,918,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\***\Eigene Dateien\mbam-setup-1.45.exe [2010.04.19 20:06:18 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\***\Eigene Dateien\HiJackThis.exe [2010.04.17 16:14:44 | 000,000,000 | ---D | C] -- C:\Programme\CDex [2010.04.17 16:13:54 | 008,697,544 | ---- | C] (Georgy Berdyshev) -- C:\Dokumente und Einstellungen\***\Eigene Dateien\CDex-win32-1.70-b4-2009.exe [2010.03.18 12:15:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Temp [2010.02.25 15:10:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Temp [2009.06.22 12:29:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google [2009.05.22 11:31:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2007.04.15 11:39:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia [2007.01.25 11:50:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google [2007.01.25 11:50:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Google [2007.01.04 16:34:19 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyinpa.dll [2007.01.04 16:34:19 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyiesc.dll [2007.01.04 16:31:21 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyserv.dll [2007.01.04 16:31:21 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyusb1.dll [2007.01.04 16:31:20 | 000,536,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcylmpm.dll [2007.01.04 16:31:20 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyprox.dll [2007.01.04 16:31:20 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcypplc.dll [2007.01.04 16:31:18 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyhbn3.dll [2007.01.04 16:31:18 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomm.dll [2007.01.04 16:31:17 | 000,610,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomc.dll [2004.09.13 12:37:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2004.09.13 12:37:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2004.09.13 12:24:52 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft [2004.09.13 12:24:52 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft ========== Files - Modified Within 30 Days ========== [2010.05.15 17:20:02 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.05.15 17:12:32 | 000,000,451 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini [2010.05.15 17:12:02 | 000,000,097 | ---- | M] () -- C:\WINDOWS\ComponentList.xml [2010.05.15 17:11:56 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.05.15 17:11:56 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1802197209-1933737886-4094737418-1005.job [2010.05.15 17:11:54 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.05.15 16:55:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.05.15 16:55:24 | 2137,509,888 | -HS- | M] () -- C:\hiberfil.sys [2010.05.15 16:55:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.05.15 02:34:08 | 008,388,608 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT [2010.05.15 02:34:08 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini [2010.05.15 02:33:56 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1802197209-1933737886-4094737418-1005.job [2010.05.14 19:11:54 | 000,000,017 | -H-- | M] () -- C:\WINDOWS\System32\servdat.slm [2010.05.14 19:03:42 | 000,000,356 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz [2010.05.14 19:03:42 | 000,000,342 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll [2010.05.14 19:03:42 | 000,000,014 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz [2010.04.20 21:31:08 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\gzlpgcvz.exe [2010.04.19 22:51:50 | 000,006,144 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.19 22:32:34 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010.04.19 21:35:24 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.04.19 21:13:44 | 005,918,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\***\Eigene Dateien\mbam-setup-1.45.exe [2010.04.19 20:06:20 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\***\Eigene Dateien\HiJackThis.exe [2010.04.17 16:13:56 | 008,697,544 | ---- | M] (Georgy Berdyshev) -- C:\Dokumente und Einstellungen\***\Eigene Dateien\CDex-win32-1.70-b4-2009.exe ========== Files Created - No Company Name ========== [2010.05.13 02:31:11 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1802197209-1933737886-4094737418-1005.job [2010.04.20 21:31:05 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\gzlpgcvz.exe [2010.02.02 23:30:59 | 000,006,144 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.07 23:53:58 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009.11.26 00:55:20 | 000,000,063 | ---- | C] () -- C:\Dokumente und Einstellungen\***\jagex_runescape_preferences2.dat [2009.11.15 00:22:09 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI [2009.10.27 20:42:50 | 000,003,690 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.jmf-resource [2009.10.25 20:22:14 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\advd.dll [2009.10.25 20:22:14 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\auth.dll [2009.10.07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2009.10.07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll [2009.08.28 17:36:35 | 000,000,038 | ---- | C] () -- C:\Dokumente und