|
Log-Analyse und Auswertung: 50 € Virus: Malwarebytes gelaufen, fehlt noch OTRWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
14.02.2012, 20:32 | #1 |
| 50 € Virus: Malwarebytes gelaufen, fehlt noch OTR Hallo, Ich habe mir ebenfalls den 50€-Virus eingefangen. Daraufhin habe ich den anderen Eintraegen hier im Forum gefolgt, Malwarebytes installiert und das Programm laufen lassen. (Einige Viren wurden gefunden und geloescht.) Soweit funktioniert der PC wieder, aber es scheint, dass die Sache mit der OTR.exe doch noch von Wichtigkeit ist, darum habe ich das nun auch ausgefuehrt. Es folgen die Ausgabedateien von OTR.exe. Vielen Dank fuer die Hilfe im Voraus! Gruss, Sebastian |
14.02.2012, 22:39 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | 50 € Virus: Malwarebytes gelaufen, fehlt noch OTRZitat:
Alles von Malwarebytes und den anderen Scannern muss hier gepostet werden. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
15.02.2012, 18:07 | #3 |
| 50 € Virus: Malwarebytes gelaufen, fehlt noch OTR OK! Dann zunaechst die LogDatei von Malwarebytes:
__________________Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.14.05 Windows XP Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.6001.18702 Administrador :: COLOSSUS [Administrator] Schutz: Deaktiviert 14/02/2012 07:31:21 p.m. mbam-log-2012-02-14 (19-31-21).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 168584 Laufzeit: 2 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ffdwnd (Trojan.Zbot.CBCGen) -> Daten: C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Mozilla\Firefox\firefox.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Daten: 1 -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSMHelp (PUM.Hijack.Help) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Mozilla\Firefox\firefox.exe (Trojan.Zbot.CBCGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Documents and Settings\Administrador\Configuración local\Temp\ms0cfg32.exe (Trojan.Zbot.CBCGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
15.02.2012, 18:12 | #4 |
| 50 € Virus: Malwarebytes gelaufen, fehlt noch OTR Und die beiden von OTR.exe: OTL Logfile: Code:
ATTFilter OTL logfile created on: 14/02/2012 08:22:22 p.m. - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\03 - DOWNLOADS Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00002C0A | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy 1015,36 Mb Total Physical Memory | 189,86 Mb Available Physical Memory | 18,70% Memory free 2,38 Gb Paging File | 1,53 Gb Available in Paging File | 64,21% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa Drive C: | 298,08 Gb Total Space | 77,08 Gb Free Space | 25,86% Space Free | Partition Type: NTFS Drive D: | 181,45 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: COLOSSUS | User Name: Administrador | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\03 - DOWNLOADS\OTL.exe (OldTimer Tools) PRC - C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Archivos de programa\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Archivos de programa\Maxthon3\Modules\MxMiniThunder\ThunderMini.exe (深圳市迅雷网络技术有限公司) PRC - C:\Archivos de programa\Maxthon3\Bin\Maxthon.exe (Maxthon International ltd.) PRC - C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Archivos de programa\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Archivos de programa\CDBurnerXP\NMSAccessU.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Archivos de programa\Mozilla Firefox\mozjs.dll () MOD - C:\Archivos de programa\Mozilla Thunderbird\mozjs.dll () MOD - C:\Archivos de programa\Mozilla Thunderbird\nsldap32v60.dll () MOD - C:\Archivos de programa\Mozilla Thunderbird\nsldappr32v60.dll () MOD - C:\Archivos de programa\Maxthon3\Core\Webkit\Npplugins\NPSWF32.dll () MOD - C:\Archivos de programa\Maxthon3\Modules\MxMiniThunder\sqlite3.dll () MOD - C:\Archivos de programa\Maxthon3\Modules\MxMiniThunder\libpng13.dll () MOD - C:\Archivos de programa\Maxthon3\Modules\MxMiniThunder\zlib1.dll () MOD - C:\Archivos de programa\Maxthon3\Core\Webkit\avcodec-52.dll () MOD - C:\Archivos de programa\Maxthon3\Core\Webkit\avformat-52.dll () MOD - C:\Archivos de programa\Maxthon3\Core\Webkit\avutil-50.dll () MOD - C:\Archivos de programa\Maxthon3\Bin\Maxzlib.dll () MOD - C:\WINDOWS\system32\redmonnt.dll () MOD - C:\Archivos de programa\CDBurnerXP\NMSAccessU.exe () MOD - C:\Archivos de programa\Avira\AntiVir Desktop\sqlite3.dll () ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (odserv) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (AntiVirService) -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Autodesk Licensing Service) -- C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe (Autodesk) SRV - (AntiVirSchedulerService) -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (NMSAccess) -- C:\Archivos de programa\CDBurnerXP\NMSAccessU.exe () SRV - (ose) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Archivos de programa\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies) DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.) DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = hxxp://www.google.com/search?q=%s IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "https://www2.elearning.rwth-aachen.de/foyer/summary/default.aspx" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Archivos de programa\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Archivos de programa\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Archivos de programa\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Archivos de programa\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Archivos de programa\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Archivos de programa\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2012/02/13 19:08:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2011/07/06 22:46:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Components: C:\Archivos de programa\Mozilla Thunderbird\components [2011/11/13 23:18:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Plugins: C:\Archivos de programa\Mozilla Thunderbird\plugins [2011/05/04 05:14:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Extensions [2011/05/04 05:14:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/01/28 21:25:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\l9mhmyy1.default\extensions [2011/11/10 09:08:34 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRADOR\DATOS DE PROGRAMA\MOZILLA\FIREFOX\PROFILES\L9MHMYY1.DEFAULT\EXTENSIONS\{A3A5C777-F583-4FEF-9380-AB4ADD1BC2A8}.XPI [2012/02/13 19:08:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\components\browsercomps.dll [2011/06/10 00:05:04 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npdeployJava1.dll [2011/10/19 18:17:12 | 000,001,392 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/10/19 18:17:12 | 000,002,252 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\bing.xml [2011/10/19 18:17:12 | 000,001,153 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\eBay-de.xml [2011/10/19 18:17:12 | 000,006,805 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\leo_ende_de.xml [2011/10/19 18:17:12 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\wikipedia-de.xml [2011/10/19 18:17:12 | 000,001,105 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2001/08/24 11:00:00 | 000,000,792 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Aplicación auxiliar de vínculos de Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Archivos de programa\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SynTPStart] C:\Archivos de programa\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\phase6_17_erinnerung.lnk = C:\Archivos de programa\phase6\phase6_17\WinStart\WinStart.exe (phase6) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: CADE - {605E5D27-BFA0-471F-87ED-98A2623D633C} - C:\Archivos de programa\CADE Pro 2.20.3\Web\new.htm () O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{986B2E01-10CC-4FBE-99ED-D447DD6A6E1D}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/05/03 10:13:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{653305d8-a98f-11e0-83a2-001a732d7799}\Shell - "" = AutoRun O33 - MountPoints2\{653305d8-a98f-11e0-83a2-001a732d7799}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{653305dc-a98f-11e0-83a2-001a732d7799}\Shell - "" = AutoRun O33 - MountPoints2\{653305dc-a98f-11e0-83a2-001a732d7799}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a698dfe2-87e9-11e0-8376-001a732d7799}\Shell - "" = AutoRun O33 - MountPoints2\{a698dfe2-87e9-11e0-8376-001a732d7799}\Shell\AutoRun\command - "" = E:\PcOptions.exe O33 - MountPoints2\{b5251992-abc8-11e0-83a4-001a732d7799}\Shell - "" = AutoRun O33 - MountPoints2\{b5251992-abc8-11e0-83a4-001a732d7799}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{f13de8b0-a730-11e0-839e-001a732d7799}\Shell\AutoRun\command - "" = E:\Gear.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/02/14 19:28:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Datos de programa\Malwarebytes [2012/02/14 19:27:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Malwarebytes' Anti-Malware [2012/02/14 19:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes [2012/02/14 19:27:53 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/02/14 19:27:53 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware [2012/02/14 19:24:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC [2012/02/14 02:33:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrador\Recent [2012/02/11 13:10:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Datos de programa\Avira [2012/02/09 21:44:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Datos de programa\runic games [2012/02/09 21:37:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Torchlight [2012/02/09 21:35:32 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Runic Games [2012/02/09 21:35:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documentos\Runic [2012/02/06 22:52:09 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Lighthouse Interactive [2012/02/06 18:41:10 | 000,000,000 | ---D | C] -- C:\Sierra [2012/02/06 18:37:25 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Archivos comunes\Wise Installation Wizard [2012/02/02 20:34:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\riotsGamesLogs [2012/02/02 20:18:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Datos de programa\LolClient [2012/02/02 17:58:21 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll [2012/02/02 17:58:21 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll [2012/02/02 17:58:20 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll [2012/02/02 17:58:20 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll [2012/02/02 17:58:17 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll [2012/02/02 17:58:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs [2012/02/02 17:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Riot Games [2012/02/02 17:08:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\PMB Files [2012/02/02 17:08:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\PMB Files [2012/02/02 17:07:55 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Pando Networks [2012/01/29 18:16:58 | 000,000,000 | ---D | C] -- C:\Archivos de programa\iMesh Applications [2012/01/29 18:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\iMesh [2012/01/29 18:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\iMesh [2012/01/29 18:16:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Datos de programa\{BD8912D9-3040-46C4-B96A-4C3AC7E43486} [2012/01/29 18:15:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\PackageAware [2012/01/20 12:45:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\CADE [2012/01/20 12:45:02 | 000,000,000 | ---D | C] -- C:\Archivos de programa\CADE Pro 2.20.3 [2012/01/20 12:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\AutoDWG [2012/01/20 12:39:08 | 000,000,000 | ---D | C] -- C:\Archivos de programa\AutoDWG [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/02/14 19:50:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/02/14 19:49:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/02/06 22:55:18 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll [2012/01/25 16:47:49 | 000,509,168 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat [2012/01/25 16:47:49 | 000,445,004 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/01/25 16:47:49 | 000,092,334 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat [2012/01/25 16:47:49 | 000,072,688 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/12/20 19:11:02 | 000,260,531 | ---- | C] () -- C:\WINDOWS\pdfcvt.dat [2011/08/24 15:49:11 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2011/07/04 21:08:26 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/06/11 20:10:55 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini [2011/06/10 03:57:28 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2011/06/10 03:57:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe [2011/05/12 22:38:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/05/11 00:46:19 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Datos de programa\Microsoft.SqlServer.Compact.351.32.bc [2011/05/10 06:33:41 | 000,337,392 | ---- | C] () -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\FontCache3.0.0.0.dat [2011/05/07 18:39:19 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011/05/06 16:47:03 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\fusioncache.dat [2011/05/04 04:39:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011/05/03 14:41:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2011/05/03 14:17:49 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2011/05/03 10:33:14 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2011/05/03 10:33:14 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2011/05/03 10:14:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011/05/03 10:13:52 | 000,324,608 | ---- | C] () -- C:\WINDOWS\System32\wget.exe [2011/05/03 10:13:52 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\win-get.exe [2011/05/03 10:13:52 | 000,313,856 | ---- | C] () -- C:\WINDOWS\System32\rar.exe [2011/05/03 10:13:52 | 000,026,013 | ---- | C] () -- C:\WINDOWS\System32\sleep.exe [2011/05/03 10:13:52 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\delage32.exe [2011/05/03 10:13:52 | 000,005,447 | ---- | C] () -- C:\WINDOWS\System32\choice.com [2011/05/03 10:13:52 | 000,000,209 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2011/05/03 10:10:05 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011/05/03 06:04:40 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011/05/03 05:57:55 | 000,348,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/03/24 13:35:54 | 000,000,582 | ---- | C] () -- C:\WINDOWS\TipGlobal70.ini [2004/08/19 18:58:52 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2004/08/02 17:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2001/08/24 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001/08/24 11:00:00 | 000,509,168 | ---- | C] () -- C:\WINDOWS\System32\perfh00A.dat [2001/08/24 11:00:00 | 000,445,004 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001/08/24 11:00:00 | 000,317,534 | ---- | C] () -- C:\WINDOWS\System32\perfi00A.dat [2001/08/24 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001/08/24 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001/08/24 11:00:00 | 000,092,334 | ---- | C] () -- C:\WINDOWS\System32\perfc00A.dat [2001/08/24 11:00:00 | 000,072,688 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001/08/24 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001/08/24 11:00:00 | 000,036,284 | ---- | C] () -- C:\WINDOWS\System32\perfd00A.dat [2001/08/24 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001/08/24 11:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2001/08/23 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001/08/23 12:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat < End of report > [/code] Extras: Code:
ATTFilter OTL Extras logfile created on: 14/02/2012 08:22:22 p.m. - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\03 - DOWNLOADS Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00002C0A | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy 1015,36 Mb Total Physical Memory | 189,86 Mb Available Physical Memory | 18,70% Memory free 2,38 Gb Paging File | 1,53 Gb Available in Paging File | 64,21% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa Drive C: | 298,08 Gb Total Space | 77,08 Gb Free Space | 25,86% Space Free | Partition Type: NTFS Drive D: | 181,45 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: COLOSSUS | User Name: Administrador | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Max3.Association.HTML] -- C:\Archivos de programa\Maxthon3\Bin\Maxthon.exe (Maxthon International ltd.) .url [@ = InternetShortcut] -- C:\Archivos de programa\Maxthon3\Bin\Maxthon.exe (Maxthon International ltd.) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [open] -- "C:\Archivos de programa\Maxthon3\Bin\Maxthon.exe" "%1" (Maxthon International ltd.) http [open] -- "C:\Archivos de programa\Maxthon3\Bin\Maxthon.exe" "%1" (Maxthon International ltd.) https [open] -- "C:\Archivos de programa\Maxthon3\Bin\Maxthon.exe" "%1" (Maxthon International ltd.) InternetShortcut [open] -- "C:\Archivos de programa\Maxthon3\Bin\Maxthon.exe" "%1" (Maxthon International ltd.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Archivos de programa\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Archivos de programa\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "58879:TCP" = 58879:TCP:*:Enabled:Pando Media Booster "58879:UDP" = 58879:UDP:*:Enabled:Pando Media Booster [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "58879:TCP" = 58879:TCP:*:Enabled:Pando Media Booster "58879:UDP" = 58879:UDP:*:Enabled:Pando Media Booster ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Archivos de programa\iMesh Applications\iMesh\iMesh.exe" = C:\Archivos de programa\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- (iMesh, Inc) "C:\Archivos de programa\Pando Networks\Media Booster\PMB.exe" = C:\Archivos de programa\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Archivos de programa\Winamp\winamp.exe" = C:\Archivos de programa\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft) "C:\Archivos de programa\iMesh Applications\iMesh\iMesh.exe" = C:\Archivos de programa\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- (iMesh, Inc) "C:\Archivos de programa\Pando Networks\Media Booster\PMB.exe" = C:\Archivos de programa\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0D050176-09B9-437C-9E9C-B3E84614D32E}" = CADE Pro 2.20.3 "{103906AD-C60E-4E65-BC84-CE980D19CE41}" = Adobe Shockwave Player "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series" = Canon MP490 series MP Drivers "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35D4B689-722A-413B-BC6E-8ACA8C1E8636}" = Foxit Reader "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01) "{5783F2D7-7001-0409-0002-0060B0CE6BBA}" = AutoCAD 2009 - English "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh "{90120000-0010-0C0A-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Spanish) 12 "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007 "{90120000-0015-0C0A-0000-0000000FF1CE}_PROPLUS_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007 "{90120000-0016-0C0A-0000-0000000FF1CE}_PROPLUS_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007 "{90120000-0018-0C0A-0000-0000000FF1CE}_PROPLUS_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007 "{90120000-0019-0C0A-0000-0000000FF1CE}_PROPLUS_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007 "{90120000-001A-0C0A-0000-0000000FF1CE}_PROPLUS_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007 "{90120000-001B-0C0A-0000-0000000FF1CE}_PROPLUS_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007 "{90120000-001F-0403-0000-0000000FF1CE}_PROPLUS_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007 "{90120000-001F-0416-0000-0000000FF1CE}_PROPLUS_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007 "{90120000-001F-042D-0000-0000000FF1CE}_PROPLUS_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007 "{90120000-001F-0456-0000-0000000FF1CE}_PROPLUS_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007 "{90120000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2007 "{90120000-0044-0C0A-0000-0000000FF1CE}_PROPLUS_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007 "{90120000-006E-0C0A-0000-0000000FF1CE}_PROPLUS_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller "{A02F2188-4962-4E1A-BB0D-5982774361D7}" = DGN to DWG Converter "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-7AD7-1034-7B44-A81000000003}" = Adobe Reader 8.1.1 - Español "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BE69B1E5-F275-45E5-BF09-D8652446407A}" = Bentley WaterCAD V8 XM 08.09.400.34 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C19977DD-4A51-4F26-8200-E3A6F67C2350}" = Tipos 7.0 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E1230694-33DA-4E74-82E1-06CC9D545E9B}" = Windows Vista Sounds Pack "{EFFE151C-F863-4B1E-9E22-3C1369B4C690}" = phase6_17 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Agere Systems Soft Modem" = Agere Systems HDA Modem "Any DWG to PDF Converter_is1" = Any DWG to PDF Converter 2010 "AutoCAD 2009 - English" = AutoCAD 2009 - English "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Banda Ancha Movil" = Banda Ancha Movil "Canon MP490 series Benutzerregistrierung" = Canon MP490 series Benutzerregistrierung "CanonMyPrinter" = Canon Utilities My Printer "CCleaner" = CCleaner "DirSync" = DirSync UNICODE 2.93 "DVD Decrypter" = DVD Decrypter (Remove Only) "Fallout Tactics" = Fallout Tactics "FreePDF_XP" = FreePDF (Remove only) "GPL Ghostscript 9.02" = GPL Ghostscript "HDMI" = Intel(R) Graphics Media Accelerator Driver "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "iMesh" = iMesh "InstallShield_{C19977DD-4A51-4F26-8200-E3A6F67C2350}" = Tipos 7.0 "KLiteCodecPack_is1" = K-Lite Codec Pack 3.6.5 Basic "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000 "Maxthon3" = Maxthon 3 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime "Mozilla Firefox 10.0.1 (x86 de)" = Mozilla Firefox 10.0.1 (x86 de) "Mozilla Thunderbird 10.0.1 (x86 de)" = Mozilla Thunderbird 10.0.1 (x86 de) "Nero8Lite_is1" = Nero 8 Lite 8.2.8.0 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Pack Vista Inspirat 2" = Pack Vista Inspirat 2 1.0 "Picasa 3" = Picasa 3 "PROPLUS" = Microsoft Office Professional Plus 2007 "QuicktimeAlt_is1" = QuickTime Alternative 2.2.0 "RealAlt_is1" = Real Alternative 1.7.5 "Redirection Port Monitor" = RedMon - Redirection Port Monitor "Runic Games Torchlight" = Torchlight "Songr" = Songr "SynTPDeinstKey" = Synaptics Pointing Device Driver "VLC media player" = VLC media player 1.1.9 "WIC" = Windows Imaging Component "Winamp" = Winamp "WinRAR archiver" = Compresor WinRAR "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 04/06/2011 08:53:53 p.m. | Computer Name = COLOSSUS | Source = Application Error | ID = 1000 Description = Aplicación con errores: winamp.exe, versión: 5.5.1.1763, módulo con error: in_wm.dll, versión 0.0.0.0, dirección de error 0x000025ad. Error - 04/06/2011 08:54:22 p.m. | Computer Name = COLOSSUS | Source = Application Error | ID = 1000 Description = Aplicación con errores: winamp.exe, versión: 5.5.1.1763, módulo con error: in_wm.dll, versión 0.0.0.0, dirección de error 0x000025ad. Error - 04/06/2011 08:54:34 p.m. | Computer Name = COLOSSUS | Source = Application Error | ID = 1000 Description = Aplicación con errores: winamp.exe, versión: 5.5.1.1763, módulo con error: in_wm.dll, versión 0.0.0.0, dirección de error 0x000025ad. Error - 04/06/2011 08:54:49 p.m. | Computer Name = COLOSSUS | Source = Application Error | ID = 1000 Description = Aplicación con errores: winamp.exe, versión: 5.5.1.1763, módulo con error: in_wm.dll, versión 0.0.0.0, dirección de error 0x000025ad. Error - 05/06/2011 04:13:35 p.m. | Computer Name = COLOSSUS | Source = WmiAdapter | ID = 4099 Description = Error al abrir el servicio. Error - 05/06/2011 04:13:44 p.m. | Computer Name = COLOSSUS | Source = WmiAdapter | ID = 4099 Description = Error al abrir el servicio. Error - 05/06/2011 04:13:45 p.m. | Computer Name = COLOSSUS | Source = WmiAdapter | ID = 4099 Description = Error al abrir el servicio. Error - 05/06/2011 04:13:46 p.m. | Computer Name = COLOSSUS | Source = WmiAdapter | ID = 4099 Description = Error al abrir el servicio. Error - 05/06/2011 04:13:48 p.m. | Computer Name = COLOSSUS | Source = WmiAdapter | ID = 4099 Description = Error al abrir el servicio. Error - 05/06/2011 04:13:49 p.m. | Computer Name = COLOSSUS | Source = WmiAdapter | ID = 4099 Description = Error al abrir el servicio. [ System Events ] Error - 10/02/2012 10:26:18 a.m. | Computer Name = COLOSSUS | Source = Dhcp | ID = 1002 Description = La concesión de la dirección IP 134.61.93.69 para la tarjeta de red con la dirección de red 001A732D7799 ha sido denegada por el servidor DHCP 192.168.2.1 (el servidor DHCP envió un mensaje DHCPNACK). Error - 11/02/2012 08:08:29 a.m. | Computer Name = COLOSSUS | Source = Service Control Manager | ID = 7009 Description = Intervalo de espera (30000 ms.) para la conexión con el servicio Servicio COM de grabación de CD de IMAPI. Error - 11/02/2012 08:08:29 a.m. | Computer Name = COLOSSUS | Source = Service Control Manager | ID = 7000 Description = El servicio Servicio COM de grabación de CD de IMAPI no pudo iniciarse debido al siguiente error: %%1053 Error - 11/02/2012 08:08:29 a.m. | Computer Name = COLOSSUS | Source = Service Control Manager | ID = 7011 Description = Intervalo de espera (30000 ms.) para la respuesta de transacción del servicio RasAuto. Error - 11/02/2012 08:54:10 a.m. | Computer Name = COLOSSUS | Source = Dhcp | ID = 1002 Description = La concesión de la dirección IP 192.168.2.100 para la tarjeta de red con la dirección de red 001A732D7799 ha sido denegada por el servidor DHCP 137.226.33.41 (el servidor DHCP envió un mensaje DHCPNACK). Error - 11/02/2012 01:34:06 p.m. | Computer Name = COLOSSUS | Source = Dhcp | ID = 1000 Description = Su equipo ha perdido la concesión de su dirección IP 134.61.93.69 en la tarjeta de red con dirección de red 001A732D7799. Error - 12/02/2012 04:38:50 a.m. | Computer Name = COLOSSUS | Source = Service Control Manager | ID = 7011 Description = Intervalo de espera (30000 ms.) para la respuesta de transacción del servicio stisvc. Error - 14/02/2012 02:24:50 p.m. | Computer Name = COLOSSUS | Source = DCOM | ID = 10005 Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio EventSystem con argumentos "" para ejecutar el servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 14/02/2012 02:26:06 p.m. | Computer Name = COLOSSUS | Source = Service Control Manager | ID = 7026 Description = El controlador de inicialización siguiente no se cargó correctamente: avgio avipbb Fips intelppm ssmdrv Error - 14/02/2012 02:48:49 p.m. | Computer Name = COLOSSUS | Source = DCOM | ID = 10005 Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio EventSystem con argumentos "" para ejecutar el servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF} < End of report > [/code] |
15.02.2012, 19:10 | #5 |
/// Winkelfunktion /// TB-Süch-Tiger™ | 50 € Virus: Malwarebytes gelaufen, fehlt noch OTR Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten |
18.02.2012, 18:52 | #6 |
| 50 € Virus: Malwarebytes gelaufen, fehlt noch OTR Hier der vollstaendige Suchlauf: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.14.05 Windows XP Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.18702 Administrador :: COLOSSUS [Administrator] Schutz: Aktiviert 15/02/2012 08:39:43 p.m. mbam-log-2012-02-15 (20-39-43).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 288938 Laufzeit: 1 Stunde(n), 33 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\MY PASSPORT\06 - SOFTWARE\acad 2009\Crack\xf-acad9-32-BITS.exe (RiskWare.Tool.HCK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\79_iexplore.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\WINDOWS\ie7\iexplore.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=399008bfb8e6b14d8357cf2ac5b36bff # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-02-17 07:13:10 # local_time=2012-02-17 08:13:10 (+0100, Hora estándar de Europa Occ.) # country="Argentina" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=crash # scanned=120256 # found=0 # cleaned=0 # scan_time=6082 |
19.02.2012, 18:51 | #7 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | 50 € Virus: Malwarebytes gelaufen, fehlt noch OTRZitat:
Siehe auch => http://www.trojaner-board.de/95393-c...-software.html Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein! In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________ Logfiles bitte immer in CODE-Tags posten |
20.02.2012, 18:12 | #8 |
| 50 € Virus: Malwarebytes gelaufen, fehlt noch OTR Kein Ding! Trotzdem Danke! =) |
Themen zu 50 € Virus: Malwarebytes gelaufen, fehlt noch OTR |
50€-virus, andere, anderen, ebenfalls, folge, folgen, forum, funktionier, funktioniert, gefunde, gelaufen, installier, installiert, laufe, laufen, malwarebytes, programm, sache, schei, viren, virus |