Maus bewegt sich von alleine

randomname · 12.09.2010, 13:39

UPDATE siehe unten

seit ca. einer halben stunde bis stunde bewegt sich mein mauszeiger von alleine, immer nur nach oben und rechts..er hört auch beim ausstecken des mauskabels sowie internetkabels nicht auf, klickt aber zumindest nichts an..
weiß nicht, ob das nen virus oder so als grund haben muss, bin über jegliche hilfe zur behebung dankbar..

trotzdem mal der hjt-log:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:29:54, on 12.09.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Archivos de programa\Hotspot Shield\bin\openvpnas.exe
C:\Archivos de programa\Avira\AntiVir Desktop\avshadow.exe
C:\Archivos de programa\Hotspot Shield\HssWPR\hsssrv.exe
C:\Archivos de programa\Hotspot Shield\bin\hsswd.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Archivos de programa\DivX\DivX Update\DivXUpdate.exe
C:\Archivos de programa\MirandaFusion\miranda32.exe
C:\Archivos de programa\Logitech\SetPoint\SetPoint.exe
C:\Documents and Settings\***\Menú Inicio\Programas\Inicio\etmin.exe
C:\Archivos de programa\Archivos comunes\Logishrd\KHAL2\KHALMNPR.EXE
C:\Archivos de programa\MirandaFusion\mfwd.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Archivos comunes\Java\Java Update\jucheck.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\***\Mis documentos\Downloads\HiJackThis204.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Archivos de programa\vShare\vshare_toolbar.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Archivos de programa\DVDVideoSoftTB\tbDVD1.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Archivos de programa\DVDVideoSoft\tbDVD1.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Archivos de programa\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Archivos de programa\DVDVideoSoftTB\tbDVD1.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Archivos de programa\DVDVideoSoft\tbDVD1.dll
O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Archivos de programa\vShare\vshare_toolbar.dll (file missing)
O4 - HKLM\..\Run: [StartCCC] C:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [avgnt] "C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Archivos de programa\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Archivos de programa\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [Miranda Fusion] C:\Archivos de programa\MirandaFusion\mfstart.exe
O4 - HKCU\..\Run: [Skype] "C:\Archivos de programa\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: etmin.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Archivos de programa\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Archivos de programa\vShare\vshare_toolbar.dll (file missing)
O22 - SharedTaskScheduler: Precargador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demonio de caché de las categorías de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Archivos de programa\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Archivos de programa\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Archivos de programa\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Archivos de programa\Hotspot Shield\bin\hsswd.exe
O23 - Service: Servicio COM de grabación de CD de IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Archivos de programa\Archivos comunes\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
 
--
End of file - 9885 bytes

kurz zuvor noch ein antivir-fund, bei dem ich auf 'entfernen' geklickt habe, allerdings wird bei ereignis angezeigt:
Die Datei 'C:\Archivos de programa\vShare\Uninstall.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Agent.118784.CN' [trojan].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004.
Die Quelldatei konnte nicht gefunden werden.
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
Fehler in der ARK Library.

den ordner 'vShare' habe ich inzwischen manuell gelöscht, deswegen im log wohl das 'file missing'

__________________________________
hab in google inzwischen die lösung gefunden, dass im hardware-manager 2 mäuse registriert sind und dass es daran liegen kann->war bei mir so..
lass es wegen der antivir-meldung aber noch offen, weil das vshare auch ganz verschwinden soll, und außerdem die frage, wie kommt es dazu, dass plötzlich mehrere mäuse registriert sind?
__________________________________
doch noch mehr, grad kamen auf einmal 5 viren-meldungen auf einmal, allesamt in den temporeren konfigurations- und internet-ordnern eines pc-mitbenutzers:

sind jetzt in quarantände, reicht das?
__________________________________
und gleich nochmal 11 neue, diesmal aber mit namen, die nicht wirklich passen(betriebsystem, securityhelper, securitycenter, desktop security 2010, taskmgr)(alle beim selben mitbenutzer):

was ist da los?

hab mbam-scan gemacht->55objekte, alle beim mitbenutzer

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
 
Datenbank Version: 4599
 
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
 
12.09.2010 15:40:39
mbam-log-2010-09-12 (15-40-39).txt
 
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 223481
Laufzeit: 47 Minute(n), 16 Sekunde(n)
 
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 55
 
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien:
C:\Documents and Settings\***\Configuración local\Archivos temporales de Internet\Content.IE5\G5IVWXAZ\update[1].exe (Trojan.Vilsel) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\ArtsAutoRunGUI.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\m.2159.tmp.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\pdfupd.exe (Trojan.Vilsel) -> No action taken.
C:\Documents and Settings\***\Datos de programa\Desktop Security\securitycenter.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\***\Datos de programa\Desktop Security\securityhelper.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\***\Datos de programa\ICQ\Application\ICQ7.2\tbdiagTalkback.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\***\Datos de programa\ICQ\Application\ICQ7.2\install_dll\MoveItMoveIt.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\***\Datos de programa\InstallShield Installation Information\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\Setup2kiKernel.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\***\Datos de programa\MSA\baka10.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\***\Escritorio\MicrosoftBetriebssystem.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\***\Mis documentos\DVDVideoSoft\FreeYouTubeToMP3Converter\BlumentopfDeutschlandAustralien.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\***\Datos de programa\MSA\w2_0.exe (Rogue.MSAntiVirus) -> No action taken.
C:\Documents and Settings\***\Menú Inicio\Programas\Desktop Security.LNK (Rogue.DesktopSecurity) -> No action taken.
C:\Documents and Settings\***\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Desktop Security.LNK (Rogue.DesktopSecurity) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\02c9c3c35bdx5.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\17dkf.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\472a10e2ebxd9.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\56493.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\8gmsed-bd.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\ae0965a7157cd.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\al3erfa3.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\alerfa.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\backd-efq.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\bzqa43d.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\cocksucker.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\cosock.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\cunifuc.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\dd10x10.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\ddoll3342.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\dkfjd93.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\ds7hw.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\eelnvd13.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\eephilpe.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\exppdf_w.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\gedx_ae09.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\gpupz2a.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\hardwh.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\hhbboll_2.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\hodeme.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\hvipws9.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\jdhellwo3.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\jofcdks.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\kilslmd.exex (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\kjdh_gf_jjdhgd.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\lorsk.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\ppddfcfux.exxe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\pswwg3c.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\qwedvor.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\qwklrvjhqlkj.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\r0life.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\test.exe (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\wqefqw7e.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\wrcud12.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\***\Configuración local\temp\wrfwe_di.exe (Trojan.Downloader) -> No action taken.

werd jetzt alle entfernen

könnte mir jemand sagen, ob das schon reicht, um den pc wieder komplett frei zu haben oder noch etwas getan werden muss?
seitdem gab es diesen fund:

Code:

ATTFilter

Die Datei 'C:\System Volume Information\_restore{75000BA1-260A-498C-9371-C7C562B71BF0}\RP136\A0051218.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Dldr.Katusha.A' [trojan].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004.
Die Quelldatei konnte nicht gefunden werden.
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
Fehler in der ARK Library.
Die Datei wurde zum Löschen nach einem Neustart markiert.

habe aber gehört, dass die datei wegen dem '_restore' nicht mehr existiert!?

Swisstreasure · 12.09.2010, 21:33

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Minimal-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

Schritt 2

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.
Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.

Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
Gmer startet automatisch einen ersten Scan.

Sollte sich ein Fenster mit folgender Warnung öffnen:

Code:

ATTFilter

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

Unbedingt auf "No" klicken,
in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

.
Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
Wichtig: "Show all" darf nicht angehakt sein!
Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
Wenn der Scan fertig ist, bleibt die Zeile leer.
Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

randomname · 12.09.2010, 22:17

Code:

ATTFilter

OTL logfile created on: 12.09.2010 22:59:01 - Run 1
OTL by OldTimer - Version 3.2.12.0     Folder = C:\Documents and Settings\***\Mis documentos\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Alemania | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 499,00 Mb Available Physical Memory | 49,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 232,88 Gb Total Space | 204,35 Gb Free Space | 87,75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-BA2FC4FF51
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.09.12 22:58:05 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\***\Mis documentos\Downloads\OTL.exe
PRC - [2010.09.09 20:38:37 | 000,923,096 | ---- | M] (Mozilla Corporation) -- C:\Archivos de programa\Mozilla Firefox\firefox.exe
PRC - [2010.09.01 08:39:18 | 001,164,584 | ---- | M] () -- C:\Archivos de programa\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.07.27 02:00:06 | 000,247,808 | ---- | M] () -- C:\Archivos de programa\Hotspot Shield\bin\openvpnas.exe
PRC - [2010.07.09 21:04:34 | 003,493,776 | ---- | M] (Xfire Inc.) -- C:\Archivos de programa\Xfire\Xfire.exe
PRC - [2010.06.23 04:48:08 | 000,322,608 | ---- | M] () -- C:\Archivos de programa\Hotspot Shield\bin\hsswd.exe
PRC - [2010.06.23 04:48:00 | 000,348,208 | ---- | M] (AnchorFree Inc.) -- C:\Archivos de programa\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2010.05.04 14:44:44 | 019,161,088 | ---- | M] (Stripf Software) -- C:\Archivos de programa\HLSW\hlsw.exe
PRC - [2010.05.01 15:36:50 | 000,970,850 | ---- | M] ( ) -- C:\Archivos de programa\MirandaFusion\miranda32.exe
PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.22 19:22:50 | 000,338,195 | ---- | M] (Miranda Fusion Team) -- C:\Archivos de programa\MirandaFusion\mfwd.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
PRC - [2010.02.18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Archivos comunes\Java\Java Update\jucheck.exe
PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.08.16 23:00:56 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\***\Menú Inicio\Programas\Inicio\etmin.exe
PRC - [2009.07.20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Archivos de programa\Logitech\SetPoint\SetPoint.exe
PRC - [2009.07.10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Archivos de programa\Archivos comunes\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008.10.17 10:39:50 | 002,810,880 | ---- | M] (mIRC Co. Ltd.) -- C:\Archivos de programa\Gamers.IRC\mirc.exe
PRC - [2006.07.13 16:59:48 | 000,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2006.07.13 16:59:32 | 000,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2006.04.03 18:04:02 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
PRC - [2005.01.25 06:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAAE.EXE
PRC - [2004.09.14 19:41:42 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.09.12 22:58:05 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\***\Mis documentos\Downloads\OTL.exe
MOD - [2010.07.09 21:04:44 | 000,970,640 | ---- | M] (Xfire Inc.) -- C:\Archivos de programa\Xfire\xfire_toucan_43094.dll
MOD - [2009.07.20 12:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Archivos de programa\Logitech\SetPoint\lgscroll.dll
MOD - [2009.07.20 12:25:22 | 000,064,016 | ---- | M] (Logitech, Inc.) -- C:\Archivos de programa\Logitech\SetPoint\GameHook.dll
MOD - [2009.07.12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2004.09.14 19:54:48 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2004.09.14 19:45:59 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004.09.14 19:39:40 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2003.02.21 04:42:22 | 000,348,160 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010.07.27 02:00:06 | 000,247,808 | ---- | M] () [Auto | Running] -- C:\Archivos de programa\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010.07.27 00:41:20 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Archivos de programa\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010.06.23 04:48:08 | 000,322,608 | ---- | M] () [Auto | Running] -- C:\Archivos de programa\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010.06.23 04:48:00 | 000,348,208 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Archivos de programa\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2006.07.13 16:59:48 | 000,131,131 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006.07.13 16:59:32 | 000,065,599 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006.04.03 18:04:02 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\***\CONFIG~1\Temp\catchme.sys -- (catchme)
DRV - [2010.09.12 21:58:44 | 000,138,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2010.06.23 04:48:00 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2010.06.23 04:47:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010.06.08 17:16:26 | 006,056,040 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.11.18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.06.17 18:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.06.17 18:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009.06.17 18:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007.06.07 04:52:04 | 002,155,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.11.08 21:19:18 | 000,004,544 | ---- | M] (SweetLow) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidusbf.sys -- (hidusbf)
DRV - [2006.07.11 15:38:30 | 000,020,480 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.07.11 15:38:28 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.06.28 11:38:56 | 000,105,088 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006.06.18 23:37:40 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005.11.03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005.01.07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004.08.04 00:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2001.08.17 23:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001.08.17 22:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-854245398-776561741-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b5\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2010.09.09 20:38:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b5\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2010.07.07 16:22:43 | 000,000,000 | ---D | M]
 
[2010.05.07 12:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Datos de programa\Mozilla\Extensions
[2010.08.18 16:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Datos de programa\Mozilla\Firefox\Profiles\khkck2g0.default\extensions
[2010.05.07 15:38:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\***\Datos de programa\Mozilla\Firefox\Profiles\khkck2g0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.18 14:40:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\***\Datos de programa\Mozilla\Firefox\Profiles\khkck2g0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.07.29 12:41:02 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Mozilla Firefox\extensions
[2010.07.29 12:41:03 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Archivos de programa\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.05.15 19:05:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.09 20:38:52 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Mozilla Firefox\extensions\testpilot@labs.mozilla.com
[2010.09.09 20:38:37 | 000,136,664 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\Mozilla Firefox\components\browsercomps.dll
[2010.05.15 19:05:08 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Mozilla Firefox\plugins\npdeployJava1.dll
 
O1 HOSTS File: ([2010.07.27 17:08:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Archivos de programa\vShare\vshare_toolbar.dll File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Archivos de programa\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Archivos de programa\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Archivos de programa\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Archivos de programa\vShare\vshare_toolbar.dll File not found
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Archivos de programa\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Archivos de programa\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-854245398-776561741-725345543-1004\..\Toolbar\ShellBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Archivos de programa\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-854245398-776561741-725345543-1004\..\Toolbar\ShellBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Archivos de programa\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-854245398-776561741-725345543-1004\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Archivos de programa\vShare\vshare_toolbar.dll File not found
O3 - HKU\S-1-5-21-854245398-776561741-725345543-1004\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Archivos de programa\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-854245398-776561741-725345543-1004\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Archivos de programa\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Archivos de programa\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Archivos de programa\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-854245398-776561741-725345543-1004..\Run: [Miranda Fusion] C:\Archivos de programa\MirandaFusion\mfstart.exe (Miranda Fusion Team)
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Logitech SetPoint.lnk = C:\Archivos de programa\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Benutzer\Menú Inicio\Programas\Inicio\OpenOffice.org 3.2.lnk = C:\Archivos de programa\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\***\Menú Inicio\Programas\Inicio\etmin.exe ()
O4 - Startup: C:\Documents and Settings\###\Menú Inicio\Programas\Inicio\OpenOffice.org 3.2.lnk = C:\Archivos de programa\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-854245398-776561741-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-854245398-776561741-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-854245398-776561741-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-854245398-776561741-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Archivos comunes\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Archivos de programa\vShare\vshare_toolbar.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\archivos de programa\archivos comunes\logishrd\bluetooth\LBTWlgn.dll - c:\Archivos de programa\Archivos comunes\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Felicidad.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Felicidad.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.05.04 23:26:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.12 22:30:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010.09.12 21:57:51 | 000,000,000 | ---D | C] -- C:\avrescue
[2010.09.12 14:17:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\***\Recent
[2010.08.31 01:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Escritorio\handy
[2010.08.29 16:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Datos de programa\vShare
[2010.08.27 22:31:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Mis documentos\cfg
[2010.08.27 22:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Mis documentos\maps
[2010.08.26 11:35:31 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
[2010.08.26 11:35:28 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Hotspot Shield
[2010.08.23 21:59:38 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Lavalys
[2010.08.23 16:27:05 | 000,444,952 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010.08.23 16:27:05 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2010.08.23 15:07:49 | 000,000,000 | ---D | C] -- C:\Archivos de programa\TrackMania Nations ESWC
[2010.08.21 17:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Datos de programa\id Software
[2010.08.21 17:56:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\id Software
[2010.08.19 02:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Escritorio\10-6_xp32_dd_ccc_enu
[2010.08.19 02:14:07 | 000,000,000 | ---D | C] -- C:\Archivos de programa\MobilityDotNET
[2010.08.18 17:13:00 | 000,756,736 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ir41_32.dll
[2010.08.18 16:43:26 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Microsoft Games
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.12 23:00:47 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\***\NTUSER.DAT
[2010.09.12 21:58:44 | 000,138,608 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.09.12 21:58:35 | 000,234,576 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010.09.12 15:47:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.12 15:47:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.12 15:46:28 | 000,000,192 | -HS- | M] () -- C:\Documents and Settings\***\ntuser.ini
[2010.09.12 15:20:42 | 000,031,158 | ---- | M] () -- C:\Documents and Settings\***\Escritorio\5.JPG
[2010.09.12 14:18:41 | 004,808,756 | -H-- | M] () -- C:\Documents and Settings\***\Configuración local\Datos de programa\IconCache.db
[2010.09.11 16:32:00 | 000,040,724 | ---- | M] () -- C:\Documents and Settings\***\Mis documentos\n19777360534_1170727_8707.jpg
[2010.09.11 16:31:50 | 000,034,405 | ---- | M] () -- C:\Documents and Settings\***\Mis documentos\n19777360534_1170724_7945.jpg
[2010.09.11 16:31:30 | 000,025,101 | ---- | M] () -- C:\Documents and Settings\***\Mis documentos\n19777360534_1170719_6696.jpg
[2010.09.11 16:30:58 | 000,053,949 | ---- | M] () -- C:\Documents and Settings\***\Mis documentos\n19777360534_1170711_5031.jpg
[2010.09.11 00:17:38 | 006,862,218 | ---- | M] () -- C:\Documents and Settings\***\Mis documentos\hihihi.mp4
[2010.09.10 20:56:31 | 002,529,802 | ---- | M] () -- C:\Documents and Settings\***\Mis documentos\scarlett.gif
[2010.09.10 18:33:28 | 000,065,498 | ---- | M] () -- C:\Documents and Settings\***\Escritorio\bild.jpg
[2010.09.10 13:29:28 | 000,092,637 | ---- | M] () -- C:\Documents and Settings\***\Mis documentos\cathedral-pk3.jpg
[2010.09.09 15:17:21 | 000,000,627 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Opera.lnk
[2010.09.09 13:36:33 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.28 18:38:57 | 000,036,013 | ---- | M] () -- C:\Documents and Settings\***\Escritorio\uni.pdf
[2010.08.28 16:18:03 | 000,013,027 | ---- | M] () -- C:\Documents and Settings\***\Mis documentos\0.jpg
[2010.08.28 01:32:12 | 000,085,795 | ---- | M] () -- C:\Documents and Settings\***\Escritorio\kutsch.JPG
[2010.08.27 22:18:41 | 000,014,750 | ---- | M] () -- C:\Documents and Settings\***\Escritorio\etconfig.cfg
[2010.08.25 02:50:31 | 011,416,364 | ---- | M] () -- C:\Documents and Settings\***\Mis documentos\ts3_recording_10_08_25_2_49_20.wav
[2010.08.24 03:08:45 | 000,076,085 | ---- | M] () -- C:\Documents and Settings\***\Escritorio\razz.JPG
[2010.08.23 16:27:05 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010.08.23 16:27:05 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2010.08.21 17:56:02 | 002,373,712 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2010.08.19 02:18:41 | 000,133,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.19 02:14:16 | 000,022,776 | ---- | M] () -- C:\Documents and Settings\***\Configuración local\Datos de programa\GDIPFONTCACHEV1.DAT
[2010.08.18 16:51:46 | 000,000,972 | ---- | M] () -- C:\Documents and Settings\***\Escritorio\Acceso directo a EMPIRES2.lnk
[2010.08.18 04:54:45 | 000,053,553 | ---- | M] () -- C:\Documents and Settings\***\Mis documentos\comparison2.png
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.12 15:40:45 | 000,007,338 | ---- | C] () -- C:\Documents and Settings\***\mbam-log-2010-09-12 (15-40-39).txt
[2010.09.12 15:14:37 | 000,031,158 | ---- | C] () -- C:\Documents and Settings\***\Escritorio\5.JPG
[2010.09.11 16:32:00 | 000,040,724 | ---- | C] () -- C:\Documents and Settings\***\Mis documentos\n19777360534_1170727_8707.jpg
[2010.09.11 16:31:50 | 000,034,405 | ---- | C] () -- C:\Documents and Settings\***\Mis documentos\n19777360534_1170724_7945.jpg
[2010.09.11 16:31:30 | 000,025,101 | ---- | C] () -- C:\Documents and Settings\***\Mis documentos\n19777360534_1170719_6696.jpg
[2010.09.11 16:30:58 | 000,053,949 | ---- | C] () -- C:\Documents and Settings\***\Mis documentos\n19777360534_1170711_5031.jpg
[2010.09.11 00:17:32 | 006,862,218 | ---- | C] () -- C:\Documents and Settings\***\Mis documentos\hihihi.mp4
[2010.09.10 20:56:31 | 002,529,802 | ---- | C] () -- C:\Documents and Settings\***\Mis documentos\scarlett.gif
[2010.09.10 18:33:27 | 000,065,498 | ---- | C] () -- C:\Documents and Settings\***\Escritorio\bild.jpg
[2010.09.10 13:29:27 | 000,092,637 | ---- | C] () -- C:\Documents and Settings\***\Mis documentos\cathedral-pk3.jpg
[2010.09.09 15:17:21 | 000,000,627 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Opera.lnk
[2010.08.28 18:38:57 | 000,036,013 | ---- | C] () -- C:\Documents and Settings\***\Escritorio\uni.pdf
[2010.08.28 16:18:02 | 000,013,027 | ---- | C] () -- C:\Documents and Settings\***\Mis documentos\0.jpg
[2010.08.28 01:32:11 | 000,085,795 | ---- | C] () -- C:\Documents and Settings\***\Escritorio\kutsch.JPG
[2010.08.25 02:49:23 | 011,416,364 | ---- | C] () -- C:\Documents and Settings\***\Mis documentos\ts3_recording_10_08_25_2_49_20.wav
[2010.08.24 03:08:45 | 000,076,085 | ---- | C] () -- C:\Documents and Settings\***\Escritorio\razz.JPG
[2010.08.23 01:49:15 | 000,108,072 | ---- | C] () -- C:\Documents and Settings\***\Mis documentos\fuck_the_police.jpg
[2010.08.21 17:56:02 | 002,373,712 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010.08.19 17:50:11 | 000,053,553 | ---- | C] () -- C:\Documents and Settings\***\Mis documentos\comparison2.png
[2010.08.18 16:50:49 | 000,000,972 | ---- | C] () -- C:\Documents and Settings\***\Escritorio\Acceso directo a EMPIRES2.lnk
[2010.08.18 01:56:28 | 000,027,676 | ---- | C] () -- C:\Documents and Settings\***\Mis documentos\Lion of Judah.jpg
[2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010.06.18 03:32:48 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\***\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.12 17:11:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Editor.INI
[2010.05.07 19:27:33 | 000,138,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.05.05 00:31:43 | 000,003,700 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010.05.05 00:31:42 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004.09.14 19:49:24 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2010.08.21 17:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\id Software
[2010.05.12 20:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Last.fm
[2010.05.18 15:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Sports Interactive
[2010.06.07 20:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benutzer\Datos de programa\OpenOffice.org
[2010.05.05 22:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benutzer\Datos de programa\Opera
[2010.05.24 11:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benutzer\Datos de programa\Sports Interactive
[2010.05.10 14:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Datos de programa\gtk-2.0
[2010.09.12 21:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Datos de programa\HLSW
[2010.08.21 17:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Datos de programa\id Software
[2010.07.24 12:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Datos de programa\Leadertech
[2010.05.10 14:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Datos de programa\Miranda Fusion
[2010.07.21 01:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Datos de programa\NoNameScript
[2010.05.07 09:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Datos de programa\OpenOffice.org
[2010.05.05 00:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Datos de programa\Opera
[2010.09.12 22:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Datos de programa\PriceGong
[2010.07.16 19:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Datos de programa\SLAnticheat
[2010.05.18 15:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Datos de programa\Sports Interactive
[2010.05.23 01:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Datos de programa\TS3Client
[2010.05.23 23:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Datos de programa\uTorrent
[2010.08.29 16:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Datos de programa\vShare
[2010.09.12 15:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\###\Datos de programa\Desktop Security
[2010.08.04 11:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\###\Datos de programa\ICQ
[2010.09.12 15:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\###\Datos de programa\MSA
[2010.06.12 20:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\###\Datos de programa\OpenOffice.org
[2010.07.28 19:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\###\Datos de programa\PriceGong
 
========== Purity Check ==========
 
 
< End of report >

randomname · 12.09.2010, 23:59

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 12.09.2010 22:59:01 - Run 1
OTL by OldTimer - Version 3.2.12.0     Folder = C:\Documents and Settings\***\Mis documentos\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Alemania | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 499,00 Mb Available Physical Memory | 49,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 232,88 Gb Total Space | 204,35 Gb Free Space | 87,75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-BA2FC4FF51
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Archivos de programa\Opera\Opera.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-854245398-776561741-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Archivos de programa\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Archivos de programa\Opera\opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Archivos de programa\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Archivos de programa\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Archivos de programa\Opera\opera.exe" = C:\Archivos de programa\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Archivos de programa\mIRC\mirc.exe" = C:\Archivos de programa\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Archivos de programa\Enemy Territory\ET.exe" = C:\Archivos de programa\Enemy Territory\ET.exe:*:Enabled:ET -- File not found
"C:\Archivos de programa\HLSW\hlsw.exe" = C:\Archivos de programa\HLSW\hlsw.exe:*:Enabled:HLSW Application -- (Stripf Software)
"C:\Archivos de programa\MirandaFusion\miranda32.exe" = C:\Archivos de programa\MirandaFusion\miranda32.exe:*:Enabled:Miranda Fusion -- ( )
"C:\Archivos de programa\Xfire\Xfire.exe" = C:\Archivos de programa\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Archivos de programa\Sports Interactive\Football Manager 2010\fm.exe" = C:\Archivos de programa\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)
"C:\Archivos de programa\Gamers.IRC\mirc.exe" = C:\Archivos de programa\Gamers.IRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Archivos de programa\Wolfenstein - Enemy Territory\ET.exe" = C:\Archivos de programa\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET -- ()
"C:\Archivos de programa\TrackMania Nations ESWC\TmNationsESWC.exe" = C:\Archivos de programa\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC -- ()
"C:\Archivos de programa\Mozilla Firefox\plugin-container.exe" = C:\Archivos de programa\Mozilla Firefox\plugin-container.exe:*:Enabled:Plugin Container for Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\***\Mis documentos\Downloads\wolfpack\wolfpack\WolfMP.exe" = C:\Documents and Settings\***\Mis documentos\Downloads\wolfpack\wolfpack\WolfMP.exe:*:Enabled:WolfMP -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0079B957-5E36-A04C-F116-128790F4C333}" = Catalyst Control Center Localization Italian
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{059FCFFE-8619-F804-25E1-B2D5B59E1A5D}" = Catalyst Control Center Localization Chinese Traditional
"{0928B2C5-0B16-C2FB-7BAE-A25901414687}" = ATI Catalyst Install Manager
"{098152F4-1792-D618-D4B2-71CA86C9FADB}" = CCC Help Danish
"{0A44540C-1AB5-3940-7E85-B777A2997202}" = CCC Help Turkish
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D524441-C462-4CBC-AFCF-09916483EE7A}" = Skins
"{0E8FCFEE-26D8-3B9F-F42E-45DE4F433EC6}" = CCC Help Finnish
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{112F2474-EE2F-D21A-7297-B5019FB9CD8F}" = Catalyst Control Center Localization Danish
"{122C4D87-B0E5-55DE-5276-655947FB2928}" = Catalyst Control Center Localization Dutch
"{167BD6B7-0507-32BB-93B0-2FD282D3D62D}" = CCC Help Portuguese
"{1774C3D2-30FF-70EE-A1AF-1B771E2D2D33}" = ccc-utility
"{18E65799-76BD-46EF-9E53-972FE5A40736}" = Opera 10.62
"{1AED6AF7-2DCC-0210-B145-0A62B3943A5A}" = Catalyst Control Center Localization Greek
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{1FE9594B-E51F-9845-0466-C0D1D915FBB5}" = Catalyst Control Center InstallProxy
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2BEB102E-F9CD-4881-984B-E288F66FD394}" = Quake Live Mozilla Plugin
"{306DCF1D-C3EB-742E-2857-0099E690B400}" = CCC Help Polish
"{30CB5415-494F-EB96-4221-DC7857D6FD3A}" = Catalyst Control Center Graphics Full New
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{31DDEBE2-0F7D-A4AA-B8A9-9E1FD795FC2A}" = CCC Help English
"{33B39070-E54C-3D4D-AD41-0E0025DEF8D9}" = Catalyst Control Center Graphics Previews Common
"{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3ABF08C9-AD7B-C759-7CBD-17D6C26E99EF}" = ccc-core-preinstall
"{3B41412A-B46F-FAF1-EAC4-F922486E3A92}" = CCC Help Norwegian
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{427ED69B-96CE-E2A1-A611-82447CD60F2C}" = CCC Help Czech
"{47D28B65-DA36-6520-DC49-3DAF81AEDA72}" = CCC Help Japanese
"{496EDDC1-B95D-7163-B545-CEA974E73756}" = Catalyst Control Center Core Implementation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D63402C-A7D5-6C69-977E-CCBA3C56EA92}" = CCC Help English
"{55A8AB10-C274-9495-4DB1-C8EDF5463B0D}" = Catalyst Control Center Localization German
"{57A1A9FA-E8C6-469B-8A93-2C3C074610ED}_is1" = Ventinizor 1.4
"{5A7E2599-07F2-3387-0D6D-5B8C3FC31A3F}" = CCC Help French
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A3AEA6E-BF88-44FA-637C-2B5A9E1F0BA2}" = CCC Help Spanish
"{6C03A586-5677-AFFC-1580-EC952B1BB388}" = CCC Help Swedish
"{6D6A6D9A-31DB-BEA6-949E-C23A157FA459}" = CCC Help Greek
"{77140E09-2ADA-1C99-9839-E180AC5EA909}" = CCC Help Korean
"{7FE027FD-741A-AD35-1448-5254CF4438F4}" = Catalyst Control Center Localization Korean
"{810226BF-399C-7F0B-E60A-4882C74DD296}" = Catalyst Control Center Localization Finnish
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8CCB57A6-CF57-F5C7-2BB1-384D7CCE1626}" = CCC Help Italian
"{8E9E8B11-BA96-D289-BAF6-F6A84C573D4A}" = Catalyst Control Center Graphics Light
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9833D9E3-2DD7-AFE8-55EB-E1B6E20B343F}" = Catalyst Control Center Localization Chinese Standard
"{9853EBA1-9FB9-02A4-EE1D-E242D197BC65}" = Catalyst Control Center Localization Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A22BDEF3-FBBD-9CAE-0C45-620263D0C840}" = CCC Help Russian
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A40C0B0F-CDB6-FFA7-57CE-CF6153B9444B}" = Catalyst Control Center Localization Turkish
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49D3DF9-B762-C2D8-341A-4AB680817E00}" = Catalyst Control Center Localization Japanese
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{AF675248-596D-E501-77AA-D67308D449F2}" = CCC Help Dutch
"{B4C5C98E-EAF2-A7D8-5C5A-20DA2FEEC6B6}" = CCC Help Chinese Traditional
"{B756A8C0-53D5-3A20-6CF3-4F6781C0B6EB}" = CCC Help Thai
"{B7B0C24A-9930-A669-6525-540CF544BD70}" = ccc-core-static
"{BD485D8E-7FFA-7E01-4C1F-29337929BB41}" = ccc-utility
"{BD5F4C25-5412-80AB-64A4-22B345940F0A}" = CCC Help Chinese Standard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C193C8C8-E555-9284-F80D-8F01EE96D6E4}" = Catalyst Control Center Localization French
"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}" = AVIVO Codecs
"{C95434BE-425E-17E3-B8F1-A84C71B54B28}" = Catalyst Control Center Localization Swedish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE567716-7997-E0AE-DD81-1A5D49A5FB25}" = Catalyst Control Center Graphics Previews Common
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DB09B1C2-5FD2-C732-0484-703143E0AF79}" = CCC Help Hungarian
"{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
"{E3D722F2-0839-92D5-ECEA-8B65085B20D6}" = Catalyst Control Center Localization Thai
"{E603DF00-D577-409A-1118-82C6E18F28B0}" = Catalyst Control Center Localization Spanish
"{F11B077E-7848-E3E5-95F1-AE694EA28D5D}" = Catalyst Control Center Localization Russian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F8CBC8AC-FAC0-FD10-D12E-E3D368D09E2B}" = Catalyst Control Center Graphics Full Existing
"{FC03B954-D556-1C01-1A88-182A39B42C39}" = CCC Help German
"{FCABC23E-2B6B-D69D-C6C2-0F52D9422F0F}" = Catalyst Control Center Localization Czech
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires" = Microsoft Age of Empires
"Age of Empires 2.0" = Microsoft Age of Empires II
"ANSTOSS 2" = ANSTOSS 2
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"D947C5B44B9016AE0921E60FC8B6B15EEBB7E850" = Paquete de controladores de Windows - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)
"DivX Setup.divx.com" = DivX-Setup
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Football Manager 2010" = Football Manager 2010
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"Gamers.IRC" = Gamers.IRC 5.32
"HLSW_is1" = HLSW v1.3.3.7b
"HotspotShield" = Hotspot Shield 1.49
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MirandaFusion" = Miranda Fusion 2.0.23
"mIRC" = mIRC
"MobilityDotNET" = DH Mobility Modder.NET
"Mozilla Firefox 4.0b5 (x86 en-US)" = Mozilla Firefox 4.0b5 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"PunkBusterSvc" = PunkBuster Services
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TmNations_is1" = TrackMania Nations ESWC 0.1.7.5
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 1.0.5
"vShare" = vShare Plugin
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"YAWn!" = YAWn!.NET (remove only)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-854245398-776561741-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NoNameScript" = NNScript
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 02.08.2010 05:25:55 | Computer Name = ***-BA2FC4FF51 | Source = Application Error | ID = 1000
Description = Aplicación con errores: nfs_inst.exe, versión: 0.0.0.0, módulo con
 error: nfs_inst.exe, versión 0.0.0.0, dirección de error 0x00002850.
 
Error - 02.08.2010 05:25:57 | Computer Name = ***-BA2FC4FF51 | Source = Application Error | ID = 1001
Description = Depósito 342111797 incorrecto.
 
Error - 02.08.2010 05:26:13 | Computer Name = ***-BA2FC4FF51 | Source = Application Error | ID = 1000
Description = Aplicación con errores: nfs_inst.exe, versión: 0.0.0.0, módulo con
 error: nfs_inst.exe, versión 0.0.0.0, dirección de error 0x00002850.
 
Error - 02.08.2010 05:26:15 | Computer Name = ***-BA2FC4FF51 | Source = Application Error | ID = 1001
Description = Depósito 342111797 incorrecto.
 
Error - 02.08.2010 11:06:44 | Computer Name = ***-BA2FC4FF51 | Source =   | ID = 0
Description = 
 
Error - 02.08.2010 11:06:44 | Computer Name = ***-BA2FC4FF51 | Source =   | ID = 0
Description = 
 
Error - 02.08.2010 13:27:19 | Computer Name = ***-BA2FC4FF51 | Source = Application Error | ID = 1000
Description = Aplicación con errores: tbdiagtalkback.exe, versión: 0.0.0.0, módulo
 con error: unknown, versión 0.0.0.0, dirección de error 0x00000000.
 
Error - 02.08.2010 13:28:28 | Computer Name = ***-BA2FC4FF51 | Source = Application Error | ID = 1000
Description = Aplicación con errores: tbdiagtalkback.exe, versión: 0.0.0.0, módulo
 con error: unknown, versión 0.0.0.0, dirección de error 0x00000000.
 
Error - 02.08.2010 13:28:34 | Computer Name = ***-BA2FC4FF51 | Source = Application Error | ID = 1001
Description = Depósito 1979732666 incorrecto.
 
Error - 02.08.2010 15:59:32 | Computer Name = ***-BA2FC4FF51 | Source = Application Error | ID = 1000
Description = Aplicación con errores: update.exe, versión: 1.0.0.0, módulo con error:
 qtcore4.dll, versión 4.6.2.0, dirección de error 0x0001df7f.
 
 
< End of report >

--- --- ---

gmer:

Code:

ATTFilter

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-09-13 00:44:32
Windows 5.1.2600 Service Pack 2
Running: gj3gen8u.exe; Driver: C:\DOCUME~1\OTL EXTRAS Logfile:
 
--- --- ---
\CONFIG~1\Temp\afxyqfod.sys
 
 
---- System - GMER 1.0.15 ----
 
SSDT            F7ABEB56                                                                             ZwCreateKey
SSDT            F7ABEB4C                                                                             ZwCreateThread
SSDT            F7ABEB5B                                                                             ZwDeleteKey
SSDT            F7ABEB65                                                                             ZwDeleteValueKey
SSDT            F7ABEB6A                                                                             ZwLoadKey
SSDT            F7ABEB38                                                                             ZwOpenProcess
SSDT            F7ABEB3D                                                                             ZwOpenThread
SSDT            F7ABEB74                                                                             ZwReplaceKey
SSDT            F7ABEB6F                                                                             ZwRestoreKey
SSDT            F7ABEB60                                                                             ZwSetValueKey
 
---- Kernel code sections - GMER 1.0.15 ----
 
?               ailxlrrn.sys                                                                         El sistema no puede hallar el archivo especificado. !
.text           USBPORT.SYS!USBPORT_RegisterUSBPortDriver + FFFFD1FF                                 F6B74D01 1 Byte  [00]
.reloc          C:\WINDOWS\system32\drivers\PnkBstrK.sys                                             section is executable [0xAA1F5000, 0x18FF4, 0xE0000060]
 
---- User code sections - GMER 1.0.15 ----
 
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3736] ntdll.dll!LdrLoadDll       7C925CBB 5 Bytes  JMP 00401410 C:\Archivos de programa\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3736] kernel32.dll!LoadLibraryA  7C801D77 5 Bytes  JMP 0104AB5F C:\Archivos de programa\Xfire\xfire_toucan_43094.dll (Xfire Toucan DLL/Xfire Inc.)
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3736] kernel32.dll!LoadLibraryW  7C80AE5B 1 Byte  [E9]
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3736] kernel32.dll!LoadLibraryW  7C80AE5B 5 Bytes  JMP 0104AC5F C:\Archivos de programa\Xfire\xfire_toucan_43094.dll (Xfire Toucan DLL/Xfire Inc.)
 
---- Devices - GMER 1.0.15 ----
 
AttachedDevice  \FileSystem\Fastfat \Fat                                                             fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
 
---- EOF - GMER 1.0.15 ----

Code:

ATTFilter

OTL Extras logfile created on: 12.09.2010 22:59:01 - Run 1
OTL by OldTimer - Version 3.2.12.0     Folder = C:\Documents and Settings\***\Mis documentos\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Alemania | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 499,00 Mb Available Physical Memory | 49,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 232,88 Gb Total Space | 204,35 Gb Free Space | 87,75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-BA2FC4FF51
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Archivos de programa\Opera\Opera.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-854245398-776561741-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Archivos de programa\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Archivos de programa\Opera\opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Archivos de programa\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Archivos de programa\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Archivos de programa\Opera\opera.exe" = C:\Archivos de programa\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Archivos de programa\mIRC\mirc.exe" = C:\Archivos de programa\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Archivos de programa\Enemy Territory\ET.exe" = C:\Archivos de programa\Enemy Territory\ET.exe:*:Enabled:ET -- File not found
"C:\Archivos de programa\HLSW\hlsw.exe" = C:\Archivos de programa\HLSW\hlsw.exe:*:Enabled:HLSW Application -- (Stripf Software)
"C:\Archivos de programa\MirandaFusion\miranda32.exe" = C:\Archivos de programa\MirandaFusion\miranda32.exe:*:Enabled:Miranda Fusion -- ( )
"C:\Archivos de programa\Xfire\Xfire.exe" = C:\Archivos de programa\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Archivos de programa\Sports Interactive\Football Manager 2010\fm.exe" = C:\Archivos de programa\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)
"C:\Archivos de programa\Gamers.IRC\mirc.exe" = C:\Archivos de programa\Gamers.IRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Archivos de programa\Wolfenstein - Enemy Territory\ET.exe" = C:\Archivos de programa\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET -- ()
"C:\Archivos de programa\TrackMania Nations ESWC\TmNationsESWC.exe" = C:\Archivos de programa\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC -- ()
"C:\Archivos de programa\Mozilla Firefox\plugin-container.exe" = C:\Archivos de programa\Mozilla Firefox\plugin-container.exe:*:Enabled:Plugin Container for Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\***\Mis documentos\Downloads\wolfpack\wolfpack\WolfMP.exe" = C:\Documents and Settings\***\Mis documentos\Downloads\wolfpack\wolfpack\WolfMP.exe:*:Enabled:WolfMP -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0079B957-5E36-A04C-F116-128790F4C333}" = Catalyst Control Center Localization Italian
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{059FCFFE-8619-F804-25E1-B2D5B59E1A5D}" = Catalyst Control Center Localization Chinese Traditional
"{0928B2C5-0B16-C2FB-7BAE-A25901414687}" = ATI Catalyst Install Manager
"{098152F4-1792-D618-D4B2-71CA86C9FADB}" = CCC Help Danish
"{0A44540C-1AB5-3940-7E85-B777A2997202}" = CCC Help Turkish
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D524441-C462-4CBC-AFCF-09916483EE7A}" = Skins
"{0E8FCFEE-26D8-3B9F-F42E-45DE4F433EC6}" = CCC Help Finnish
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{112F2474-EE2F-D21A-7297-B5019FB9CD8F}" = Catalyst Control Center Localization Danish
"{122C4D87-B0E5-55DE-5276-655947FB2928}" = Catalyst Control Center Localization Dutch
"{167BD6B7-0507-32BB-93B0-2FD282D3D62D}" = CCC Help Portuguese
"{1774C3D2-30FF-70EE-A1AF-1B771E2D2D33}" = ccc-utility
"{18E65799-76BD-46EF-9E53-972FE5A40736}" = Opera 10.62
"{1AED6AF7-2DCC-0210-B145-0A62B3943A5A}" = Catalyst Control Center Localization Greek
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{1FE9594B-E51F-9845-0466-C0D1D915FBB5}" = Catalyst Control Center InstallProxy
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2BEB102E-F9CD-4881-984B-E288F66FD394}" = Quake Live Mozilla Plugin
"{306DCF1D-C3EB-742E-2857-0099E690B400}" = CCC Help Polish
"{30CB5415-494F-EB96-4221-DC7857D6FD3A}" = Catalyst Control Center Graphics Full New
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{31DDEBE2-0F7D-A4AA-B8A9-9E1FD795FC2A}" = CCC Help English
"{33B39070-E54C-3D4D-AD41-0E0025DEF8D9}" = Catalyst Control Center Graphics Previews Common
"{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3ABF08C9-AD7B-C759-7CBD-17D6C26E99EF}" = ccc-core-preinstall
"{3B41412A-B46F-FAF1-EAC4-F922486E3A92}" = CCC Help Norwegian
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{427ED69B-96CE-E2A1-A611-82447CD60F2C}" = CCC Help Czech
"{47D28B65-DA36-6520-DC49-3DAF81AEDA72}" = CCC Help Japanese
"{496EDDC1-B95D-7163-B545-CEA974E73756}" = Catalyst Control Center Core Implementation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D63402C-A7D5-6C69-977E-CCBA3C56EA92}" = CCC Help English
"{55A8AB10-C274-9495-4DB1-C8EDF5463B0D}" = Catalyst Control Center Localization German
"{57A1A9FA-E8C6-469B-8A93-2C3C074610ED}_is1" = Ventinizor 1.4
"{5A7E2599-07F2-3387-0D6D-5B8C3FC31A3F}" = CCC Help French
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A3AEA6E-BF88-44FA-637C-2B5A9E1F0BA2}" = CCC Help Spanish
"{6C03A586-5677-AFFC-1580-EC952B1BB388}" = CCC Help Swedish
"{6D6A6D9A-31DB-BEA6-949E-C23A157FA459}" = CCC Help Greek
"{77140E09-2ADA-1C99-9839-E180AC5EA909}" = CCC Help Korean
"{7FE027FD-741A-AD35-1448-5254CF4438F4}" = Catalyst Control Center Localization Korean
"{810226BF-399C-7F0B-E60A-4882C74DD296}" = Catalyst Control Center Localization Finnish
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8CCB57A6-CF57-F5C7-2BB1-384D7CCE1626}" = CCC Help Italian
"{8E9E8B11-BA96-D289-BAF6-F6A84C573D4A}" = Catalyst Control Center Graphics Light
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9833D9E3-2DD7-AFE8-55EB-E1B6E20B343F}" = Catalyst Control Center Localization Chinese Standard
"{9853EBA1-9FB9-02A4-EE1D-E242D197BC65}" = Catalyst Control Center Localization Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A22BDEF3-FBBD-9CAE-0C45-620263D0C840}" = CCC Help Russian
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A40C0B0F-CDB6-FFA7-57CE-CF6153B9444B}" = Catalyst Control Center Localization Turkish
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49D3DF9-B762-C2D8-341A-4AB680817E00}" = Catalyst Control Center Localization Japanese
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{AF675248-596D-E501-77AA-D67308D449F2}" = CCC Help Dutch
"{B4C5C98E-EAF2-A7D8-5C5A-20DA2FEEC6B6}" = CCC Help Chinese Traditional
"{B756A8C0-53D5-3A20-6CF3-4F6781C0B6EB}" = CCC Help Thai
"{B7B0C24A-9930-A669-6525-540CF544BD70}" = ccc-core-static
"{BD485D8E-7FFA-7E01-4C1F-29337929BB41}" = ccc-utility
"{BD5F4C25-5412-80AB-64A4-22B345940F0A}" = CCC Help Chinese Standard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C193C8C8-E555-9284-F80D-8F01EE96D6E4}" = Catalyst Control Center Localization French
"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}" = AVIVO Codecs
"{C95434BE-425E-17E3-B8F1-A84C71B54B28}" = Catalyst Control Center Localization Swedish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE567716-7997-E0AE-DD81-1A5D49A5FB25}" = Catalyst Control Center Graphics Previews Common
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DB09B1C2-5FD2-C732-0484-703143E0AF79}" = CCC Help Hungarian
"{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
"{E3D722F2-0839-92D5-ECEA-8B65085B20D6}" = Catalyst Control Center Localization Thai
"{E603DF00-D577-409A-1118-82C6E18F28B0}" = Catalyst Control Center Localization Spanish
"{F11B077E-7848-E3E5-95F1-AE694EA28D5D}" = Catalyst Control Center Localization Russian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F8CBC8AC-FAC0-FD10-D12E-E3D368D09E2B}" = Catalyst Control Center Graphics Full Existing
"{FC03B954-D556-1C01-1A88-182A39B42C39}" = CCC Help German
"{FCABC23E-2B6B-D69D-C6C2-0F52D9422F0F}" = Catalyst Control Center Localization Czech
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires" = Microsoft Age of Empires
"Age of Empires 2.0" = Microsoft Age of Empires II
"ANSTOSS 2" = ANSTOSS 2
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"D947C5B44B9016AE0921E60FC8B6B15EEBB7E850" = Paquete de controladores de Windows - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)
"DivX Setup.divx.com" = DivX-Setup
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Football Manager 2010" = Football Manager 2010
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"Gamers.IRC" = Gamers.IRC 5.32
"HLSW_is1" = HLSW v1.3.3.7b
"HotspotShield" = Hotspot Shield 1.49
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MirandaFusion" = Miranda Fusion 2.0.23
"mIRC" = mIRC
"MobilityDotNET" = DH Mobility Modder.NET
"Mozilla Firefox 4.0b5 (x86 en-US)" = Mozilla Firefox 4.0b5 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"PunkBusterSvc" = PunkBuster Services
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TmNations_is1" = TrackMania Nations ESWC 0.1.7.5
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 1.0.5
"vShare" = vShare Plugin
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"YAWn!" = YAWn!.NET (remove only)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-854245398-776561741-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NoNameScript" = NNScript
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 02.08.2010 05:25:55 | Computer Name = ***-BA2FC4FF51 | Source = Application Error | ID = 1000
Description = Aplicación con errores: nfs_inst.exe, versión: 0.0.0.0, módulo con
 error: nfs_inst.exe, versión 0.0.0.0, dirección de error 0x00002850.
 
Error - 02.08.2010 05:25:57 | Computer Name = ***-BA2FC4FF51 | Source = Application Error | ID = 1001
Description = Depósito 342111797 incorrecto.
 
Error - 02.08.2010 05:26:13 | Computer Name = ***-BA2FC4FF51 | Source = Application Error | ID = 1000
Description = Aplicación con errores: nfs_inst.exe, versión: 0.0.0.0, módulo con
 error: nfs_inst.exe, versión 0.0.0.0, dirección de error 0x00002850.
 
Error - 02.08.2010 05:26:15 | Computer Name = ***-BA2FC4FF51 | Source = Application Error | ID = 1001
Description = Depósito 342111797 incorrecto.
 
Error - 02.08.2010 11:06:44 | Computer Name = ***-BA2FC4FF51 | Source =   | ID = 0
Description = 
 
Error - 02.08.2010 11:06:44 | Computer Name = ***-BA2FC4FF51 | Source =   | ID = 0
Description = 
 
Error - 02.08.2010 13:27:19 | Computer Name = ***-BA2FC4FF51 | Source = Application Error | ID = 1000
Description = Aplicación con errores: tbdiagtalkback.exe, versión: 0.0.0.0, módulo
 con error: unknown, versión 0.0.0.0, dirección de error 0x00000000.
 
Error - 02.08.2010 13:28:28 | Computer Name = ***-BA2FC4FF51 | Source = Application Error | ID = 1000
Description = Aplicación con errores: tbdiagtalkback.exe, versión: 0.0.0.0, módulo
 con error: unknown, versión 0.0.0.0, dirección de error 0x00000000.
 
Error - 02.08.2010 13:28:34 | Computer Name = ***-BA2FC4FF51 | Source = Application Error | ID = 1001
Description = Depósito 1979732666 incorrecto.
 
Error - 02.08.2010 15:59:32 | Computer Name = ***-BA2FC4FF51 | Source = Application Error | ID = 1000
Description = Aplicación con errores: update.exe, versión: 1.0.0.0, módulo con error:
 qtcore4.dll, versión 4.6.2.0, dirección de error 0x0001df7f.
 
 
< End of report >

Swisstreasure · 13.09.2010, 16:36

Wie sieht es dann nun aus? Bewegt sich der Mauszeiger noch? Kommen noch Meldungen?

randomname · 13.09.2010, 18:30

meldungen waren seitdem keine mehr und mauszeiger hat sich wie oben schon beschrieben ziemlich bald erledigt gehabt; nur diese insgesamt 71 funde beunruhigen mich noch etwas :s und das inet läuft teilweise ziemlich langsam, aber das kann auch andre gründe haben

Swisstreasure · 13.09.2010, 18:48

Schritt 1

Lade Dir bitte WVCheck ( by Artellos ) von einem der folgenden Downloadspiegel herunter

Artellos.com (exe)
Artellos.com (zip)

und speichere die Datei auf dem Desktop.

Starte WVCheck.exe
Wie Du im DOS Fenster lesen kannst wird das Tool eventuell eine Weile brauchen.
Bestätige mit Enter.
Wenn der Scan beendet wurde, öffnet sich ein Textdokument. Kopiere den Inhalt und poste diesen bitte hier in deinen Thread.

Das Textdokument wird dort gespeichert, wo auch die WVCheck.exe ist ( WVCheck_<Uhrzeit>_<Datum>.txt )

Schritt 2

Wende AVZ an und poste bitte das Log.

randomname · 13.09.2010, 19:12

mein os is schon original

oh, hat grad mal 5 sekunden gedauert...

Code:

ATTFilter

Windows Validation Check
Version: 1.8.8.3
Log Created On: 2012_13-09-2010
------------------------

Windows Information
-----------------------
Windows Version: Windows XP Service Pack 2 
Windows Mode: Normal


WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
------------------------------
Last Success Time for Update Detection: 2010-09-13 07:26:32
Last Success Time for Update Download: 2010-08-13 08:54:53
Last Success Time for Update Installation: 2010-08-13 13:17:52


WVCheck's File Dump
-------------------
WVCheck found no known bad files.


WVCheck's Dir Dump
-------------------
WVCheck found no known bad files.


WVCheck's Missing File Check
-------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-------------------
user32.dll - 5d5c9cc377a70d036816e7ea55f3ca73


-------- End of File, program close at 2012_13-09-2010 --------

Swisstreasure · 13.09.2010, 20:07

Das interessiert mich:

Zitat:

Last Success Time for Update Detection: 2010-09-13 07:26:32

randomname · 13.09.2010, 20:16

hier avz-logs

Swisstreasure · 20.09.2010, 18:22

Ich habe den Thread leider übersehen. Sind die Probleme noch vorhanden?

randomname · 21.09.2010, 23:19

nein, denke dass einfache löschen hat diesmal ausgereicht

Swisstreasure · 22.09.2010, 19:02

Hier noch die letzten paar Schritte zur Säuberung Deines Rechners.

Schritt 1

Systemwiederherstellungpunkte leeren

Note: Dieser Teil ist jeweils an das Betriebssystem anzupassen

Schritt 2

Tool CleanUp

Starte bitte die OTL.exe.
Klicke nun auf den Bereinigung Button. Dies wird die meisten Tools und Logfiles entfernen.
Sollte denoch etwas bestehen bleiben, bitte manuell entfernen sowie den Papierkorb leeren.

Schritt 3

Automatische Updates

Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten.

Windows + R Taste drücken. Kopiere nun folgenden Text in die Kommandozeile

RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl

und klicke auf OK.
Stelle sicher das die automatischen Updates aktiviert sind.

Schritt 4

Um Dich für die Zukunft vor weiteren Infizierungen zu schützen empfehle ich Dir noch ein paar Programme.

SpywareBlaster
Ein Tutorial zur Verwendung findest Du Hier
MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
Hinweis: MBAM ersetzt keine Anti- Viren- Software.
Temp File Cleaner
TFC ist ein wirklich starkes Tool zum entfernen von Temp Dateien vom IE und WIndows, leert den Papierkorb und noch viel mehr.
Ausserdem hilft es Deinen Computer zu beschleunigen.
Du kannst Dir TFC ( by OldTimer ) hier downloaden.
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
Halte Dein System aktuell
Ich kann gar nicht oft genug betonen, wie wichtig es ist, dass der PC auf dem aktuellsten Stand der Dinge ist.
Es werden oft genug Sicherheitslücken in Windows eigenen Anwendungen gefunden. Diese "Löcher" gehören entfernt, weil Angreifer diese womöglich nutzen um unauthorisiert auf Dein System zu zugreifen.
Jeden zweiten Dienstag im Monat ist Update Tag. Besuche bitte dazu die Microsoft Update Seite.
Halte Deine Software aktuell
Der einfachste Weg dafür ist der Secunia Online Software.

Schritt 5

Tipps für sicheres Surfen

Das sind meine Vorschläge.
Verwende einen alternativen Browser statt den IE.
Ich empfehle Mozilla Firefox.

Für Firefox gibt es verschiedenste AddOns um sicher durch das WWW zu kommen.

NoScript
Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
AdblockPlus
Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
Es spart ausserdem Downloadkapazität.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

randomname · 22.09.2010, 21:12

wie geht schritt 1?

einfach nur die sys-wiederherstellung de- und wieder aktivieren?

Swisstreasure · 22.09.2010, 21:30

Genau

Habs vergessen einzufügen

13.09.2010, 16:36	#5
Swisstreasure /// Malwareteam	Maus bewegt sich von alleine Wie sieht es dann nun aus? Bewegt sich der Mauszeiger noch? Kommen noch Meldungen?

20.09.2010, 18:22	#11
Swisstreasure /// Malwareteam	Maus bewegt sich von alleine Ich habe den Thread leider übersehen. Sind die Probleme noch vorhanden?

22.09.2010, 21:30	#15
Swisstreasure /// Malwareteam	Maus bewegt sich von alleine Genau Habs vergessen einzufügen

Maus bewegt sich von alleine

Log-Analyse und Auswertung: Maus bewegt sich von alleine