Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu

windrose · 16.05.2010, 16:06

Danke fuer die schnelle Antwort.

OTL-File:

Code:

ATTFilter

OTL logfile created on: 5/16/2010 7:32:43 AM - Run 1
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Documents and Settings\Guenther\My Documents\My Videos
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.74 Gb Total Space | 199.99 Gb Free Space | 42.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SHUTTLE
Current User Name: Guenther
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010/05/16 07:27:19 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guenther\My Documents\My Videos\OTL.exe
PRC - [2010/05/07 12:39:36 | 000,344,736 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/05/19 14:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/14 07:01:56 | 000,492,600 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007/09/14 05:55:26 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/04/20 14:22:22 | 000,079,324 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\WeatherProfessional\database\bin\pg_ctl.exe
PRC - [2007/04/20 14:22:04 | 003,596,659 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\WeatherProfessional\database\bin\postgres.exe
PRC - [2007/03/21 16:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2004/11/08 15:48:56 | 000,237,568 | ---- | M] (Delta) -- C:\Program Files\Belkin Bulldog Plus\upsd.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/05/16 07:27:19 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guenther\My Documents\My Videos\OTL.exe
MOD - [2009/05/25 01:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010/05/07 12:39:36 | 000,344,736 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/06/18 20:49:54 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/19 14:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/10/29 10:50:23 | 000,077,824 | ---- | M] (Extensoft) [Disabled | Stopped] -- C:\Program Files\Extensions for Windows\Extensions\Updater\ExtensionsUpdatesService.exe -- (Extensions Updates Service)
SRV - [2007/09/14 07:01:56 | 000,492,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007/09/14 05:55:26 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/04/20 14:22:22 | 000,079,324 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\WeatherProfessional\database\bin\pg_ctl.exe -- (pgsql-8.2)
SRV - [2007/03/21 16:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2004/11/08 15:48:56 | 000,237,568 | ---- | M] (Delta) [Auto | Running] -- C:\Program Files\Belkin Bulldog Plus\upsd.exe -- (UPSentry_Smart)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010/05/11 19:20:15 | 000,477,784 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/05/11 07:51:56 | 000,210,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2010/05/07 00:19:06 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/05/07 00:19:02 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 14:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/07/07 18:27:50 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/06/18 18:58:55 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/06/18 18:58:55 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/06/18 18:58:48 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/06/18 18:58:46 | 000,368,736 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2009/05/09 04:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/03/28 03:03:00 | 006,280,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/03/15 06:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/02/06 21:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/01/13 22:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/01/13 22:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/01/13 22:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/01/13 22:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2008/08/14 10:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2008/04/13 14:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/03 03:40:56 | 000,047,249 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2007/07/06 14:16:34 | 000,016,000 | ---- | M] (USBest Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UT_FPRd.sys -- (USB_FPRd)
DRV - [2007/06/19 22:14:40 | 004,432,384 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/21 15:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2006/11/02 11:01:00 | 000,250,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/08/16 17:50:50 | 000,278,016 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211U.sys -- (WLAN(WLAN)) XPC 802.11b/g Wireless Kit Driver(WLAN)
DRV - [2004/10/25 16:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.yahoo.com/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://cm.my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.6.17
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.68.2
FF - prefs.js..extensions.enabledItems: {3354F302-9928-4b07-B947-82F65A8FF70D}:2.0.2009110201
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3
FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3
FF - prefs.js..extensions.enabledItems: weatherwatcherlive@singerscreations.com:1.0.13
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.6.14
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.0.232
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/13 12:36:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/13 12:36:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010/05/11 19:21:20 | 000,000,000 | ---D | M]
 
[2009/06/18 22:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Extensions
[2009/06/18 22:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/05/11 21:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions
[2010/03/25 19:45:08 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/05/10 07:01:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/04/11 06:25:50 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/04/27 00:43:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/25 19:45:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{3354F302-9928-4b07-B947-82F65A8FF70D}
[2010/04/13 07:06:55 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/05/04 14:45:48 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2010/04/12 17:58:39 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/04/21 03:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\foxmarks@kei.com
[2010/04/13 07:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\personas@christopher.beard
[2010/03/25 19:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\smartbookmarksbar@remy.juteau
[2010/05/04 22:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\support@lastpass.com
[2010/03/25 19:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\weatherwatcherlive@singerscreations.com
[2010/01/11 16:22:54 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\searchplugins\diigo--google.xml
[2010/04/30 17:18:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\searchplugins\icqplugin-1.xml
[2008/07/10 13:07:28 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\searchplugins\icqplugin.xml
[2010/05/11 21:13:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/11 21:12:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2010/05/11 21:12:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2009/07/11 00:39:25 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
 
