| |
| |||||||
Log-Analyse und Auswertung: Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.euWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
15.05.2010, 19:59
| #1 |
| |  Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu Hallo zusammen, durch Dummheit habe ich mir Viren & Trojaner eingefangen. Wenn ich mit Kasperksy reinige findet er folgende Sachen: Virus.Win32.Protector.f Trojan-Dropper.Win32.delf.eu kann sie aber beide nicht loeschen. Wenn ich Malwarebytes laufen lassen, findet er ebenfalls 2 Trojaner: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4103 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 5/15/2010 2:56:39 PM mbam-log-2010-05-15 (14-56-39).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 121172 Laufzeit: 7 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\WINDOWS\system32\ipsecndis.sys (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\Drivers\ntndis.sys (Rootkit.Agent) -> Delete on reboot. in beiden Fallen kann er sie nach einem Neustart nich loeschen. Thanks |
|
16.05.2010, 09:42
| #2 |
| /// Selecta Jahrusso   | Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu Bitte die Logfiles nicht einfärben, macht sie schwerer zu lesen. schritt 1 CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
schritt 2
Bitte poste in Deiner nächsten Antwort OTL.txt Extra.txt Gmer.txt
__________________ |
|
16.05.2010, 16:06
| #3 |
| | Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu Danke fuer die schnelle Antwort.
__________________ OTL-File: Code:
ATTFilter OTL logfile created on: 5/16/2010 7:32:43 AM - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Guenther\My Documents\My Videos Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free 7.00 Gb Paging File | 7.00 Gb Available in Paging File | 93.00% Paging File free Paging file location(s): C:\pagefile.sys 4000 4000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 465.74 Gb Total Space | 199.99 Gb Free Space | 42.94% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SHUTTLE Current User Name: Guenther Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/05/16 07:27:19 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guenther\My Documents\My Videos\OTL.exe PRC - [2010/05/07 12:39:36 | 000,344,736 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe PRC - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2009/05/19 14:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/09/14 07:01:56 | 000,492,600 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe PRC - [2007/09/14 05:55:26 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2007/04/20 14:22:22 | 000,079,324 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\WeatherProfessional\database\bin\pg_ctl.exe PRC - [2007/04/20 14:22:04 | 003,596,659 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\WeatherProfessional\database\bin\postgres.exe PRC - [2007/03/21 16:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2004/11/08 15:48:56 | 000,237,568 | ---- | M] (Delta) -- C:\Program Files\Belkin Bulldog Plus\upsd.exe ========== Modules (SafeList) ========== MOD - [2010/05/16 07:27:19 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guenther\My Documents\My Videos\OTL.exe MOD - [2009/05/25 01:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2010/05/07 12:39:36 | 000,344,736 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP) SRV - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2009/06/18 20:49:54 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009/05/19 14:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2008/10/29 10:50:23 | 000,077,824 | ---- | M] (Extensoft) [Disabled | Stopped] -- C:\Program Files\Extensions for Windows\Extensions\Updater\ExtensionsUpdatesService.exe -- (Extensions Updates Service) SRV - [2007/09/14 07:01:56 | 000,492,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService) SRV - [2007/09/14 05:55:26 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2007/04/20 14:22:22 | 000,079,324 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\WeatherProfessional\database\bin\pg_ctl.exe -- (pgsql-8.2) SRV - [2007/03/21 16:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2004/11/08 15:48:56 | 000,237,568 | ---- | M] (Delta) [Auto | Running] -- C:\Program Files\Belkin Bulldog Plus\upsd.exe -- (UPSentry_Smart) ========== Driver Services (SafeList) ========== DRV - [2010/05/11 19:20:15 | 000,477,784 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2010/05/11 07:51:56 | 000,210,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS) DRV - [2010/05/07 00:19:06 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2) DRV - [2010/05/07 00:19:02 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1) DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009/09/14 14:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5) DRV - [2009/07/07 18:27:50 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009/06/18 18:58:55 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter) DRV - [2009/06/18 18:58:55 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2009/06/18 18:58:48 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman) DRV - [2009/06/18 18:58:46 | 000,368,736 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman) DRV - [2009/05/09 04:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr) DRV - [2009/03/28 03:03:00 | 006,280,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2009/03/15 06:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu) DRV - [2009/02/06 21:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr) DRV - [2009/01/13 22:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2009/01/13 22:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2009/01/13 22:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter) DRV - [2009/01/13 22:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2008/08/14 10:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs) DRV - [2008/04/13 14:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt) DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007/12/03 03:40:56 | 000,047,249 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2007/07/06 14:16:34 | 000,016,000 | ---- | M] (USBest Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UT_FPRd.sys -- (USB_FPRd) DRV - [2007/06/19 22:14:40 | 004,432,384 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007/03/21 15:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor) DRV - [2006/11/02 11:01:00 | 000,250,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2005/08/16 17:50:50 | 000,278,016 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211U.sys -- (WLAN(WLAN)) XPC 802.11b/g Wireless Kit Driver(WLAN) DRV - [2004/10/25 16:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.yahoo.com/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://cm.my.yahoo.com/" FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21 FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2 FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.6.17 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.68.2 FF - prefs.js..extensions.enabledItems: {3354F302-9928-4b07-B947-82F65A8FF70D}:2.0.2009110201 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3 FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3 FF - prefs.js..extensions.enabledItems: weatherwatcherlive@singerscreations.com:1.0.13 FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.6.14 FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.0.232 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/13 12:36:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/13 12:36:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010/05/11 19:21:20 | 000,000,000 | ---D | M] [2009/06/18 22:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Extensions [2009/06/18 22:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Extensions\home2@tomtom.com [2010/05/11 21:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions [2010/03/25 19:45:08 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2010/05/10 07:01:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2010/04/11 06:25:50 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2010/04/27 00:43:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/03/25 19:45:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{3354F302-9928-4b07-B947-82F65A8FF70D} [2010/04/13 07:06:55 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} [2010/05/04 14:45:48 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2010/04/12 17:58:39 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010/04/21 03:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\foxmarks@kei.com [2010/04/13 07:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\personas@christopher.beard [2010/03/25 19:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\smartbookmarksbar@remy.juteau [2010/05/04 22:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\support@lastpass.com [2010/03/25 19:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\weatherwatcherlive@singerscreations.com [2010/01/11 16:22:54 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\searchplugins\diigo--google.xml [2010/04/30 17:18:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\searchplugins\icqplugin-1.xml [2008/07/10 13:07:28 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\searchplugins\icqplugin.xml [2010/05/11 21:13:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/05/11 21:12:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2010/05/11 21:12:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2009/07/11 00:39:25 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll O1 HOSTS File: ([2010/05/11 19:13:11 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin) O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\RunServices: [4.tmp] c:\docume~1\guenther\locals~1\temp\4.tmp File not found O4 - HKLM..\RunServices: [EnhancementSearchHelper] c:\program files\microsoft\search enhancement pack\search helper\extentionsearchhelper1.2.118.0.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243652328765 (WUWebControl Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop WallPaper: C:\Documents and Settings\Guenther\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Guenther\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/05/29 22:18:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010/05/15 07:03:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Guenther\Recent [2010/05/13 08:13:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Application Data\Malwarebytes [2010/05/13 08:13:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/05/13 08:13:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/05/13 08:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/05/13 08:13:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/05/12 19:47:23 | 000,000,000 | -HSD | C] -- C:\found.000 [2010/05/11 19:20:32 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2010/05/11 19:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab [2010/05/11 19:20:15 | 000,477,784 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2010/05/11 19:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files [2010/05/11 17:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2010/05/11 17:45:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\61D3AAE1D5214CD7939B37813DE8F955.TMP [2010/05/11 17:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2010/05/11 14:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2010/05/11 14:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010/05/08 17:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\easyHDR PRO 2 [2010/05/08 17:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\easyHDR PRO 2 [2010/05/08 17:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Application Data\onOne Software [2010/05/08 17:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\onOne Software [2010/05/08 17:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\onOne Software [2010/05/07 12:37:58 | 000,228,024 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\klogon.dll [2010/05/07 00:19:06 | 000,132,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kl2.sys [2010/05/07 00:19:02 | 000,132,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kl1.sys [2010/05/05 14:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2010/05/05 13:21:38 | 000,000,000 | -H-D | C] -- C:\$AVG [2010/05/04 16:32:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9 [2010/05/04 16:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2010/05/04 16:31:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\My Documents\AVG [2010/05/01 17:55:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Local Settings\Application Data\ACD Systems [2010/05/01 17:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Application Data\ACD Systems [2010/05/01 17:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ACD Systems [2010/05/01 17:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ACD Systems [2010/05/01 17:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\ACD Systems [2010/05/01 17:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Local Settings\Application Data\Downloaded Installations [2010/04/11 15:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Navigator Systems [2010/04/07 07:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\My Documents\Bank [2010/04/03 06:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software [2010/04/03 05:36:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010/03/31 08:43:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2010/03/28 18:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Application Data\vlc [2010/03/28 17:17:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ICQ [2010/03/25 21:00:23 | 000,000,000 | ---D | C] -- C:\Program Files\JRE [2010/03/25 20:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010/05/16 07:24:21 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/05/16 07:22:05 | 000,194,667 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010/05/16 07:22:05 | 000,018,980 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml [2010/05/16 07:22:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/05/16 07:22:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/05/15 22:19:46 | 003,670,016 | ---- | M] () -- C:\Documents and Settings\Guenther\NTUSER.DAT [2010/05/13 08:13:33 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/05/11 19:22:05 | 000,113,933 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat [2010/05/11 19:22:05 | 000,097,549 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat [2010/05/11 19:20:15 | 000,477,784 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2010/05/11 07:51:56 | 000,210,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\ndis.sys [2010/05/07 12:37:58 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\klogon.dll [2010/05/07 06:41:19 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\Guenther\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/05/07 00:19:06 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kl2.sys [2010/05/07 00:19:02 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kl1.sys [2010/05/04 16:05:48 | 000,000,210 | -HS- | M] () -- C:\boot.ini [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/04/16 21:25:14 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Guenther\My Documents\Order Form.xls [2010/04/07 19:06:16 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Guenther\My Documents\OFM.xls [2010/04/02 07:53:43 | 000,025,262 | ---- | M] () -- C:\Documents and Settings\Guenther\My Documents\cc_20100402_075337.reg [2010/03/26 06:46:02 | 000,019,072 | ---- | M] () -- C:\Documents and Settings\Guenther\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/03/26 06:14:17 | 000,550,666 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/03/26 06:14:17 | 000,462,390 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/03/26 06:14:17 | 000,078,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/03/26 06:12:14 | 002,004,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/05/13 08:13:33 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/05/11 19:22:05 | 000,113,933 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat [2010/05/11 19:22:05 | 000,097,549 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat [2010/04/16 21:25:06 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Guenther\My Documents\Order Form.xls [2010/04/07 19:06:15 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Guenther\My Documents\OFM.xls [2010/04/02 07:53:40 | 000,025,262 | ---- | C] () -- C:\Documents and Settings\Guenther\My Documents\cc_20100402_075337.reg [2009/07/07 18:27:50 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009/06/18 20:49:29 | 000,000,614 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009/06/18 17:18:05 | 000,000,609 | R--- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini [2009/05/29 22:30:41 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll [2009/05/29 22:30:41 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL [2007/09/27 13:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/09/27 13:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/09/27 13:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2007/06/28 12:43:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007/06/28 12:43:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007/06/28 12:43:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007/06/28 12:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007/06/28 12:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006/05/20 16:44:46 | 000,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys [2006/02/28 08:00:00 | 000,210,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\ndis.sys [2002/12/13 12:50:00 | 000,021,696 | ---- | C] () -- C:\WINDOWS\System32\lmpcl5d$.ini ========== LOP Check ========== [2010/05/01 17:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems [2009/07/07 18:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis [2010/05/11 19:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2009/06/18 21:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus [2010/03/31 