Einstellungen\***\jagex_runescape_preferences.dat [2009.06.20 21:04:18 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2008.11.19 00:15:26 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2008.10.29 17:08:50 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2008.03.06 13:06:57 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat [2008.01.26 19:13:24 | 000,005,655 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Z [2008.01.25 18:33:31 | 000,000,012 | ---- | C] () -- C:\WINDOWS\SetDSL.ini [2008.01.25 18:19:52 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll [2007.09.13 02:24:36 | 000,000,172 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007.06.08 14:39:10 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll [2007.06.03 21:09:14 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2007.02.17 17:59:08 | 000,000,174 | ---- | C] () -- C:\WINDOWS\Tcsofla.INI [2007.02.07 17:07:31 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2007.02.07 17:07:31 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\MP2enc.dll [2007.01.04 16:34:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcyvs.dll [2007.01.04 16:34:18 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\lxcycoin.dll [2007.01.04 16:33:52 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\lxcydrs.dll [2007.01.04 16:33:52 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcycaps.dll [2007.01.04 16:33:51 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcycnv4.dll [2007.01.04 16:31:22 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lxcyinst.dll [2006.12.15 15:53:34 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2006.12.15 15:53:34 | 000,000,342 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2006.12.15 15:50:27 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2006.12.15 15:50:27 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2006.12.15 15:50:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2006.12.15 15:50:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll [2006.12.15 15:50:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll [2006.12.15 15:50:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll [2006.09.07 19:30:46 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.09.07 19:15:39 | 000,000,116 | ---- | C] () -- C:\Dokumente und Einstellungen\***\LuResult.txt [2006.06.16 16:33:00 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2006.05.26 17:58:12 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.05.26 17:31:43 | 000,822,784 | ---- | C] () -- C:\WINDOWS\System32\UIVCL.dll [2006.05.26 17:31:43 | 000,152,576 | ---- | C] () -- C:\WINDOWS\System32\CryptoAPI.dll [2006.05.26 17:31:43 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Outlook Addin.dll [2006.05.26 17:31:43 | 000,082,432 | ---- | C] () -- C:\WINDOWS\System32\keyManager.dll [2006.05.26 17:31:43 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\LogSPWusage.dll [2006.05.26 17:31:43 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll [2006.05.26 17:31:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll [2006.05.26 17:31:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll [2006.05.26 17:31:43 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll [2006.05.26 17:31:43 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll [2006.05.26 17:30:53 | 000,000,451 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini [2006.05.26 17:28:02 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys [2006.05.26 17:24:51 | 000,007,600 | ---- | C] () -- C:\Dokumente und Einstellungen\***\launApp.log [2006.05.26 17:24:51 | 000,000,348 | ---- | C] () -- C:\Dokumente und Einstellungen\***\results.txt [2006.05.26 17:24:49 | 008,388,608 | -H-- | C] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT [2006.05.26 17:24:49 | 000,001,024 | -H-- | C] () -- C:\Dokumente und Einstellungen\***\ntuser.dat.LOG [2006.05.26 17:24:49 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\***\ntuser.ini [2006.05.26 17:24:05 | 000,262,144 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.DAT [2006.05.26 17:24:05 | 000,001,024 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.DAT.LOG [2006.05.26 11:41:46 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2005.12.06 10:51:34 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll [2005.12.06 10:50:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2005.12.06 10:50:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll [2005.12.06 10:50:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll [2005.12.06 10:50:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll [2005.07.05 08:09:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005.05.02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys [2005.01.21 11:48:06 | 000,225,280 | ---- | C] () -- C:\WINDOWS\Capsule.dll [2004.09.07 14:23:16 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2003.12.29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll [2003.11.24 15:55:48 | 000,743,424 | ---- | C] () -- C:\WINDOWS\libxml2.dll [2003.11.24 15:55:32 | 000,872,448 | ---- | C] () -- C:\WINDOWS\iconv.dll [2003.07.21 16:52:40 | 000,001,150 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2001.12.26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001.09.03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll ========== Custom Scans ========== < userinit.exe /s /md5 > [2004.08.04 05:00:00 | 000,025,088 | ---- | M] () MD5=D1E53DC57143F2584B1DD53B036C0633 -- \WINDOWS\$NtServicePackUninstall$\userinit.exe [2008.04.14 04:23:04 | 000,026,624 | ---- | M] () MD5=788F95312E26389D596C0FA55834E106 -- \WINDOWS\ServicePackFiles\i386\userinit.exe [2010.03.10 17:14:50 | 000,056,832 | ---- | M] () MD5=00BC6DFD278A38E8C9F15EB555AFA53B -- \WINDOWS\system32\userinit.exe [2008.04.14 04:23:04 | 000,026,624 | ---- | M] () MD5=788F95312E26389D596C0FA55834E106 -- \WINDOWS\system32\dllcache\userinit.exe < End of report > |
|
15.05.2010, 16:49
| #24 |
| | Trojaner TR/Dropper.Gen in C:\\windows\system32\sdra64.exe - was muss ich tun? Nummer 2: Code:
ATTFilter OTL Extras logfile created on: 15.05.2010 17:33:55 - Run 5
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 25,76 Gb Total Space | 6,34 Gb Free Space | 24,62% Space Free | Partition Type: FAT32
Drive D: | 26,97 Gb Total Space | 20,56 Gb Free Space | 76,23% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ACER-A9CE03BBC6
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- File not found
"C:\Programme\concept design\onlineTV 5\onlineTV.exe" = C:\Programme\concept design\onlineTV 5\onlineTV.exe:*:Enabled:onlineTV -- File not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Acer\Acer Arcade\PCMService.exe" = C:\Program Files\Acer\Acer Arcade\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Disabled:AOL -- File not found
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Disabled:AOL -- File not found
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Disabled:AOL 9.0 -- File not found
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"D:\Games\Anno 1701\Anno1701.exe" = D:\Games\Anno 1701\Anno1701.exe:*:Disabled:Anno 1701 -- File not found
"C:\Programme\concept design\onlineTV 5\onlineTV.exe" = C:\Programme\concept design\onlineTV 5\onlineTV.exe:*:Enabled:onlineTV -- File not found
"G:\Anno1404\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe" = G:\Anno1404\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:*:Enabled:Anno4Web -- File not found
"D:\Civilization4.exe" = D:\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 Complete -- (Firaxis Games)
"D:\Warlords\Civ4Warlords.exe" = D:\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4: Warlords -- (Firaxis Games)
"D:\Beyond the Sword\Civ4BeyondSword.exe" = D:\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4: Beyond the Sword -- (Firaxis Games)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03440014-3975-4267-9F39-1DC4745090B7}" = Microsoft Encarta Enzyklopädie 2003
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Symbolleiste
"{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = modem ADSL USB
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B136F351-BF1E-4948-9557-FA6524302ACA}" = SPSS 14.0 für Windows
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack
"{CBB25040-2D43-4868-930C-F08B812F2BF8}" = Acer eDataSecurity Management
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.0.9.3
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.21
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CamStudio" = CamStudio
"ePresentation" = Acer ePresentation Management
"getPlus(R)_ocx" = getPlus(R)_ocx
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"legacyqcam_10.51" = Logitech Legacy USB Camera-Treiberpaket
"Lexmark 3400 Series" = Lexmark 3400 Series
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"QuickTime" = QuickTime
"RealPlayer 12.0" = RealPlayer
"SecureW2 TTLS Client" = SecureW2 TTLS Client 3.3.3 for Windows
"Shockwave" = Shockwave
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2003Setup" = Microsoft Works 2003-Setup-Start
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 13.05.2010 12:43:03 | Computer Name = ACER-A9CE03BBC6 | Source = SecureW2 | ID = 703
Description =
Error - 13.05.2010 12:43:04 | Computer Name = ACER-A9CE03BBC6 | Source = SecureW2 | ID = 703
Description =
Error - 13.05.2010 12:43:04 | Computer Name = ACER-A9CE03BBC6 | Source = SecureW2 | ID = 703
Description =
Error - 13.05.2010 12:43:05 | Computer Name = ACER-A9CE03BBC6 | Source = SecureW2 | ID = 703
Description =
Error - 13.05.2010 12:43:05 | Computer Name = ACER-A9CE03BBC6 | Source = SecureW2 | ID = 703
Description =
Error - 13.05.2010 12:43:06 | Computer Name = ACER-A9CE03BBC6 | Source = SecureW2 | ID = 703
Description =
Error - 13.05.2010 12:43:06 | Computer Name = ACER-A9CE03BBC6 | Source = SecureW2 | ID = 703
Description =
Error - 13.05.2010 12:43:07 | Computer Name = ACER-A9CE03BBC6 | Source = SecureW2 | ID = 703
Description =
Error - 13.05.2010 12:43:07 | Computer Name = ACER-A9CE03BBC6 | Source = SecureW2 | ID = 703
Description =
Error - 14.05.2010 17:48:39 | Computer Name = ACER-A9CE03BBC6 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0xb9323240.
[ System Events ]
Error - 14.05.2010 07:58:14 | Computer Name = ACER-A9CE03BBC6 | Source = ipnathlp | ID = 32003
Description = Der Übersetzer für Netzwerkadressen (NAT) konnte keine Anfrage des
Übersetzungsmoduls des Kernelmodus stellen. Möglicherweise liegen eine falsche Konfiguration,
unzureichende Ressourcen oder ein interner Fehler vor. Die Daten enthalten den Fehlercode.
