Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Werde TR/Dropper.Gen; TR/Hijacker.Gen; TR/Dldr.Delphi.Gen; PCK/Themida nicht los

Werde TR/Dropper.Gen; TR/Hijacker.Gen; TR/Dldr.Delphi.Gen; PCK/Themida nicht los


Plagegeister aller Art und deren Bekämpfung: Werde TR/Dropper.Gen; TR/Hijacker.Gen; TR/Dldr.Delphi.Gen; PCK/Themida nicht los

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 04.09.2010, 16:43   #1
dazzley
 
Werde TR/Dropper.Gen; TR/Hijacker.Gen; TR/Dldr.Delphi.Gen; PCK/Themida nicht los - Standard

Werde TR/Dropper.Gen; TR/Hijacker.Gen; TR/Dldr.Delphi.Gen; PCK/Themida nicht los


Hallo,

Ich habe vor ein paar Tagen einen Virus eingefangen, der saemtliche .exe Dateien geblockt hat. Ausserdem oeffnete sich nach Neustart immer wieder ein "Antimalware Doctor". Ein Freund hat bereits viel von dem Mist loswerden koennen, aber weiss inzwischen auch nicht mehr weiter, denn die Trojaner TR/Dropper.Gen; TR/Hijacker.Gen; TR/Dldr.Delphi.Gen und PCK/Themida werden zwar vom Malwarebytes gefunden und beseitigt, doch er findet sie immer wieder nach Neustart. Avira findet sie auch staendig von neuem.

Hier die Log files:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4542

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

9/4/2010 5:30:12 PM
mbam-log-2010-09-04 (17-30-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 198735
Laufzeit: 40 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Rogue.Antivirus2010) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Rogue.Antivirus2010) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Documents and Settings\acer\Local Settings\Temporary Internet Files\Content.IE5\5T8WFJOM\cs[1].gif (Extension.Mismatch) -> Quarantined and deleted successfully.
C:\Documents and Settings\acer\Local Settings\Temp\explorer.exe (Trojan.Agent) -> Delete on reboot.OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 9/4/2010 5:51:51 PM - Run 3
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Documents and Settings\acer\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
954.00 Mb Total Physical Memory | 475.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1428 2856 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 65.20 Gb Total Space | 39.81 Gb Free Space | 61.05% Space Free | Partition Type: NTFS
Drive D: | 83.83 Gb Total Space | 42.10 Gb Free Space | 50.22% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ACER-EAC7659744
Current User Name: acer
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.pif [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\uusee\UUSeePlayer.exe" = C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer -- File not found
"C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe" = C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe:*:Enabled:MediaCenter -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program
"{2EEC2A94-7204-45C6-93BB-67EAEB19E4D6}" = Safari
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{400348D1-032F-4717-A840-D52F975C1033}" = Nero 7 Ultra Edition
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56345504-DE57-4528-A18B-A567D1E52928}" = ArcSoft Magic-i Visual Effects
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"2DA959FE3D6F0F5BC313481E72071D510DD786FB" = Windows Driver Package - Intel (w29n51) net  (12/19/2007 9.0.4.39)
"38F88D2FCA130F99EBC52D18D9A01CE4761AF5F2" = Windows Driver Package - Intel (NETw5x32) net  (04/27/2008 12.0.0.73)
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Fences" = Fences
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"PokerStars" = PokerStars
"Tournament Indicator_is1" = Tournament Indicator 1.6.7
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm-Sicherheit Toolbar" = ZoneAlarm-Sicherheit Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 8/28/2010 10:37:17 PM | Computer Name = ACER-EAC7659744 | Source = Bonjour Service | ID = 100
Description = 
 
Error - 8/28/2010 10:37:17 PM | Computer Name = ACER-EAC7659744 | Source = Bonjour Service | ID = 100
Description = 
 
Error - 8/28/2010 10:37:19 PM | Computer Name = ACER-EAC7659744 | Source = Bonjour Service | ID = 100
Description = 
 
Error - 8/28/2010 10:37:19 PM | Computer Name = ACER-EAC7659744 | Source = Bonjour Service | ID = 100
Description = 
 
Error - 8/28/2010 10:37:19 PM | Computer Name = ACER-EAC7659744 | Source = Bonjour Service | ID = 100
Description = 
 
Error - 9/2/2010 1:20:30 PM | Computer Name = ACER-EAC7659744 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\252550.msi is not permitted
 due to an error in software restriction policy processing. The object cannot be
 trusted.
 
Error - 9/2/2010 1:47:21 PM | Computer Name = ACER-EAC7659744 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Program Files\Common Files\Wise Installation
 Wizard\WIS95431C66CF9A4913BFFF6050785AFB65_4_2_24_3011.MSI is not permitted due
 to an error in software restriction policy processing. The object cannot be trusted.
 
Error - 9/2/2010 2:23:01 PM | Computer Name = ACER-EAC7659744 | Source = Application Error | ID = 1000
Description = Faulting application divxupdate.exe, version 1.0.1.10, faulting module
 msvcp80.dll, version 8.0.50727.4053, fault address 0x000100b5.
 
Error - 9/2/2010 4:54:33 PM | Computer Name = ACER-EAC7659744 | Source = Application Hang | ID = 1002
Description = Hanging application GLBEC.tmp, version 9.2.58.0, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 9/3/2010 12:52:15 AM | Computer Name = ACER-EAC7659744 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application fences.exe, version 1.0.0.0, stamp 4ac53277, 
faulting module mscorwks.dll, version 2.0.50727.42, stamp 4333e7ec, debug? 0, fault
 address 0x00095f28.
 
[ System Events ]
Error - 9/3/2010 4:20:55 PM | Computer Name = ACER-EAC7659744 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
 while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring
 the volume.
 
Error - 9/3/2010 4:22:19 PM | Computer Name = ACER-EAC7659744 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   2619acaa
 
Error - 9/3/2010 4:25:02 PM | Computer Name = ACER-EAC7659744 | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
 times on transport \Device\NetBT_Tcpip_{9A9F2411-1245-4713-9C3A-C929A12C10D1}.  The
 backup browser is stopping.
 
Error - 9/4/2010 4:00:35 AM | Computer Name = ACER-EAC7659744 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   2619acaa
 
Error - 9/4/2010 5:32:12 AM | Computer Name = ACER-EAC7659744 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   2619acaa
 
Error - 9/4/2010 5:35:41 AM | Computer Name = ACER-EAC7659744 | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
 times on transport \Device\NetBT_Tcpip_{9A9F2411-1245-4713-9C3A-C929A12C10D1}.  The
 backup browser is stopping.
 
Error - 9/4/2010 10:31:37 AM | Computer Name = ACER-EAC7659744 | Source = NetBT | ID = 4321
Description = The name "WORKGROUP      :1d" could not be registered on the Interface
 with IP address 192.168.2.100.  The machine with the IP address 192.168.2.101 did
 not allow the name to be claimed by  this machine.
 
Error - 9/4/2010 10:36:47 AM | Computer Name = ACER-EAC7659744 | Source = NetBT | ID = 4321
Description = The name "WORKGROUP      :1d" could not be registered on the Interface
 with IP address 192.168.2.100.  The machine with the IP address 192.168.2.101 did
 not allow the name to be claimed by  this machine.
 
Error - 9/4/2010 10:40:07 AM | Computer Name = ACER-EAC7659744 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   2619acaa
 
Error - 9/4/2010 10:43:42 AM | Computer Name = ACER-EAC7659744 | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
 times on transport \Device\NetBT_Tcpip_{9A9F2411-1245-4713-9C3A-C929A12C10D1}.  The
 backup browser is stopping.
 
 
< End of report >
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 9/4/2010 5:51:51 PM - Run 3
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Documents and Settings\acer\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
954.00 Mb Total Physical Memory | 475.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1428 2856 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 65.20 Gb Total Space | 39.81 Gb Free Space | 61.05% Space Free | Partition Type: NTFS
Drive D: | 83.83 Gb Total Space | 42.10 Gb Free Space | 50.22% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ACER-EAC7659744
Current User Name: acer
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\acer\Local Settings\Temp\explorer.exe ()
PRC - C:\Documents and Settings\acer\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd)
PRC - C:\WINDOWS\system32\BRSS01A.EXE (brother Industries Ltd)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Documents and Settings\acer\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\logoethc.dll ()
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (COMSysAppCOMSysApp) -- C:\WINDOWS\System32\4318_0312_Update32Ds.exe File not found
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AgereModemAudio) -- C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)
SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (igfx) -- C:\WINDOWS\System32\DRIVERS\igdkmd32.sys File not found
DRV - (AR5211) -- C:\WINDOWS\System32\DRIVERS\ar5211.sys File not found
DRV - (2619acaa) -- C:\WINDOWS\System32\drivers\2619acaa.sys File not found
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (JMCR) -- C:\WINDOWS\system32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (ArcSoftKsUFilter) -- C:\WINDOWS\system32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.)
DRV - (DKbFltr) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS (Dritek System Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.live.com/sphome.aspx
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://shop.thefreevpn.com/home.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "Hotspot Shield Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..keyword.URL: ""
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 81
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 81
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 81
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/30 19:06:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/03 15:08:29 | 000,000,000 | ---D | M]
 
[2009/04/06 14:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\acer\Application Data\Mozilla\Extensions
[2009/04/06 14:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\acer\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/07/28 03:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\ckxf2qet.default\extensions
[2009/10/27 16:51:11 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\ckxf2qet.default\searchplugins\askcom.xml
[2009/12/05 20:36:50 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\ckxf2qet.default\searchplugins\bing.xml
[2009/07/01 08:20:48 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\ckxf2qet.default\searchplugins\conduit.xml
[2010/09/04 11:26:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
 
O1 HOSTS File: ([2010/09/02 22:14:55 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Titan Poker - {49783ed4-258d-4f9f-be11-137c18d3e543} - C:\Poker\Titan Poker\casino.exe File not found
O9 - Extra 'Tools' menuitem : Titan Poker - {49783ed4-258d-4f9f-be11-137c18d3e543} - C:\Poker\Titan Poker\casino.exe File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\acer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\acer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (digiwet.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/27 03:43:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{54434b64-76bb-11df-a7c1-001eecca6608}\Shell - "" = AutoRun
O33 - MountPoints2\{54434b64-76bb-11df-a7c1-001eecca6608}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{54434b64-76bb-11df-a7c1-001eecca6608}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: savesfc - (C:\WINDOWS\logoethc.dll) - C:\WINDOWS\logoethc.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/09/04 15:24:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\acer\Desktop\MFTools
[2010/09/04 11:23:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\acer\Recent
[2010/09/03 20:34:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/03 20:34:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/03 15:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/09/03 15:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/09/03 15:08:29 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/09/03 15:08:29 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/09/03 15:08:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/09/03 15:08:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/09/02 22:49:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/09/02 22:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/09/02 22:47:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\acer\Application Data\Avira
[2010/09/02 22:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\acer\Local Settings\Application Data\ZoneAlarm-Sicherheit
[2010/09/02 22:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm-Sicherheit
[2010/09/02 22:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/09/02 22:47:24 | 000,046,592 | ---- | C] (Zone Labs Inc.) -- C:\WINDOWS\System32\vsutil_loc0407.dll
[2010/09/02 22:47:23 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2010/09/02 22:47:21 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2010/09/02 22:47:21 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2010/09/02 22:47:17 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2010/09/02 22:47:15 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2010/09/02 22:47:15 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2010/09/02 22:47:15 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2010/09/02 22:47:15 | 000,107,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2010/09/02 22:47:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/09/02 22:47:13 | 000,532,224 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2010/09/02 22:47:12 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/09/02 22:46:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/09/02 22:46:38 | 000,713,728 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2010/09/02 22:46:38 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2010/09/02 22:46:38 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2010/09/02 22:42:04 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/09/02 22:42:02 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/09/02 22:42:02 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/09/02 22:42:02 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/09/02 22:42:01 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/09/02 22:42:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/09/02 22:16:29 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stu2.exe
[2010/09/02 20:05:33 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/09/02 19:47:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/09/02 19:30:07 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/08/31 18:50:13 | 001,090,952 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\acer\My Documents\herbert.exe
[2010/08/30 23:05:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/08/30 22:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/30 21:00:19 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/08/30 01:36:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\acer\Local Settings\Application Data\jglwodywa
[2010/08/30 01:36:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\acer\Local Settings\Application Data\Windows Server
[2010/08/17 21:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/17 21:12:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/17 21:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010/09/04 17:44:01 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1177238915-1417001333-1003UA.job
[2010/09/04 17:30:29 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ktipror.sys
[2010/09/04 16:43:45 | 000,404,004 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/04 16:43:44 | 000,475,292 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/04 16:43:44 | 000,063,526 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/04 16:38:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/04 16:38:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/04 16:37:54 | 005,242,880 | ---- | M] () -- C:\Documents and Settings\acer\NTUSER.DAT
[2010/09/04 16:37:37 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\acer\ntuser.ini
[2010/09/03 22:44:03 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1177238915-1417001333-1003Core.job
[2010/09/03 20:34:36 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/02 22:55:09 | 000,426,779 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/09/02 22:47:33 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/09/02 22:47:32 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\acer\Desktop\ZoneAlarm Security.lnk
[2010/09/02 22:42:20 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/09/02 22:29:16 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\acer\Desktop\CCleaner.lnk
[2010/09/02 22:08:04 | 000,046,592 | -H-- | M] () -- C:\WINDOWS\logoethc.dll
[2010/09/02 22:07:42 | 000,046,592 | -H-- | M] () -- C:\WINDOWS\System32\logoethc.dll
[2010/09/02 21:29:26 | 004,318,532 | -H-- | M] () -- C:\Documents and Settings\acer\Local Settings\Application Data\IconCache.db
[2010/08/31 18:48:00 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\acer\My Documents\herbert.exe
[2010/08/30 23:40:24 | 000,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/30 23:40:24 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/30 23:40:24 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/08/30 01:48:02 | 000,002,786 | ---- | M] () -- C:\WINDOWS\lsrslt.ini
[2010/08/30 01:41:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/30 01:37:39 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010/08/30 01:30:24 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/26 13:56:13 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/26 13:28:26 | 000,000,830 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/08/26 13:28:26 | 000,000,053 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2010/08/26 13:23:00 | 000,000,040 | ---- | M] () -- C:\WINDOWS\BO5140.INI
[2010/08/26 13:22:35 | 000,000,030 | ---- | M] () -- C:\WINDOWS\System32\brss01a.ini
[2010/08/26 13:22:34 | 000,000,184 | ---- | M] () -- C:\WINDOWS\System32\brsvc01a.bsi
[2010/08/24 20:49:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/13 19:14:13 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\acer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010/09/04 17:30:29 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ktipror.sys
[2010/09/03 20:34:36 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/02 22:47:33 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/09/02 22:47:32 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\acer\Desktop\ZoneAlarm Security.lnk
[2010/09/02 22:47:13 | 000,426,779 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/09/02 22:42:20 | 000,001,711 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/09/02 22:29:16 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\acer\Desktop\CCleaner.lnk
[2010/09/02 22:08:04 | 000,046,592 | -H-- | C] () -- C:\WINDOWS\logoethc.dll
[2010/09/02 22:07:42 | 000,046,592 | -H-- | C] () -- C:\WINDOWS\System32\logoethc.dll
[2010/08/30 01:48:01 | 000,002,786 | ---- | C] () -- C:\WINDOWS\lsrslt.ini
[2010/08/30 01:37:29 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010/08/26 13:23:00 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BO5140.INI
[2010/08/26 13:22:35 | 000,000,830 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/08/26 13:22:35 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2010/08/26 13:22:34 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\brsvc01a.bsi
[2010/08/26 13:22:34 | 000,000,053 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/08/14 13:04:54 | 000,004,985 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ojvzdisj.xda
[2009/07/26 16:13:55 | 000,000,204 | ---- | C] () -- C:\WINDOWS\struct~.ini
[2009/05/17 06:10:20 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\acer\Local Settings\Application Data\fusioncache.dat
[2009/02/04 11:50:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsis_loader.dll
[2009/01/05 09:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/11/16 10:56:04 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\acer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/03 15:34:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Pool.INI
[2008/10/13 03:35:48 | 000,037,776 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/10/09 23:48:46 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\INT14PPP.dll
[2008/10/09 23:48:46 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\UTL10PPP.dll
[2008/09/28 04:29:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/28 04:19:51 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2008/09/28 03:50:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/28 00:33:15 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4950.dll
[2008/09/28 00:12:13 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\Desktop_.ini
[2008/09/17 11:27:04 | 000,093,680 | ---- | C] () -- C:\WINDOWS\System32\gtapi_pack.dll
[2007/11/02 01:53:34 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/11/02 01:43:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/09/13 13:06:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\gtapi.dll
[2005/02/17 20:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 20:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2003/01/08 00:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 21:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2008/12/19 12:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\acer\Application Data\ACD Systems
[2009/08/01 13:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\acer\Application Data\funkitron
[2010/01/07 00:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\acer\Application Data\LimeWire
[2010/03/03 16:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\acer\Application Data\NotMyIp
[2009/05/08 17:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\acer\Application Data\PokerAcademyPro2
[2009/10/19 15:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\acer\Application Data\Stardock
[2009/12/24 11:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\acer\Application Data\Uniblue
[2010/09/01 22:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\acer\Application Data\uTorrent
[2008/09/28 00:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broadcom
[2008/09/28 04:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/05/08 17:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PokerAcademyPro2
[2009/08/17 10:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/17 21:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/25 07:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/19 15:44:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\acer\My Documents\herbert.exe:SummaryInformation
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
--- --- ---
Geändert von dazzley (04.09.2010 um 16:54 Uhr)