08:43:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2009/06/18 22:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Extensions [2010/03/28 17:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ [2009/07/25 14:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Martau [2010/05/08 17:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\onOne Software [2010/05/11 17:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/06/18 22:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom [2009/06/30 12:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2009/07/07 13:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{1C806443-3EF6-4749-9244-5B8BB16AC237} [2009/07/07 18:27:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{44C0A247-3014-411F-95CB-B1729C1B82D5} [2009/06/18 20:30:01 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} [2009/06/18 17:19:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{6E81C7A8-EA69-4F66-A6DA-F1E4B472DE1C} [2010/04/03 05:36:05 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2009/07/07 13:08:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E43D54EF-B3D5-44DC-8466-C4CC70E63FDD} [2010/05/01 17:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\ACD Systems [2009/06/18 18:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Acronis [2009/07/07 18:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\AquaSoft [2010/05/15 07:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Azureus [2009/07/07 18:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Barbecue [2009/06/19 10:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\COWON [2009/07/11 00:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Foxit [2009/09/11 11:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Foxit Software [2009/07/23 14:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Jpeg Resampler [2009/07/28 10:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\jpg-Illuminator [2009/06/19 08:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\kikin [2009/07/03 11:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mp3tag [2010/05/08 17:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\onOne Software [2009/06/18 21:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\OpenOffice.org [2009/08/26 12:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\PanoramaStudio [2009/07/07 18:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\PhotoAlbum [2010/04/17 06:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\SpeedProject [2009/09/18 20:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\TomTom [2009/06/18 20:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\TuneUp Software [2009/07/07 18:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\WebShow [2009/06/02 12:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Windows Desktop Search [2009/06/18 17:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Windows Search ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2009/05/29 22:18:29 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010/05/04 16:05:48 | 000,000,210 | -HS- | M] () -- C:\boot.ini [2009/06/18 19:14:10 | 2567,319,550 | ---- | M] () -- C:\CleanSystem.tib [2009/05/29 22:18:29 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2009/05/29 22:18:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009/05/29 22:18:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2006/02/28 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2009/05/29 23:16:51 | 000,250,048 | RHS- | M] () -- C:\ntldr [2010/05/16 07:21:58 | 4194,304,000 | -HS- | M] () -- C:\pagefile.sys < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2010/05/07 12:37:58 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\klogon.dll [2008/04/13 20:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2009/05/29 15:08:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2009/05/29 15:08:00 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2009/05/29 15:08:00 | 000,933,888 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\system32\drivers\*.sys /90 > [2010/05/07 00:19:02 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\system32\drivers\kl1.sys [2010/05/07 00:19:06 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\system32\drivers\kl2.sys [2010/05/11 19:20:15 | 000,477,784 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys [2010/05/11 07:51:56 | 000,210,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\ndis.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 < End of report > Code:
ATTFilter OTL Extras logfile created on: 5/16/2010 7:32:43 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Guenther\My Documents\My Videos
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.74 Gb Total Space | 199.99 Gb Free Space | 42.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SHUTTLE
Current User Name: Guenther
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 3.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [JpegResamplerDir] -- "C:\Program Files\JPEG Resampler\JpegResampler.exe" "%1" (David Macek)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (hxxp://www.emule-project.net)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0180F30F-52A8-4414-8E3B-931917211845}" = AquaSoft DiaShow Studio 6
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15CA0C1F-3F1E-40D2-9B58-9DD570C8EE11}" = AquaSoft PhotoAlbum
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3
"{1D243F00-1389-4C63-A7E9-B17E967D1901}" = WebEx Record and Playback
"{1F701DBD-1660-4108-B10A-FB435EA63BF0}" = PostgreSQL 8.2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 15
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{42A96544-2842-444E-8A27-A61848DDEC87}" = Adobe Photoshop Lightroom 2.1
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A85524E-9681-41D1-976B-8E6954055500}" = Simply Accounting by Sage 2007
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011 Beta
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{768F22DC-2D20-4F52-A9A1-5E231FB7F752}" = Logitech Gaming Software 5.04
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{76E2A1A0-CE72-48A0-8D8E-767A1B0C2191}" = PhotoFrame 4.5 Free
"{77EDEF61-D63C-4441-9BEC-1874CE56FF6E}" = WeatherProfessional
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A8004C8-A4CB-4493-A0BD-683A648204A8}" = AquaSoft WebShow 3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AFAF626C-D2E6-455C-9A5A-ACDF049A6168}" = ASUS nVidia Driver
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1" = CheckDrive
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Plus VX
"{E3D16DAD-1AEE-11D6-B82B-004033AA2C09}" = Belkin Bulldog Plus
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E5343B27-55DF-40BD-9FCF-A643C1331E8A}" = Acronis*True*Image*Home
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AquaSoft DiaShow Studio 6" = AquaSoft DiaShow Studio 6
"AquaSoft PhotoAlbum" = AquaSoft PhotoAlbum
"AquaSoft WebShow 3" = AquaSoft WebShow 3
"CCleaner" = CCleaner
"easyHDR_PRO_2" = easyHDR PRO 2
"eMule" = eMule
"Extensions for Windows" = Extensions for Windows
"Finger Printer Driver_is1" = FPRD 1.7
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"FTDICOMM" = eQ-3 USB Serial Converter Drivers
"ie8" = Windows Internet Explorer 8
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011 Beta
"JPEG Resampler_is1" = JPEG Resampler Vs 5.0
"kikin plugin (Murb.com Edition)" = kikin plugin (Murb.com Edition) 1.11
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mp3tag" = Mp3tag v2.44
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"PanoramaStudio" = PanoramaStudio 1.6 (deinstallieren)
"PhotoFiltre" = PhotoFiltre
"PhotomatixPro3_is1" = Photomatix Pro version 3.0
"PhotomatixPro3Betax32_is1" = Photomatix Pro version 3.2.2
"PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.8
"PowerISO" = PowerISO
"SpeedCommander 13" = SpeedCommander 13
"SystemRequirementsLab" = System Requirements Lab
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Total Uninstall 5 & Power Dream_is1" = Total Uninstall 5.2.0
"Viveza" = Viveza
"VLC media player" = VLC media player 1.0.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WeatherProfessional" = WeatherProfessional
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Messenger Remover" = Windows Messenger Remover 1.0
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 5/14/2010 5:49:04 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating. Details:
This
operation returned because the timeout period expired. (0x800705b4)
Error - 5/14/2010 5:53:10 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating. Details:
This
operation returned because the timeout period expired. (0x800705b4)
Error - 5/14/2010 5:57:31 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating. Details:
This
operation returned because the timeout period expired. (0x800705b4)
Error - 5/14/2010 6:01:37 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating. Details:
This
operation returned because the timeout period expired. (0x800705b4)
Error - 5/14/2010 6:05:49 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating. Details:
This
operation returned because the timeout period expired. (0x800705b4)
Error - 5/14/2010 6:10:08 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating. Details:
This
operation returned because the timeout period expired. (0x800705b4)
Error - 5/14/2010 6:44:58 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating. Details:
This
operation returned because the timeout period expired. (0x800705b4)
Error - 5/14/2010 6:49:11 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating. Details:
This
operation returned because the timeout period expired. (0x800705b4)
Error - 5/14/2010 6:53:31 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating. Details:
This
operation returned because the timeout period expired. (0x800705b4)
Error - 5/14/2010 6:57:44 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating. Details:
This
operation returned because the timeout period expired. (0x800705b4)
[ System Events ]
Error - 4/15/2010 7:38:37 AM | Computer Name = SHUTTLE | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MARMALON-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{B9637D46-9AA5-4D. The master browser is stopping or an election is
being forced.
Error - 4/15/2010 3:28:06 PM | Computer Name = SHUTTLE | Source = Print | ID = 23
Description = Printer Lexmark T630,0 failed to initialize because a suitable Lexmark
T630 driver could not be found.
Error - 4/16/2010 6:37:01 AM | Computer Name = SHUTTLE | Source = Print | ID = 23
Description = Printer Lexmark T630,0 failed to initialize because a suitable Lexmark
T630 driver could not be found.
< End of report >
|
|
16.05.2010, 16:10
| #4 |
| | Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu Ich habe die 3 Files als Datei hochgeladen. Sollte einfacher sein. Gruesse aus Florida Gunther |
|
16.05.2010, 16:31
| #5 |
| /// Selecta Jahrusso | Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu Will mich da jemand verarschen. Florida pff, bei uns hat es Gefühlte 3 Grad  Achja, bitte die Logs nicht anhängen. Danke Lade ComboFix von einem dieser Download-Spiegel herunter: BleepingComputer - ForoSpyware * Wichtig !! Speichere ComboFix auf dem Desktop
 Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:  Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren. Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
16.05.2010, 19:00
| #6 |
| | Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu Ich war erst im Februar wieder in Wien und da war es mir einfach zu kalt. Nun haben wir 28°C  Leider kann ich ComboFix nicht laufen lassen, denn es kommt folgende Fehlermeldung: C:\Documents and Settings\Guenther\Desktop\Combofix.exe This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem. Gruesse gunther |
|
| Themen zu Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu |
| anti-malware, bösartige, dateien, dummheit, ebenfalls, explorer, folge, folgende, gefunde, hallo zusammen, laufen, malwarebytes, malwarebytes' anti-malware, minute, neustart, sache, sachen, service, system, system32, troja, trojaner, version, verzeichnisse, viren, zusammen |
Textbox.
.
Hybrid-Darstellung