O1 HOSTS File: ([2010/05/11 19:13:11 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\RunServices: [4.tmp] c:\docume~1\guenther\locals~1\temp\4.tmp File not found
O4 - HKLM..\RunServices: [EnhancementSearchHelper] c:\program files\microsoft\search enhancement pack\search helper\extentionsearchhelper1.2.118.0.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243652328765 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Documents and Settings\Guenther\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Guenther\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/29 22:18:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010/05/15 07:03:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Guenther\Recent
[2010/05/13 08:13:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Application Data\Malwarebytes
[2010/05/13 08:13:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/13 08:13:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/13 08:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/13 08:13:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/12 19:47:23 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/05/11 19:20:32 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010/05/11 19:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2010/05/11 19:20:15 | 000,477,784 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/05/11 19:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/05/11 17:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/05/11 17:45:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\61D3AAE1D5214CD7939B37813DE8F955.TMP
[2010/05/11 17:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/05/11 14:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/05/11 14:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/08 17:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\easyHDR PRO 2
[2010/05/08 17:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\easyHDR PRO 2
[2010/05/08 17:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Application Data\onOne Software
[2010/05/08 17:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\onOne Software
[2010/05/08 17:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\onOne Software
[2010/05/07 12:37:58 | 000,228,024 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\klogon.dll
[2010/05/07 00:19:06 | 000,132,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kl2.sys
[2010/05/07 00:19:02 | 000,132,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kl1.sys
[2010/05/05 14:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/05/05 13:21:38 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/05/04 16:32:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/04 16:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/05/04 16:31:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\My Documents\AVG
[2010/05/01 17:55:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Local Settings\Application Data\ACD Systems
[2010/05/01 17:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Application Data\ACD Systems
[2010/05/01 17:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/05/01 17:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ACD Systems
[2010/05/01 17:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\ACD Systems
[2010/05/01 17:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Local Settings\Application Data\Downloaded Installations
[2010/04/11 15:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Navigator Systems
[2010/04/07 07:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\My Documents\Bank
[2010/04/03 06:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2010/04/03 05:36:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/03/31 08:43:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/03/28 18:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Application Data\vlc
[2010/03/28 17:17:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2010/03/25 21:00:23 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/03/25 20:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2010/05/16 07:24:21 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/16 07:22:05 | 000,194,667 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/16 07:22:05 | 000,018,980 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2010/05/16 07:22:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/16 07:22:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/15 22:19:46 | 003,670,016 | ---- | M] () -- C:\Documents and Settings\Guenther\NTUSER.DAT
[2010/05/13 08:13:33 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/11 19:22:05 | 000,113,933 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/05/11 19:22:05 | 000,097,549 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/05/11 19:20:15 | 000,477,784 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/05/11 07:51:56 | 000,210,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\ndis.sys
[2010/05/07 12:37:58 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\klogon.dll
[2010/05/07 06:41:19 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\Guenther\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/07 00:19:06 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kl2.sys
[2010/05/07 00:19:02 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kl1.sys
[2010/05/04 16:05:48 | 000,000,210 | -HS- | M] () -- C:\boot.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/16 21:25:14 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Guenther\My Documents\Order Form.xls
[2010/04/07 19:06:16 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Guenther\My Documents\OFM.xls
[2010/04/02 07:53:43 | 000,025,262 | ---- | M] () -- C:\Documents and Settings\Guenther\My Documents\cc_20100402_075337.reg
[2010/03/26 06:46:02 | 000,019,072 | ---- | M] () -- C:\Documents and Settings\Guenther\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/26 06:14:17 | 000,550,666 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/26 06:14:17 | 000,462,390 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/26 06:14:17 | 000,078,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/26 06:12:14 | 002,004,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010/05/13 08:13:33 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/11 19:22:05 | 000,113,933 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/05/11 19:22:05 | 000,097,549 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/04/16 21:25:06 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Guenther\My Documents\Order Form.xls
[2010/04/07 19:06:15 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Guenther\My Documents\OFM.xls
[2010/04/02 07:53:40 | 000,025,262 | ---- | C] () -- C:\Documents and Settings\Guenther\My Documents\cc_20100402_075337.reg
[2009/07/07 18:27:50 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/06/18 20:49:29 | 000,000,614 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/18 17:18:05 | 000,000,609 | R--- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2009/05/29 22:30:41 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2009/05/29 22:30:41 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2007/09/27 13:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 13:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 13:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/28 12:43:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/06/28 12:43:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/06/28 12:43:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/06/28 12:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/06/28 12:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/05/20 16:44:46 | 000,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2006/02/28 08:00:00 | 000,210,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\ndis.sys
[2002/12/13 12:50:00 | 000,021,696 | ---- | C] () -- C:\WINDOWS\System32\lmpcl5d$.ini
 