Error - 14.05.2010 11:00:35 | Computer Name = ACER-A9CE03BBC6 | Source = Service Control Manager | ID = 7003
Description = Der Dienst "CyberLink Task Scheduler (CTS)" ist von folgendem, nicht
vorhandenem Dienst abhängig: CLCapSvc
Error - 14.05.2010 11:00:58 | Computer Name = ACER-A9CE03BBC6 | Source = Service Control Manager | ID = 7003
Description = Der Dienst "CyberLink Task Scheduler (CTS)" ist von folgendem, nicht
vorhandenem Dienst abhängig: CLCapSvc
Error - 14.05.2010 11:00:58 | Computer Name = ACER-A9CE03BBC6 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1075" aufgetreten, als der Dienst "CLSched"
mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden:
{C4F585BE-012A-4F2D-9C27-B55897FC3DCE}
Error - 14.05.2010 16:23:12 | Computer Name = ACER-A9CE03BBC6 | Source = Service Control Manager | ID = 7003
Description = Der Dienst "CyberLink Task Scheduler (CTS)" ist von folgendem, nicht
vorhandenem Dienst abhängig: CLCapSvc
Error - 14.05.2010 16:26:49 | Computer Name = ACER-A9CE03BBC6 | Source = Service Control Manager | ID = 7003
Description = Der Dienst "CyberLink Task Scheduler (CTS)" ist von folgendem, nicht
vorhandenem Dienst abhängig: CLCapSvc
Error - 14.05.2010 16:26:49 | Computer Name = ACER-A9CE03BBC6 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1075" aufgetreten, als der Dienst "CLSched"
mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden:
{C4F585BE-012A-4F2D-9C27-B55897FC3DCE}
Error - 15.05.2010 10:55:41 | Computer Name = ACER-A9CE03BBC6 | Source = Service Control Manager | ID = 7003
Description = Der Dienst "CyberLink Task Scheduler (CTS)" ist von folgendem, nicht
vorhandenem Dienst abhängig: CLCapSvc
Error - 15.05.2010 11:12:24 | Computer Name = ACER-A9CE03BBC6 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1075" aufgetreten, als der Dienst "CLSched"
mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden:
{C4F585BE-012A-4F2D-9C27-B55897FC3DCE}
Error - 15.05.2010 11:12:24 | Computer Name = ACER-A9CE03BBC6 | Source = Service Control Manager | ID = 7003
Description = Der Dienst "CyberLink Task Scheduler (CTS)" ist von folgendem, nicht
vorhandenem Dienst abhängig: CLCapSvc
< End of report >
|
|
17.05.2010, 20:11
| #25 |
| /// Helfer-Team | Trojaner TR/Dropper.Gen in C:\\windows\system32\sdra64.exe - was muss ich tun? Hi, bitte folgendes mit OTL fixen:
Code:
ATTFilter :files
C:\WINDOWS\System32\servdat.slm
C:\WINDOWS\System32\lsprst7.tgz
C:\WINDOWS\System32\lsprst7.dll
C:\WINDOWS\System32\ssprs.tgz
C:\WINDOWS\system32\userinit.exe|C:\WINDOWS\system32\dllcache\userinit.exe /replace
:commands
[emptytemp]
[emptyflash]
[reboot]
Erstelle mir danach bitte ein neues OTL-Logfile. Geändert von StLB (17.05.2010 um 20:16 Uhr) |
|
17.05.2010, 22:20
| #26 |
| | Trojaner TR/Dropper.Gen in C:\\windows\system32\sdra64.exe - was muss ich tun? Hallo, bitteschön...  mal eine generelle Frage: Wie ist denn der Stand der Lage? Gibt es auf diesem Weg überhaupt Hoffnung auf Erfolg? All processes killed ========== FILES ========== C:\WINDOWS\System32\servdat.slm moved successfully. C:\WINDOWS\System32\lsprst7.tgz moved successfully. C:\WINDOWS\System32\lsprst7.dll moved successfully. C:\WINDOWS\System32\ssprs.tgz moved successfully. File C:\WINDOWS\system32\userinit.exe successfully replaced with C:\WINDOWS\system32\dllcache\userinit.exe ========== COMMANDS ========== [EMPTYTEMP] User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: *** ->Temp folder emptied: 3321144 bytes ->Temporary Internet Files folder emptied: 649851179 bytes ->Java cache emptied: 24237387 bytes ->Flash cache emptied: 72699 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 127603 bytes RecycleBin emptied: 9571717 bytes Total Files Cleaned = 655,00 mb [EMPTYFLASH] User: Default User User: All Users User: NetworkService User: LocalService ->Flash cache emptied: 0 bytes User: *** ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.1.3 log created on 05172010_231249 Files\Folders moved on Reboot... C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\in36.tmp moved successfully. Registry entries deleted on Reboot... |
|
18.05.2010, 13:14
| #27 |
| /// Helfer-Team | Trojaner TR/Dropper.Gen in C:\\windows\system32\sdra64.exe - was muss ich tun? Hi, OTL hat die korrupte userinit.exe scheinbar ersetzen können. Wenn das wirklich der Fall ist, steht es auf jeden Fall nicht schlecht um Deinen Rechner. Bitte folgenden Schritt von oben wiederholen:
|
|
18.05.2010, 22:00
| #28 |
| | Trojaner TR/Dropper.Gen in C:\\windows\system32\sdra64.exe - was muss ich tun? Hallo, na dann kann ich wohl nur hoffen... :P hier sind nochmal die Logfiles: Code:
ATTFilter OTL logfile created on: 18.05.2010 22:49:05 - Run 6 OTL by OldTimer - Version 3.2.1.3 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free 3,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 25,76 Gb Total Space | 6,67 Gb Free Space | 25,89% Space Free | Partition Type: FAT32 Drive D: | 26,97 Gb Total Space | 20,56 Gb Free Space | 76,23% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ACER-A9CE03BBC6 Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe () PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\COCIManager.exe () PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\lxcycoms.exe ( ) PRC - C:\Programme\Lexmark 3400 Series\ezprint.exe (Lexmark International Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.) PRC - C:\Acer\Empowering Technology\ePower\epm-dm.exe (Acer Inc) PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron) PRC - C:\Programme\Launch Manager\WButton.exe () PRC - C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.) PRC - C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.) PRC - C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.) PRC - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe (Cyberlink) PRC - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe () PRC - C:\Programme\Launch Manager\LaunchAp.exe () PRC - C:\Programme\Launch Manager\OSDCtrl.exe () PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\Programme\Launch Manager\Powerkey.exe () ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\sysenv.dll (HiTRUST) MOD - C:\WINDOWS\system32\MSNChatHook.dll () MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.) MOD - C:\WINDOWS\system32\MFC71u.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\MFC71DEU.DLL (Microsoft Corporation) MOD - C:\WINDOWS\system32\msvcr71.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (LVPrcSrv) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (lxcy_device) -- C:\WINDOWS\System32\lxcycoms.exe ( ) SRV - (AWService) -- C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.) SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe () SRV - (CyberLink Media Library Service) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys () DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation) DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies) DRV - (NdisFilt) -- C:\WINDOWS\system32\drivers\NdisFilt.sys (OSA Technologies) DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company) DRV - (NETMNT) -- C:\WINDOWS\system32\drivers\NETMNT.sys () DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows (R) 2000 DDK provider) DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation ) DRV - (PCANDIS5) -- C:\WINDOWS\system32\PCANDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation) DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation) DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA) DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) DRV - (Hotkey) -- C:\WINDOWS\system32\drivers\HOTKEY.sys () DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (POWERKEY) -- C:\Programme\Launch Manager\POWERKEY.SYS () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.tagesschau.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.03.26 14:45:36 | 000,000,000 | ---D | M] [2007.11.26 10:33:12 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2006.09.26 12:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll O1 HOSTS File: ([2004.08.04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll (HiTRUST) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll (HiTRUST) O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan) O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe (Wistron) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe () O4 - HKLM..\Run: [EPM-DM] c:\Acer\Empowering Technology\ePower\epm-dm.exe (Acer Inc) O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.) O4 - HKLM..\Run: [EzPrint] C:\Programme\Lexmark 3400 Series\ezprint.exe (Lexmark International Inc.) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LMgrOSD] C:\Programme\Launch Manager\OSDCtrl.exe () O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Programme\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [LXCYCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.DLL () O4 - HKLM..\Run: [lxcymon.exe] C:\Programme\Lexmark 3400 Series\lxcymon.exe () O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PowerKey] C:\Programme\Launch Manager\PowerKey.exe () O4 - HKLM..\Run: [preload] C:\WINDOWS\RUNXMLPL.EXE (Wistron) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Wbutton] C:\Programme\Launch Manager\Wbutton.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0 O8 - Extra context menu item: &Sample Toolband Serach - C:\WINDOWS\System32\ToolBand.dll (HiTRUST) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Geräteerkennung) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.33 83.169.186.97 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2c58885e-9616-11dc-ac9e-0016ce2c743e}\Shell\AutoRun\command - "" = C:\WINDOWS\explorer.exe -- [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{2c58885e-9616-11dc-ac9e-0016ce2c743e}\Shell\explore\Command - "" = C:\WINDOWS\explorer.exe -- [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{2c58885e-9616-11dc-ac9e-0016ce2c743e}\Shell\open\Command - "" = C:\WINDOWS\explorer.exe -- [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.07 18:30:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\backups [2010.04.27 11:51:22 | 000,000,000 | ---D | C] -- C:\_OTL [2010.04.19 21:35:15 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.04.19 21:14:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2010.04.19 21:14:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.19 21:14:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.04.19 21:14:17 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.19 21:14:17 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.04.19 21:13:28 | 005,918,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\***\Eigene Dateien\mbam-setup-1.45.exe [2010.04.19 20:06:18 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\***\Eigene Dateien\HiJackThis.exe [2010.03.18 12:15:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Temp [2010.02.25 15:10:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Temp [2009.06.22 12:29:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google [2009.05.22 11:31:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2007.04.15 11:39:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia [2007.01.25 11:50:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google [2007.01.25 11:50:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Google [2007.01.04 16:34:19 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyinpa.dll [2007.01.04 16:34:19 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyiesc.dll [2007.01.04 16:31:21 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyserv.dll [2007.01.04 16:31:21 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyusb1.dll [2007.01.04 16:31:20 | 000,536,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcylmpm.dll [2007.01.04 16:31:20 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyprox.dll [2007.01.04 16:31:20 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcypplc.dll [2007.01.04 16:31:18 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyhbn3.dll [2007.01.04 16:31:18 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomm.dll [2007.01.04 16:31:17 | 000,610,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomc.dll [2004.09.13 12:37:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2004.09.13 12:37:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2004.09.13 12:24:52 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft [2004.09.13 12:24:52 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft ========== Files - Modified Within 30 Days ========== [2010.05.18 22:49:04 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1802197209-1933737886-4094737418-1005.job [2010.05.18 22:49:04 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1802197209-1933737886-4094737418-1005.job [2010.05.18 22:20:06 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.05.18 22:07:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.05.18 22:07:04 | 000,000,451 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini [2010.05.18 22:06:24 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.05.18 22:06:24 | 000,000,097 | ---- | M] () -- C:\WINDOWS\ComponentList.xml [2010.05.18 22:06:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.05.18 22:06:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.05.18 22:06:10 | 2137,509,888 | -HS- | M] () -- C:\hiberfil.sys [2010.05.18 20:21:30 | 008,388,608 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT [2010.05.18 20:21:30 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini [2010.05.18 19:14:44 | 002,006,587 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\2005_Nachrichtenmedien.pdf [2010.04.20 21:31:08 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\gzlpgcvz.exe [2010.04.19 22:51:50 | 000,006,144 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.19 22:32:34 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010.04.19 21:35:24 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.04.19 21:13:44 | 005,918,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\***\Eigene Dateien\mbam-setup-1.45.exe [2010.04.19 20:06:20 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\***\Eigene Dateien\HiJackThis.exe ========== Files Created - No Company Name ========== [2010.05.18 19:14:43 | 002,006,587 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\2005_Nachrichtenmedien.pdf [2010.05.13 02:31:11 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1802197209-1933737886-4094737418-1005.job [2010.04.20 21:31:05 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\gzlpgcvz.exe [2010.02.02 23:30:59 | 000,006,144 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.07 23:53:58 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009.11.26 00:55:20 | 000,000,063 | ---- | C] () -- C:\Dokumente und Einstellungen\***\jagex_runescape_preferences2.dat [2009.11.15 00:22:09 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI [2009.10.27 20:42:50 | 000,003,690 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.jmf-resource [2009.10.25 20:22:14 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\advd.dll [2009.10.25 20:22:14 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\auth.dll [2009.10.07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2009.10.07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll [2009.08.28 17:36:35 | 000,000,038 | ---- | C] () -- C:\Dokumente und Einstellungen\***\jagex_runescape_preferences.dat [2009.06.20 21:04:18 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2008.11.19 00:15:26 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2008.10.29 17:08:50 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2008.03.06 13:06:57 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat [2008.01.26 19:13:24 | 000,005,655 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Z [2008.01.25 18:33:31 | 000,000,012 | ---- | C] () -- C:\WINDOWS\SetDSL.ini [2008.01.25 18:19:52 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll [2007.09.13 02:24:36 | 000,000,172 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007.06.08 14:39:10 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll [2007.06.03 21:09:14 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2007.02.17 17:59:08 | 000,000,174 | ---- | C] () -- C:\WINDOWS\Tcsofla.INI [2007.02.07 17:07:31 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2007.02.07 17:07:31 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\MP2enc.dll [2007.01.04 16:34:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcyvs.dll [2007.01.04 16:34:18 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\lxcycoin.dll [2007.01.04 16:33:52 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\lxcydrs.dll [2007.01.04 16:33:52 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcycaps.dll [2007.01.04 16:33:51 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcycnv4.dll [2007.01.04 16:31:22 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lxcyinst.dll [2006.12.15 15:53:34 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2006.12.15 15:50:27 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2006.12.15 15:50:27 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2006.12.15 15:50:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2006.12.15 15:50:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll [2006.12.15 15:50:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll [2006.12.15 15:50:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll [2006.09.07 19:30:46 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.09.07 19:15:39 | 000,000,116 | ---- | C] () -- C:\Dokumente und Einstellungen\***\LuResult.txt [2006.06.16 16:33:00 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2006.05.26 17:58:12 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.05.26 17:31:43 | 000,822,784 | ---- | C] () -- C:\WINDOWS\System32\UIVCL.dll [2006.05.26 17:31:43 | 000,152,576 | ---- | C] () -- C:\WINDOWS\System32\CryptoAPI.dll [2006.05.26 17:31:43 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Outlook Addin.dll [2006.05.26 17:31:43 | 000,082,432 | ---- | C] () -- C:\WINDOWS\System32\keyManager.dll [2006.05.26 17:31:43 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\LogSPWusage.dll [2006.05.26 17:31:43 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll [2006.05.26 17:31:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll [2006.05.26 17:31:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll [2006.05.26 17:31:43 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll [2006.05.26 17:31:43 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll [2006.05.26 17:30:53 | 000,000,451 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini [2006.05.26 17:28:02 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys [2006.05.26 17:24:51 | 000,007,600 | ---- | C] () -- C:\Dokumente und Einstellungen\***\launApp.log [2006.05.26 17:24:51 | 000,000,348 | ---- | C] () -- C:\Dokumente und Einstellungen\***\results.txt [2006.05.26 17:24:49 | 008,388,608 | -H-- | C] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT [2006.05.26 17:24:49 | 000,001,024 | -H-- | C] () -- C:\Dokumente und Einstellungen\***\ntuser.dat.LOG [2006.05.26 17:24:49 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\***\ntuser.ini [2006.05.26 17:24:05 | 000,262,144 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.DAT [2006.05.26 17:24:05 | 000,001,024 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.DAT.LOG [2006.05.26 11:41:46 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2005.12.06 10:51:34 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll [2005.12.06 10:50:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2005.12.06 10:50:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll [2005.12.06 10:50:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll [2005.12.06 10:50:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll [2005.07.05 08:09:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005.05.02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys [2005.01.21 11:48:06 | 000,225,280 | ---- | C] () -- C:\WINDOWS\Capsule.dll [2004.09.07 14:23:16 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2003.12.29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll [2003.11.24 15:55:48 | 000,743,424 | ---- | C] () -- C:\WINDOWS\libxml2.dll [2003.11.24 15:55:32 | 000,872,448 | ---- | C] () -- C:\WINDOWS\iconv.dll [2003.07.21 16:52:40 | 000,001,150 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2001.12.26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001.09.03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll ========== Custom Scans ========== < userinit.exe /s /md5 > [2004.08.04 05:00:00 | 000,025,088 | ---- | M] () MD5=D1E53DC57143F2584B1DD53B036C0633 -- \WINDOWS\$NtServicePackUninstall$\userinit.exe [2008.04.14 04:23:04 | 000,026,624 | ---- | M] () MD5=788F95312E26389D596C0FA55834E106 -- \WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:04 | 000,026,624 | ---- | M] () MD5=788F95312E26389D596C0FA55834E106 -- \WINDOWS\system32\userinit.exe [2008.04.14 04:23:04 | 000,026,624 | ---- | M] () MD5=788F95312E26389D596C0FA55834E106 -- \WINDOWS\system32\dllcache\userinit.exe < End of report > |
|
18.05.2010, 22:03
| #29 |
| | Trojaner TR/Dropper.Gen in C:\\windows\system32\sdra64.exe - was muss ich tun? Und Nummer zwei... Code:
ATTFilter OTL Extras logfile created on: 18.05.2010 22:49:05 - Run 6
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 25,76 Gb Total Space | 6,67 Gb Free Space | 25,89% Space Free | Partition Type: FAT32
Drive D: | 26,97 Gb Total Space | 20,56 Gb Free Space | 76,23% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ACER-A9CE03BBC6
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- File not found
"C:\Programme\concept design\onlineTV 5\onlineTV.exe" = C:\Programme\concept design\onlineTV 5\onlineTV.exe:*:Enabled:onlineTV -- File not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Acer\Acer Arcade\PCMService.exe" = C:\Program Files\Acer\Acer Arcade\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Disabled:AOL -- File not found
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Disabled:AOL -- File not found
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Disabled:AOL 9.0 -- File not found
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"D:\Games\Anno 1701\Anno1701.exe" = D:\Games\Anno 1701\Anno1701.exe:*:Disabled:Anno 1701 -- File not found
"C:\Programme\concept design\onlineTV 5\onlineTV.exe" = C:\Programme\concept design\onlineTV 5\onlineTV.exe:*:Enabled:onlineTV -- File not found
"G:\Anno1404\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe" = G:\Anno1404\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:*:Enabled:Anno4Web -- File not found
"D:\Civilization4.exe" = D:\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 Complete -- (Firaxis Games)
"D:\Warlords\Civ4Warlords.exe" = D:\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4: Warlords -- (Firaxis Games)
"D:\Beyond the Sword\Civ4BeyondSword.exe" = D:\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4: Beyond the Sword -- (Firaxis Games)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03440014-3975-4267-9F39-1DC4745090B7}" = Microsoft Encarta Enzyklopädie 2003
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Symbolleiste
"{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = modem ADSL USB
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B136F351-BF1E-4948-9557-FA6524302ACA}" = SPSS 14.0 für Windows
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack
"{CBB25040-2D43-4868-930C-F08B812F2BF8}" = Acer eDataSecurity Management
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.0.9.3
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.21
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CamStudio" = CamStudio
"ePresentation" = Acer ePresentation Management
"getPlus(R)_ocx" = getPlus(R)_ocx
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"legacyqcam_10.51" = Logitech Legacy USB Camera-Treiberpaket
"Lexmark 3400 Series" = Lexmark 3400 Series
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"QuickTime" = QuickTime
"RealPlayer 12.0" = RealPlayer
"SecureW2 TTLS Client" = SecureW2 TTLS Client 3.3.3 for Windows
"Shockwave" = Shockwave
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2003Setup" = Microsoft Works 2003-Setup-Start
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 18.05.2010 09:25:27 | Computer Name = ACER-A9CE03BBC6 | Source = SecureW2 | ID = 703
Description =
Error - 18.05.2010 09:25:28 | Computer Name = ACER-A9CE03BBC6 | Source = SecureW2 | ID = 703
Description =
Error - 18.05.2010 09:25:28 | Computer Name = ACER-A9CE03BBC6 | Source = SecureW2 | ID = 703
Description =
Error - 18.05.2010 09:25:29 | Computer Name = ACER-A9CE03BBC6 | Source = SecureW2 | ID = 703
Description =
Error - 18.05.2010 09:25:29 | Computer Name = ACER-A9CE03BBC6 | Source = SecureW2 | ID = 703
Description =
Error - 18.05.2010 09:25:30 | Computer Name = ACER-A9CE03BBC6 | Source = SecureW2 | ID = 703
Description =
Error - 18.05.2010 09:25:30 | Computer Name = ACER-A9CE03BBC6 | Source = SecureW2 | ID = 703
Description =
Error - 18.05.2010 09:25:31 | Computer Name = ACER-A9CE03BBC6 | Source = SecureW2 | ID = 703
Description =
Error - 18.05.2010 09:25:31 | Computer Name = ACER-A9CE03BBC6 | Source = SecureW2 | ID = 703
Description =
Error - 18.05.2010 16:20:05 | Computer Name = ACER-A9CE03BBC6 | Source = Google Update | ID = 20
Description =
[ System Events ]
Error - 17.05.2010 17:12:50 | Computer Name = ACER-A9CE03BBC6 | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 17.05.2010 17:16:43 | Computer Name = ACER-A9CE03BBC6 | Source = Service Control Manager | ID = 7003
Description = Der Dienst "CyberLink Task Scheduler (CTS)" ist von folgendem, nicht
vorhandenem Dienst abhängig: CLCapSvc
Error - 17.05.2010 17:17:02 | Computer Name = ACER-A9CE03BBC6 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1075" aufgetreten, als der Dienst "CLSched"
mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden:
{C4F585BE-012A-4F2D-9C27-B55897FC3DCE}
Error - 17.05.2010 17:17:02 | Computer Name = ACER-A9CE03BBC6 | Source = Service Control Manager | ID = 7003
Description = Der Dienst "CyberLink Task Scheduler (CTS)" ist von folgendem, nicht
vorhandenem Dienst abhängig: CLCapSvc
Error - 18.05.2010 09:24:19 | Computer Name = ACER-A9CE03BBC6 | Source = Service Control Manager | ID = 7003
Description = Der Dienst "CyberLink Task Scheduler (CTS)" ist von folgendem, nicht
vorhandenem Dienst abhängig: CLCapSvc
Error - 18.05.2010 09:24:33 | Computer Name = ACER-A9CE03BBC6 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1075" aufgetreten, als der Dienst "CLSched"
mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden:
{C4F585BE-012A-4F2D-9C27-B55897FC3DCE}
Error - 18.05.2010 09:24:33 | Computer Name = ACER-A9CE03BBC6 | Source = Service Control Manager | ID = 7003
Description = Der Dienst "CyberLink Task Scheduler (CTS)" ist von folgendem, nicht
vorhandenem Dienst abhängig: CLCapSvc
Error - 18.05.2010 16:06:49 | Computer Name = ACER-A9CE03BBC6 | Source = Service Control Manager | ID = 7003
Description = Der Dienst "CyberLink Task Scheduler (CTS)" ist von folgendem, nicht
vorhandenem Dienst abhängig: CLCapSvc
Error - 18.05.2010 16:06:55 | Computer Name = ACER-A9CE03BBC6 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1075" aufgetreten, als der Dienst "CLSched"
mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden:
{C4F585BE-012A-4F2D-9C27-B55897FC3DCE}
Error - 18.05.2010 16:06:56 | Computer Name = ACER-A9CE03BBC6 | Source = Service Control Manager | ID = 7003
Description = Der Dienst "CyberLink Task Scheduler (CTS)" ist von folgendem, nicht
vorhandenem Dienst abhängig: CLCapSvc
< End of report >
|
|
19.05.2010, 11:56
| #30 |
| /// Helfer-Team | Trojaner TR/Dropper.Gen in C:\\windows\system32\sdra64.exe - was muss ich tun? Hi, ja, jetzt haben wir ihn Mach bitte noch einen Kontrollscan mit SUPERAntiSpyware um sicherzugehen, dass er wirklich weg ist. |
|
| Themen zu Trojaner TR/Dropper.Gen in C:\\windows\system32\sdra64.exe - was muss ich tun? |
| adobe, antivir, antivir guard, avira, bho, desktop, dropper.gen, einstellungen, excel, explorer, google, gupdate, helper, hijack, hkus\s-1-5-18, internet, internet explorer, kommt immer wieder, launch, logfile, pdf, plug-in, problem, rundll, software, system, tr/dropper.gen, trojaner, windows, windows xp |
Textbox.
.
Linear-Darstellung