 

Themen zu Werde TR/Dropper.Gen; TR/Hijacker.Gen; TR/Dldr.Delphi.Gen; PCK/Themida nicht los
0 bytes, 0xc0000001, agere systems, alternate, ask toolbar, ask.com, avgntflt.sys, avira, bho, bonjour, browser, components, conduit, desktop, error, extension.mismatch, failed, firefox, firefox.exe, format, google, google chrome, hotspot, hotspot shield, iastor.sys, installation, launch, limewire, location, log files, logfile, loswerden, mozilla, msiinstaller, neustart., object, oldtimer, otl.exe, plug-in, realtek, registry, rundll, saver, sched.exe, searchplugins, security, server, shell32.dll, software, system, system restore, trojaner, virus, virus eingefangen


« arusb.sys / Blauerbildschirm und Fehlermeldung | Mein email Account schickt Spammails »


Ähnliche Themen: Werde TR/Dropper.Gen; TR/Hijacker.Gen; TR/Dldr.Delphi.Gen; PCK/Themida nicht los


  1. Hijacker deaktivier Taskmanager und Registry-Editor - Hijacker nicht entfernbar
    Plagegeister aller Art und deren Bekämpfung - 17.08.2010 (2)
  2. Maleware gefundenDR/Delphi.Gen' [dropper] Trojanerdownloader gefunden.
    Log-Analyse und Auswertung - 12.04.2010 (0)
  3. ich werde den trojaner dropper.gen nicht los
    Plagegeister aller Art und deren Bekämpfung - 25.02.2010 (5)
  4. explorer.exe startet nicht richtig - TR/dldr zlob gen 2 /TR dropper gen und xpack
    Log-Analyse und Auswertung - 08.10.2009 (43)
  5. Trojaner TR/Bandok, Verdacht auf DR/Delphi.Gen (Dropper)
    Plagegeister aller Art und deren Bekämpfung - 09.05.2009 (1)
  6. Tr/Hijacker.Gen & Tr/Dropper.Gen
    Log-Analyse und Auswertung - 19.04.2009 (10)
  7. Werde Hijacker nicht los
    Log-Analyse und Auswertung - 27.02.2009 (9)
  8. Spyware.Possible_Website_Hijack + TR/Dropper.Gen + Trojan-Zlob!sd5 + DR/Delphi.Gen
    Plagegeister aller Art und deren Bekämpfung - 22.02.2009 (24)
  9. dropper.gen/hijacker.gen/vundo.gen
    Mülltonne - 20.12.2008 (0)
  10. antivirus xp 2008 - wie werde ich den browser-hijacker los?
    Plagegeister aller Art und deren Bekämpfung - 22.09.2008 (3)
  11. Werde TR/Dldr.Bagle.NL nicht los
    Plagegeister aller Art und deren Bekämpfung - 19.04.2008 (2)
  12. werde diesen Tr/dldr.agent.11776 nicht los!!
    Mülltonne - 30.06.2007 (1)
  13. Werde Hijacker nicht los
    Log-Analyse und Auswertung - 21.08.2006 (6)
  14. Hijacker - wie werde ich sie wieder los
    Log-Analyse und Auswertung - 26.12.2005 (14)
  15. Werde about:blank hijacker nicht los: könnt Ihr bitte mal mein HJT Log checken?
    Log-Analyse und Auswertung - 24.12.2005 (2)
  16. Werde IE.hijacker nicht los
    Log-Analyse und Auswertung - 28.06.2004 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Werde TR/Dropper.Gen; TR/Hijacker.Gen; TR/Dldr.Delphi.Gen; PCK/Themida nicht los - Hallo, Ich habe vor ein paar Tagen einen Virus eingefangen, der saemtliche .exe Dateien geblockt hat. Ausserdem oeffnete sich nach Neustart immer wieder ein "Antimalware Doctor". Ein Freund hat bereits - Werde TR/Dropper.Gen; TR/Hijacker.Gen; TR/Dldr.Delphi.Gen; PCK/Themida nicht los...
Archiv
Du betrachtest: Werde TR/Dropper.Gen; TR/Hijacker.Gen; TR/Dldr.Delphi.Gen; PCK/Themida nicht los auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19