========== LOP Check ==========
 
[2010/05/01 17:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009/07/07 18:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/05/11 19:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/06/18 21:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/03/31 08:43:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/06/18 22:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Extensions
[2010/03/28 17:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2009/07/25 14:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Martau
[2010/05/08 17:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\onOne Software
[2010/05/11 17:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/18 22:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/06/30 12:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/07/07 13:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{1C806443-3EF6-4749-9244-5B8BB16AC237}
[2009/07/07 18:27:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{44C0A247-3014-411F-95CB-B1729C1B82D5}
[2009/06/18 20:30:01 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/06/18 17:19:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{6E81C7A8-EA69-4F66-A6DA-F1E4B472DE1C}
[2010/04/03 05:36:05 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2009/07/07 13:08:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E43D54EF-B3D5-44DC-8466-C4CC70E63FDD}
[2010/05/01 17:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\ACD Systems
[2009/06/18 18:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Acronis
[2009/07/07 18:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\AquaSoft
[2010/05/15 07:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Azureus
[2009/07/07 18:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Barbecue
[2009/06/19 10:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\COWON
[2009/07/11 00:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Foxit
[2009/09/11 11:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Foxit Software
[2009/07/23 14:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Jpeg Resampler
[2009/07/28 10:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\jpg-Illuminator
[2009/06/19 08:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\kikin
[2009/07/03 11:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mp3tag
[2010/05/08 17:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\onOne Software
[2009/06/18 21:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\OpenOffice.org
[2009/08/26 12:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\PanoramaStudio
[2009/07/07 18:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\PhotoAlbum
[2010/04/17 06:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\SpeedProject
[2009/09/18 20:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\TomTom
[2009/06/18 20:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\TuneUp Software
[2009/07/07 18:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\WebShow
[2009/06/02 12:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Windows Desktop Search
[2009/06/18 17:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Windows Search
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2009/05/29 22:18:29 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/04 16:05:48 | 000,000,210 | -HS- | M] () -- C:\boot.ini
[2009/06/18 19:14:10 | 2567,319,550 | ---- | M] () -- C:\CleanSystem.tib
[2009/05/29 22:18:29 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/05/29 22:18:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/05/29 22:18:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/28 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/05/29 23:16:51 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/16 07:21:58 | 4194,304,000 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010/05/07 12:37:58 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\klogon.dll
[2008/04/13 20:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2009/05/29 15:08:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/05/29 15:08:00 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/05/29 15:08:00 | 000,933,888 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\system32\drivers\*.sys /90 >
[2010/05/07 00:19:02 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\system32\drivers\kl1.sys
[2010/05/07 00:19:06 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\system32\drivers\kl2.sys
[2010/05/11 19:20:15 | 000,477,784 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/05/11 07:51:56 | 000,210,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\ndis.sys
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

Extras-File:

Code:

ATTFilter

OTL Extras logfile created on: 5/16/2010 7:32:43 AM - Run 1
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Documents and Settings\Guenther\My Documents\My Videos
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.74 Gb Total Space | 199.99 Gb Free Space | 42.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SHUTTLE
Current User Name: Guenther
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 3.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [JpegResamplerDir] -- "C:\Program Files\JPEG Resampler\JpegResampler.exe" "%1" (David Macek)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (hxxp://www.emule-project.net)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0180F30F-52A8-4414-8E3B-931917211845}" = AquaSoft DiaShow Studio 6
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15CA0C1F-3F1E-40D2-9B58-9DD570C8EE11}" = AquaSoft PhotoAlbum
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3
"{1D243F00-1389-4C63-A7E9-B17E967D1901}" = WebEx Record and Playback
"{1F701DBD-1660-4108-B10A-FB435EA63BF0}" = PostgreSQL 8.2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 15
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{42A96544-2842-444E-8A27-A61848DDEC87}" = Adobe Photoshop Lightroom 2.1
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A85524E-9681-41D1-976B-8E6954055500}" = Simply Accounting by Sage 2007
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011 Beta
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{768F22DC-2D20-4F52-A9A1-5E231FB7F752}" = Logitech Gaming Software 5.04
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{76E2A1A0-CE72-48A0-8D8E-767A1B0C2191}" = PhotoFrame 4.5 Free
"{77EDEF61-D63C-4441-9BEC-1874CE56FF6E}" = WeatherProfessional
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A8004C8-A4CB-4493-A0BD-683A648204A8}" = AquaSoft WebShow 3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AFAF626C-D2E6-455C-9A5A-ACDF049A6168}" = ASUS nVidia Driver
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1" = CheckDrive
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Plus VX
"{E3D16DAD-1AEE-11D6-B82B-004033AA2C09}" = Belkin Bulldog Plus
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E5343B27-55DF-40BD-9FCF-A643C1331E8A}" = Acronis*True*Image*Home
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AquaSoft DiaShow Studio 6" = AquaSoft DiaShow Studio 6
"AquaSoft PhotoAlbum" = AquaSoft PhotoAlbum
"AquaSoft WebShow 3" = AquaSoft WebShow 3
"CCleaner" = CCleaner
"easyHDR_PRO_2" = easyHDR PRO 2
"eMule" = eMule
"Extensions for Windows" = Extensions for Windows
"Finger Printer Driver_is1" = FPRD 1.7
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"FTDICOMM" = eQ-3 USB Serial Converter Drivers
"ie8" = Windows Internet Explorer 8
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011 Beta
"JPEG Resampler_is1" = JPEG Resampler Vs 5.0
"kikin plugin (Murb.com Edition)" = kikin plugin (Murb.com Edition) 1.11
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mp3tag" = Mp3tag v2.44
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"PanoramaStudio" = PanoramaStudio 1.6 (deinstallieren)
"PhotoFiltre" = PhotoFiltre
"PhotomatixPro3_is1" = Photomatix Pro version 3.0
"PhotomatixPro3Betax32_is1" = Photomatix Pro version 3.2.2
"PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.8
"PowerISO" = PowerISO
"SpeedCommander 13" = SpeedCommander 13
"SystemRequirementsLab" = System Requirements Lab
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Total Uninstall 5 & Power Dream_is1" = Total Uninstall 5.2.0
"Viveza" = Viveza
"VLC media player" = VLC media player 1.0.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WeatherProfessional" = WeatherProfessional
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Messenger Remover" = Windows Messenger Remover 1.0
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 5/14/2010 5:49:04 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating.  Details:
	This
 operation returned because the timeout period expired.   (0x800705b4) 
 
Error - 5/14/2010 5:53:10 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating.  Details:
	This
 operation returned because the timeout period expired.   (0x800705b4) 
 
Error - 5/14/2010 5:57:31 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating.  Details:
	This
 operation returned because the timeout period expired.   (0x800705b4) 
 
Error - 5/14/2010 6:01:37 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating.  Details:
	This
 operation returned because the timeout period expired.   (0x800705b4) 
 
Error - 5/14/2010 6:05:49 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating.  Details:
	This
 operation returned because the timeout period expired.   (0x800705b4) 
 
Error - 5/14/2010 6:10:08 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating.  Details:
	This
 operation returned because the timeout period expired.   (0x800705b4) 
 
Error - 5/14/2010 6:44:58 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating.  Details:
	This
 operation returned because the timeout period expired.   (0x800705b4) 
 
Error - 5/14/2010 6:49:11 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating.  Details:
	This
 operation returned because the timeout period expired.   (0x800705b4) 
 
Error - 5/14/2010 6:53:31 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating.  Details:
	This
 operation returned because the timeout period expired.   (0x800705b4) 
 
Error - 5/14/2010 6:57:44 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating.  Details:
	This
 operation returned because the timeout period expired.   (0x800705b4) 
 
[ System Events ]
Error - 4/15/2010 7:38:37 AM | Computer Name = SHUTTLE | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
 MARMALON-PC  that believes that it is the master browser for the domain on transport
 NetBT_Tcpip_{B9637D46-9AA5-4D.  The master browser is stopping or an election is 
being forced.
 
Error - 4/15/2010 3:28:06 PM | Computer Name = SHUTTLE | Source = Print | ID = 23
Description = Printer Lexmark T630,0 failed to initialize because a suitable Lexmark
 T630 driver could not be found.
 
Error - 4/16/2010 6:37:01 AM | Computer Name = SHUTTLE | Source = Print | ID = 23
Description = Printer Lexmark T630,0 failed to initialize because a suitable Lexmark
 T630 driver could not be found.
 
 
< End of report >

Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu

Log-Analyse und Auswertung: Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu

Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu

Ähnliche Themen: Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu