50 € Virus: Malwarebytes gelaufen, fehlt noch OTR

dumdidum123 · 14.02.2012, 20:32

Hallo,
Ich habe mir ebenfalls den 50€-Virus eingefangen.
Daraufhin habe ich den anderen Eintraegen hier im Forum gefolgt, Malwarebytes installiert und das Programm laufen lassen. (Einige Viren wurden gefunden und geloescht.)
Soweit funktioniert der PC wieder, aber es scheint, dass die Sache mit der OTR.exe doch noch von Wichtigkeit ist, darum habe ich das nun auch ausgefuehrt.

Es folgen die Ausgabedateien von OTR.exe.

Vielen Dank fuer die Hilfe im Voraus!

Gruss,
Sebastian

cosinus · 14.02.2012, 22:39

Zitat:

Malwarebytes installiert und das Programm laufen lassen. (Einige Viren wurden gefunden und geloescht.)

Ohne Logs wird das hier nichts.

Alles von Malwarebytes und den anderen Scannern muss hier gepostet werden.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

dumdidum123 · 15.02.2012, 18:07

OK! Dann zunaechst die LogDatei von Malwarebytes:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.14.05

Windows XP Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.6001.18702
Administrador :: COLOSSUS [Administrator]

Schutz: Deaktiviert

14/02/2012 07:31:21 p.m.
mbam-log-2012-02-14 (19-31-21).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 168584
Laufzeit: 2 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ffdwnd (Trojan.Zbot.CBCGen) -> Daten: C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Mozilla\Firefox\firefox.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Daten: 1 -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSMHelp (PUM.Hijack.Help) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Mozilla\Firefox\firefox.exe (Trojan.Zbot.CBCGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Documents and Settings\Administrador\Configuración local\Temp\ms0cfg32.exe (Trojan.Zbot.CBCGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

dumdidum123 · 15.02.2012, 18:12

Und die beiden von OTR.exe:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 14/02/2012 08:22:22 p.m. - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\03 - DOWNLOADS
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00002C0A | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy
 
1015,36 Mb Total Physical Memory | 189,86 Mb Available Physical Memory | 18,70% Memory free
2,38 Gb Paging File | 1,53 Gb Available in Paging File | 64,21% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 298,08 Gb Total Space | 77,08 Gb Free Space | 25,86% Space Free | Partition Type: NTFS
Drive D: | 181,45 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: COLOSSUS | User Name: Administrador | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\03 - DOWNLOADS\OTL.exe (OldTimer Tools)
PRC - C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Archivos de programa\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Archivos de programa\Maxthon3\Modules\MxMiniThunder\ThunderMini.exe (深圳市迅雷网络技术有限公司)
PRC - C:\Archivos de programa\Maxthon3\Bin\Maxthon.exe (Maxthon International ltd.)
PRC - C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Archivos de programa\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Archivos de programa\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Archivos de programa\Mozilla Firefox\mozjs.dll ()
MOD - C:\Archivos de programa\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Archivos de programa\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Archivos de programa\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Archivos de programa\Maxthon3\Core\Webkit\Npplugins\NPSWF32.dll ()
MOD - C:\Archivos de programa\Maxthon3\Modules\MxMiniThunder\sqlite3.dll ()
MOD - C:\Archivos de programa\Maxthon3\Modules\MxMiniThunder\libpng13.dll ()
MOD - C:\Archivos de programa\Maxthon3\Modules\MxMiniThunder\zlib1.dll ()
MOD - C:\Archivos de programa\Maxthon3\Core\Webkit\avcodec-52.dll ()
MOD - C:\Archivos de programa\Maxthon3\Core\Webkit\avformat-52.dll ()
MOD - C:\Archivos de programa\Maxthon3\Core\Webkit\avutil-50.dll ()
MOD - C:\Archivos de programa\Maxthon3\Bin\Maxzlib.dll ()
MOD - C:\WINDOWS\system32\redmonnt.dll ()
MOD - C:\Archivos de programa\CDBurnerXP\NMSAccessU.exe ()
MOD - C:\Archivos de programa\Avira\AntiVir Desktop\sqlite3.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (odserv) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Autodesk Licensing Service) -- C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (AntiVirSchedulerService) -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (NMSAccess) -- C:\Archivos de programa\CDBurnerXP\NMSAccessU.exe ()
SRV - (ose) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Archivos de programa\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = hxxp://www.google.com/search?q=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://www2.elearning.rwth-aachen.de/foyer/summary/default.aspx"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Archivos de programa\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Archivos de programa\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Archivos de programa\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Archivos de programa\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Archivos de programa\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Archivos de programa\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2012/02/13 19:08:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2011/07/06 22:46:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Components: C:\Archivos de programa\Mozilla Thunderbird\components [2011/11/13 23:18:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Plugins: C:\Archivos de programa\Mozilla Thunderbird\plugins
 
[2011/05/04 05:14:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Extensions
[2011/05/04 05:14:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/01/28 21:25:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\l9mhmyy1.default\extensions
[2011/11/10 09:08:34 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRADOR\DATOS DE PROGRAMA\MOZILLA\FIREFOX\PROFILES\L9MHMYY1.DEFAULT\EXTENSIONS\{A3A5C777-F583-4FEF-9380-AB4ADD1BC2A8}.XPI
[2012/02/13 19:08:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\components\browsercomps.dll
[2011/06/10 00:05:04 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/19 18:17:12 | 000,001,392 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/19 18:17:12 | 000,002,252 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\bing.xml
[2011/10/19 18:17:12 | 000,001,153 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/19 18:17:12 | 000,006,805 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/19 18:17:12 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/19 18:17:12 | 000,001,105 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2001/08/24 11:00:00 | 000,000,792 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Aplicación auxiliar de vínculos de Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Archivos de programa\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Archivos de programa\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\phase6_17_erinnerung.lnk = C:\Archivos de programa\phase6\phase6_17\WinStart\WinStart.exe (phase6)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: CADE - {605E5D27-BFA0-471F-87ED-98A2623D633C} - C:\Archivos de programa\CADE Pro 2.20.3\Web\new.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{986B2E01-10CC-4FBE-99ED-D447DD6A6E1D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/03 10:13:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{653305d8-a98f-11e0-83a2-001a732d7799}\Shell - "" = AutoRun
O33 - MountPoints2\{653305d8-a98f-11e0-83a2-001a732d7799}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{653305dc-a98f-11e0-83a2-001a732d7799}\Shell - "" = AutoRun
O33 - MountPoints2\{653305dc-a98f-11e0-83a2-001a732d7799}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a698dfe2-87e9-11e0-8376-001a732d7799}\Shell - "" = AutoRun
O33 - MountPoints2\{a698dfe2-87e9-11e0-8376-001a732d7799}\Shell\AutoRun\command - "" = E:\PcOptions.exe
O33 - MountPoints2\{b5251992-abc8-11e0-83a4-001a732d7799}\Shell - "" = AutoRun
O33 - MountPoints2\{b5251992-abc8-11e0-83a4-001a732d7799}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f13de8b0-a730-11e0-839e-001a732d7799}\Shell\AutoRun\command - "" = E:\Gear.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/02/14 19:28:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Datos de programa\Malwarebytes
[2012/02/14 19:27:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Malwarebytes' Anti-Malware
[2012/02/14 19:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
[2012/02/14 19:27:53 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/02/14 19:27:53 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2012/02/14 19:24:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012/02/14 02:33:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrador\Recent
[2012/02/11 13:10:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Datos de programa\Avira
[2012/02/09 21:44:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Datos de programa\runic games
[2012/02/09 21:37:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Torchlight
[2012/02/09 21:35:32 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Runic Games
[2012/02/09 21:35:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documentos\Runic
[2012/02/06 22:52:09 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Lighthouse Interactive
[2012/02/06 18:41:10 | 000,000,000 | ---D | C] -- C:\Sierra
[2012/02/06 18:37:25 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Archivos comunes\Wise Installation Wizard
[2012/02/02 20:34:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\riotsGamesLogs
[2012/02/02 20:18:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Datos de programa\LolClient
[2012/02/02 17:58:21 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2012/02/02 17:58:21 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2012/02/02 17:58:20 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2012/02/02 17:58:20 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2012/02/02 17:58:17 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2012/02/02 17:58:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2012/02/02 17:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Riot Games
[2012/02/02 17:08:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\PMB Files
[2012/02/02 17:08:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\PMB Files
[2012/02/02 17:07:55 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Pando Networks
[2012/01/29 18:16:58 | 000,000,000 | ---D | C] -- C:\Archivos de programa\iMesh Applications
[2012/01/29 18:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\iMesh
[2012/01/29 18:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\iMesh
[2012/01/29 18:16:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Datos de programa\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}
[2012/01/29 18:15:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\PackageAware
[2012/01/20 12:45:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\CADE
[2012/01/20 12:45:02 | 000,000,000 | ---D | C] -- C:\Archivos de programa\CADE Pro 2.20.3
[2012/01/20 12:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\AutoDWG
[2012/01/20 12:39:08 | 000,000,000 | ---D | C] -- C:\Archivos de programa\AutoDWG
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/02/14 19:50:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/14 19:49:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/06 22:55:18 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2012/01/25 16:47:49 | 000,509,168 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2012/01/25 16:47:49 | 000,445,004 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/25 16:47:49 | 000,092,334 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2012/01/25 16:47:49 | 000,072,688 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/12/20 19:11:02 | 000,260,531 | ---- | C] () -- C:\WINDOWS\pdfcvt.dat
[2011/08/24 15:49:11 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/07/04 21:08:26 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/11 20:10:55 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2011/06/10 03:57:28 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011/06/10 03:57:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2011/05/12 22:38:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/11 00:46:19 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Datos de programa\Microsoft.SqlServer.Compact.351.32.bc
[2011/05/10 06:33:41 | 000,337,392 | ---- | C] () -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\FontCache3.0.0.0.dat
[2011/05/07 18:39:19 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/05/06 16:47:03 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\fusioncache.dat
[2011/05/04 04:39:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/05/03 14:41:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/03 14:17:49 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2011/05/03 10:33:14 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/05/03 10:33:14 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/05/03 10:14:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/05/03 10:13:52 | 000,324,608 | ---- | C] () -- C:\WINDOWS\System32\wget.exe
[2011/05/03 10:13:52 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\win-get.exe
[2011/05/03 10:13:52 | 000,313,856 | ---- | C] () -- C:\WINDOWS\System32\rar.exe
[2011/05/03 10:13:52 | 000,026,013 | ---- | C] () -- C:\WINDOWS\System32\sleep.exe
[2011/05/03 10:13:52 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\delage32.exe
[2011/05/03 10:13:52 | 000,005,447 | ---- | C] () -- C:\WINDOWS\System32\choice.com
[2011/05/03 10:13:52 | 000,000,209 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2011/05/03 10:10:05 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/05/03 06:04:40 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/03 05:57:55 | 000,348,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/24 13:35:54 | 000,000,582 | ---- | C] () -- C:\WINDOWS\TipGlobal70.ini
[2004/08/19 18:58:52 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/02 17:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/24 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/24 11:00:00 | 000,509,168 | ---- | C] () -- C:\WINDOWS\System32\perfh00A.dat
[2001/08/24 11:00:00 | 000,445,004 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/24 11:00:00 | 000,317,534 | ---- | C] () -- C:\WINDOWS\System32\perfi00A.dat
[2001/08/24 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/24 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/24 11:00:00 | 000,092,334 | ---- | C] () -- C:\WINDOWS\System32\perfc00A.dat
[2001/08/24 11:00:00 | 000,072,688 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/24 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/24 11:00:00 | 000,036,284 | ---- | C] () -- C:\WINDOWS\System32\perfd00A.dat
[2001/08/24 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/24 11:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/08/23 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 12:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

< End of report >

--- --- ---
[/code]

Extras:

Code:

ATTFilter

OTL Extras logfile created on: 14/02/2012 08:22:22 p.m. - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\03 - DOWNLOADS
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00002C0A | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy
 
1015,36 Mb Total Physical Memory | 189,86 Mb Available Physical Memory | 18,70% Memory free
2,38 Gb Paging File | 1,53 Gb Available in Paging File | 64,21% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 298,08 Gb Total Space | 77,08 Gb Free Space | 25,86% Space Free | Partition Type: NTFS
Drive D: | 181,45 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: COLOSSUS | User Name: Administrador | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Max3.Association.HTML] -- C:\Archivos de programa\Maxthon3\Bin\Maxthon.exe (Maxthon International ltd.)
.url [@ = InternetShortcut] -- C:\Archivos de programa\Maxthon3\Bin\Maxthon.exe (Maxthon International ltd.)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [open] -- "C:\Archivos de programa\Maxthon3\Bin\Maxthon.exe" "%1" (Maxthon International ltd.)
http [open] -- "C:\Archivos de programa\Maxthon3\Bin\Maxthon.exe" "%1" (Maxthon International ltd.)
https [open] -- "C:\Archivos de programa\Maxthon3\Bin\Maxthon.exe" "%1" (Maxthon International ltd.)
InternetShortcut [open] -- "C:\Archivos de programa\Maxthon3\Bin\Maxthon.exe" "%1" (Maxthon International ltd.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Archivos de programa\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Archivos de programa\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58879:TCP" = 58879:TCP:*:Enabled:Pando Media Booster
"58879:UDP" = 58879:UDP:*:Enabled:Pando Media Booster
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"58879:TCP" = 58879:TCP:*:Enabled:Pando Media Booster
"58879:UDP" = 58879:UDP:*:Enabled:Pando Media Booster
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Archivos de programa\iMesh Applications\iMesh\iMesh.exe" = C:\Archivos de programa\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- (iMesh, Inc)
"C:\Archivos de programa\Pando Networks\Media Booster\PMB.exe" = C:\Archivos de programa\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Archivos de programa\Winamp\winamp.exe" = C:\Archivos de programa\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft)
"C:\Archivos de programa\iMesh Applications\iMesh\iMesh.exe" = C:\Archivos de programa\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- (iMesh, Inc)
"C:\Archivos de programa\Pando Networks\Media Booster\PMB.exe" = C:\Archivos de programa\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D050176-09B9-437C-9E9C-B3E84614D32E}" = CADE Pro 2.20.3
"{103906AD-C60E-4E65-BC84-CE980D19CE41}" = Adobe Shockwave Player
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series" = Canon MP490 series MP Drivers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D4B689-722A-413B-BC6E-8ACA8C1E8636}" = Foxit Reader
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5783F2D7-7001-0409-0002-0060B0CE6BBA}" = AutoCAD 2009 - English
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{90120000-0010-0C0A-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (Spanish) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0015-0C0A-0000-0000000FF1CE}_PROPLUS_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_PROPLUS_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_PROPLUS_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}_PROPLUS_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}_PROPLUS_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_PROPLUS_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_PROPLUS_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_PROPLUS_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-042D-0000-0000000FF1CE}_PROPLUS_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0456-0000-0000000FF1CE}_PROPLUS_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2007
"{90120000-0044-0C0A-0000-0000000FF1CE}_PROPLUS_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_PROPLUS_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller
"{A02F2188-4962-4E1A-BB0D-5982774361D7}" = DGN to DWG Converter
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1034-7B44-A81000000003}" = Adobe Reader 8.1.1 - Español
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE69B1E5-F275-45E5-BF09-D8652446407A}" = Bentley WaterCAD V8 XM 08.09.400.34
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C19977DD-4A51-4F26-8200-E3A6F67C2350}" = Tipos 7.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E1230694-33DA-4E74-82E1-06CC9D545E9B}" = Windows Vista Sounds Pack
"{EFFE151C-F863-4B1E-9E22-3C1369B4C690}" = phase6_17
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Any DWG to PDF Converter_is1" = Any DWG to PDF Converter 2010
"AutoCAD 2009 - English" = AutoCAD 2009 - English
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Banda Ancha Movil" = Banda Ancha Movil
"Canon MP490 series Benutzerregistrierung" = Canon MP490 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CCleaner" = CCleaner
"DirSync" = DirSync UNICODE  2.93
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Fallout Tactics" = Fallout Tactics
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 9.02" = GPL Ghostscript
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"iMesh" = iMesh
"InstallShield_{C19977DD-4A51-4F26-8200-E3A6F67C2350}" = Tipos 7.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.6.5 Basic
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Maxthon3" = Maxthon 3
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 10.0.1 (x86 de)" = Mozilla Firefox 10.0.1 (x86 de)
"Mozilla Thunderbird 10.0.1 (x86 de)" = Mozilla Thunderbird 10.0.1 (x86 de)
"Nero8Lite_is1" = Nero 8 Lite 8.2.8.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pack Vista Inspirat 2" = Pack Vista Inspirat 2 1.0
"Picasa 3" = Picasa 3
"PROPLUS" = Microsoft Office Professional Plus 2007
"QuicktimeAlt_is1" = QuickTime Alternative 2.2.0
"RealAlt_is1" = Real Alternative 1.7.5
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Runic Games Torchlight" = Torchlight
"Songr" = Songr
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.9
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"WinRAR archiver" = Compresor WinRAR
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 04/06/2011 08:53:53 p.m. | Computer Name = COLOSSUS | Source = Application Error | ID = 1000
Description = Aplicación con errores: winamp.exe, versión: 5.5.1.1763, módulo con
 error: in_wm.dll, versión 0.0.0.0, dirección de error 0x000025ad.
 
Error - 04/06/2011 08:54:22 p.m. | Computer Name = COLOSSUS | Source = Application Error | ID = 1000
Description = Aplicación con errores: winamp.exe, versión: 5.5.1.1763, módulo con
 error: in_wm.dll, versión 0.0.0.0, dirección de error 0x000025ad.
 
Error - 04/06/2011 08:54:34 p.m. | Computer Name = COLOSSUS | Source = Application Error | ID = 1000
Description = Aplicación con errores: winamp.exe, versión: 5.5.1.1763, módulo con
 error: in_wm.dll, versión 0.0.0.0, dirección de error 0x000025ad.
 
Error - 04/06/2011 08:54:49 p.m. | Computer Name = COLOSSUS | Source = Application Error | ID = 1000
Description = Aplicación con errores: winamp.exe, versión: 5.5.1.1763, módulo con
 error: in_wm.dll, versión 0.0.0.0, dirección de error 0x000025ad.
 
Error - 05/06/2011 04:13:35 p.m. | Computer Name = COLOSSUS | Source = WmiAdapter | ID = 4099
Description = Error al abrir el servicio.
 
Error - 05/06/2011 04:13:44 p.m. | Computer Name = COLOSSUS | Source = WmiAdapter | ID = 4099
Description = Error al abrir el servicio.
 
Error - 05/06/2011 04:13:45 p.m. | Computer Name = COLOSSUS | Source = WmiAdapter | ID = 4099
Description = Error al abrir el servicio.
 
Error - 05/06/2011 04:13:46 p.m. | Computer Name = COLOSSUS | Source = WmiAdapter | ID = 4099
Description = Error al abrir el servicio.
 
Error - 05/06/2011 04:13:48 p.m. | Computer Name = COLOSSUS | Source = WmiAdapter | ID = 4099
Description = Error al abrir el servicio.
 
Error - 05/06/2011 04:13:49 p.m. | Computer Name = COLOSSUS | Source = WmiAdapter | ID = 4099
Description = Error al abrir el servicio.
 
[ System Events ]
Error - 10/02/2012 10:26:18 a.m. | Computer Name = COLOSSUS | Source = Dhcp | ID = 1002
Description = La concesión de la dirección IP 134.61.93.69 para la tarjeta de red
 con la dirección de red 001A732D7799 ha sido  denegada por el servidor DHCP 192.168.2.1
 (el servidor DHCP envió un mensaje DHCPNACK).
 
Error - 11/02/2012 08:08:29 a.m. | Computer Name = COLOSSUS | Source = Service Control Manager | ID = 7009
Description = Intervalo de espera (30000 ms.) para la conexión con el servicio Servicio
 COM de grabación de CD de IMAPI.
 
Error - 11/02/2012 08:08:29 a.m. | Computer Name = COLOSSUS | Source = Service Control Manager | ID = 7000
Description = El servicio Servicio COM de grabación de CD de IMAPI no pudo iniciarse
 debido al siguiente error:   %%1053
 
Error - 11/02/2012 08:08:29 a.m. | Computer Name = COLOSSUS | Source = Service Control Manager | ID = 7011
Description = Intervalo de espera (30000 ms.) para la respuesta de transacción del
 servicio RasAuto.
 
Error - 11/02/2012 08:54:10 a.m. | Computer Name = COLOSSUS | Source = Dhcp | ID = 1002
Description = La concesión de la dirección IP 192.168.2.100 para la tarjeta de red
 con la dirección de red 001A732D7799 ha sido  denegada por el servidor DHCP 137.226.33.41
 (el servidor DHCP envió un mensaje DHCPNACK).
 
Error - 11/02/2012 01:34:06 p.m. | Computer Name = COLOSSUS | Source = Dhcp | ID = 1000
Description = Su equipo ha perdido la concesión de su dirección IP 134.61.93.69 
en la  tarjeta de red con dirección de red 001A732D7799.
 
Error - 12/02/2012 04:38:50 a.m. | Computer Name = COLOSSUS | Source = Service Control Manager | ID = 7011
Description = Intervalo de espera (30000 ms.) para la respuesta de transacción del
 servicio stisvc.
 
Error - 14/02/2012 02:24:50 p.m. | Computer Name = COLOSSUS | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio 
EventSystem con argumentos ""  para ejecutar el servidor:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 14/02/2012 02:26:06 p.m. | Computer Name = COLOSSUS | Source = Service Control Manager | ID = 7026
Description = El controlador de inicialización siguiente no se cargó correctamente:
   avgio  avipbb  Fips  intelppm  ssmdrv
 
Error - 14/02/2012 02:48:49 p.m. | Computer Name = COLOSSUS | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio 
EventSystem con argumentos ""  para ejecutar el servidor:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
 
< End of report >

--- --- ---
[/code]

cosinus · 15.02.2012, 19:10

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

dumdidum123 · 18.02.2012, 18:52

Hier der vollstaendige Suchlauf:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.14.05

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrador :: COLOSSUS [Administrator]

Schutz: Aktiviert

15/02/2012 08:39:43 p.m.
mbam-log-2012-02-15 (20-39-43).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 288938
Laufzeit: 1 Stunde(n), 33 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\MY PASSPORT\06 - SOFTWARE\acad 2009\Crack\xf-acad9-32-BITS.exe (RiskWare.Tool.HCK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\79_iexplore.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\ie7\iexplore.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Und die log-Datei von ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=399008bfb8e6b14d8357cf2ac5b36bff
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-17 07:13:10
# local_time=2012-02-17 08:13:10 (+0100, Hora estándar de Europa Occ.)
# country="Argentina"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=crash
# scanned=120256
# found=0
# cleaned=0
# scan_time=6082

cosinus · 19.02.2012, 18:51

Zitat:

C:\MY PASSPORT\06 - SOFTWARE\acad 2009\Crack\xf-acad9-32-BITS.exe (RiskWare.Tool.HCK)

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!

In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials

dumdidum123 · 20.02.2012, 18:12

Kein Ding!
Trotzdem Danke! =)

50 € Virus: Malwarebytes gelaufen, fehlt noch OTR

Log-Analyse und Auswertung: 50 € Virus: Malwarebytes gelaufen, fehlt noch OTR