Trojaner-Board - Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu (https://www.trojaner-board.de/86133-virus-win32-protector-f-trojan-dropper-win32-delf-eu.html)

Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu

Hallo zusammen,

durch Dummheit habe ich mir Viren & Trojaner eingefangen.

Wenn ich mit Kasperksy reinige findet er folgende Sachen:

Virus.Win32.Protector.f
Trojan-Dropper.Win32.delf.eu

kann sie aber beide nicht loeschen.

Wenn ich Malwarebytes laufen lassen, findet er ebenfalls 2 Trojaner:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4103

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/15/2010 2:56:39 PM
mbam-log-2010-05-15 (14-56-39).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 121172
Laufzeit: 7 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\ipsecndis.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Drivers\ntndis.sys (Rootkit.Agent) -> Delete on reboot.

in beiden Fallen kann er sie nach einem Neustart nich loeschen.

Thanks

:hallo:

Bitte die Logfiles nicht einfärben, macht sie schwerer zu lesen.

schritt 1

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox.

Code:

netsvcs

%SYSTEMDRIVE%\*.*

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /90

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

schritt 2

alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Gmer ist geeignet für => NT/W2K/XP/VISTA.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf "Save" und speichere das Log als Gmer.txt auf dem Desktop. Mit "Ok" wird Gmer beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Bitte poste in Deiner nächsten Antwort
OTL.txt
Extra.txt
Gmer.txt

Danke fuer die schnelle Antwort. :daumenhoc

OTL-File:

Code:

OTL logfile created on: 5/16/2010 7:32:43 AM - Run 1

OTL by OldTimer - Version 3.2.4.1     Folder = C:\Documents and Settings\Guenther\My Documents\My Videos

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free

7.00 Gb Paging File | 7.00 Gb Available in Paging File | 93.00% Paging File free

Paging file location(s): C:\pagefile.sys 4000 4000 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 465.74 Gb Total Space | 199.99 Gb Free Space | 42.94% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: SHUTTLE

Current User Name: Guenther

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

 
 ========== Processes (SafeList) ==========

 

PRC - [2010/05/16 07:27:19 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guenther\My Documents\My Videos\OTL.exe

PRC - [2010/05/07 12:39:36 | 000,344,736 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe

PRC - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

PRC - [2009/05/19 14:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/09/14 07:01:56 | 000,492,600 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

PRC - [2007/09/14 05:55:26 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

PRC - [2007/04/20 14:22:22 | 000,079,324 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\WeatherProfessional\database\bin\pg_ctl.exe

PRC - [2007/04/20 14:22:04 | 003,596,659 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\WeatherProfessional\database\bin\postgres.exe

PRC - [2007/03/21 16:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2004/11/08 15:48:56 | 000,237,568 | ---- | M] (Delta) -- C:\Program Files\Belkin Bulldog Plus\upsd.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2010/05/16 07:27:19 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guenther\My Documents\My Videos\OTL.exe

MOD - [2009/05/25 01:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll

MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2010/05/07 12:39:36 | 000,344,736 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)

SRV - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)

SRV - [2009/06/18 20:49:54 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/05/19 14:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2008/10/29 10:50:23 | 000,077,824 | ---- | M] (Extensoft) [Disabled | Stopped] -- C:\Program Files\Extensions for Windows\Extensions\Updater\ExtensionsUpdatesService.exe -- (Extensions Updates Service)

SRV - [2007/09/14 07:01:56 | 000,492,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)

SRV - [2007/09/14 05:55:26 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2007/04/20 14:22:22 | 000,079,324 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\WeatherProfessional\database\bin\pg_ctl.exe -- (pgsql-8.2)

SRV - [2007/03/21 16:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

SRV - [2004/11/08 15:48:56 | 000,237,568 | ---- | M] (Delta) [Auto | Running] -- C:\Program Files\Belkin Bulldog Plus\upsd.exe -- (UPSentry_Smart)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2010/05/11 19:20:15 | 000,477,784 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)

DRV - [2010/05/11 07:51:56 | 000,210,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)

DRV - [2010/05/07 00:19:06 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)

DRV - [2010/05/07 00:19:02 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)

DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)

DRV - [2009/09/14 14:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)

DRV - [2009/07/07 18:27:50 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009/06/18 18:58:55 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)

DRV - [2009/06/18 18:58:55 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)

DRV - [2009/06/18 18:58:48 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)

DRV - [2009/06/18 18:58:46 | 000,368,736 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)

DRV - [2009/05/09 04:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)

DRV - [2009/03/28 03:03:00 | 006,280,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2009/03/15 06:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)

DRV - [2009/02/06 21:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)

DRV - [2009/01/13 22:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)

DRV - [2009/01/13 22:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)

DRV - [2009/01/13 22:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)

DRV - [2009/01/13 22:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)

DRV - [2008/08/14 10:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)

DRV - [2008/04/13 14:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt)

DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2007/12/03 03:40:56 | 000,047,249 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)

DRV - [2007/07/06 14:16:34 | 000,016,000 | ---- | M] (USBest Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UT_FPRd.sys -- (USB_FPRd)

DRV - [2007/06/19 22:14:40 | 004,432,384 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2007/03/21 15:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)

DRV - [2006/11/02 11:01:00 | 000,250,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)

DRV - [2005/08/16 17:50:50 | 000,278,016 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211U.sys -- (WLAN(WLAN)) XPC 802.11b/g Wireless Kit Driver(WLAN)

DRV - [2004/10/25 16:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.yahoo.com/

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.startup.homepage: "hxxp://cm.my.yahoo.com/"

FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6

FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21

FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2

FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.6.17

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.68.2

FF - prefs.js..extensions.enabledItems: {3354F302-9928-4b07-B947-82F65A8FF70D}:2.0.2009110201

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3

FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3

FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3

FF - prefs.js..extensions.enabledItems: weatherwatcherlive@singerscreations.com:1.0.13

FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.6.14

FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.0.232

FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/13 12:36:00 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/13 12:36:01 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010/05/11 19:21:20 | 000,000,000 | ---D | M]

 

[2009/06/18 22:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Extensions

[2009/06/18 22:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Extensions\home2@tomtom.com

[2010/05/11 21:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions

[2010/03/25 19:45:08 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

[2010/05/10 07:01:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}

[2010/04/11 06:25:50 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

[2010/04/27 00:43:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/03/25 19:45:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{3354F302-9928-4b07-B947-82F65A8FF70D}

[2010/04/13 07:06:55 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}

[2010/05/04 14:45:48 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}

[2010/04/12 17:58:39 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

[2010/04/21 03:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\foxmarks@kei.com

[2010/04/13 07:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\personas@christopher.beard

[2010/03/25 19:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\smartbookmarksbar@remy.juteau

[2010/05/04 22:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\support@lastpass.com

[2010/03/25 19:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\weatherwatcherlive@singerscreations.com

[2010/01/11 16:22:54 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\searchplugins\diigo--google.xml

[2010/04/30 17:18:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\searchplugins\icqplugin-1.xml

[2008/07/10 13:07:28 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\searchplugins\icqplugin.xml

[2010/05/11 21:13:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/05/11 21:12:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru

[2010/05/11 21:12:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

[2009/07/11 00:39:25 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

 

O1 HOSTS File: ([2010/05/11 19:13:11 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)

O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin)

O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.

O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)

O4 - HKLM..\Run: [KernelFaultCheck]  File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\RunServices: [4.tmp] c:\docume~1\guenther\locals~1\temp\4.tmp File not found

O4 - HKLM..\RunServices: [EnhancementSearchHelper] c:\program files\microsoft\search enhancement pack\search helper\extentionsearchhelper1.2.118.0.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()

O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin)

O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243652328765 (WUWebControl Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)

O24 - Desktop WallPaper: C:\Documents and Settings\Guenther\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Guenther\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/05/29 22:18:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 90 Days ==========

 

[2010/05/15 07:03:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Guenther\Recent

[2010/05/13 08:13:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Application Data\Malwarebytes

[2010/05/13 08:13:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/05/13 08:13:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/05/13 08:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/05/13 08:13:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/05/12 19:47:23 | 000,000,000 | -HSD | C] -- C:\found.000

[2010/05/11 19:20:32 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab

[2010/05/11 19:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

[2010/05/11 19:20:15 | 000,477,784 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys

[2010/05/11 19:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

[2010/05/11 17:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2010/05/11 17:45:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\61D3AAE1D5214CD7939B37813DE8F955.TMP

[2010/05/11 17:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2010/05/11 14:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/05/11 14:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/05/08 17:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\easyHDR PRO 2

[2010/05/08 17:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\easyHDR PRO 2

[2010/05/08 17:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Application Data\onOne Software

[2010/05/08 17:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\onOne Software

[2010/05/08 17:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\onOne Software

[2010/05/07 12:37:58 | 000,228,024 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\klogon.dll

[2010/05/07 00:19:06 | 000,132,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kl2.sys

[2010/05/07 00:19:02 | 000,132,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kl1.sys

[2010/05/05 14:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2010/05/05 13:21:38 | 000,000,000 | -H-D | C] -- C:\$AVG

[2010/05/04 16:32:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9

[2010/05/04 16:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVG

[2010/05/04 16:31:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\My Documents\AVG

[2010/05/01 17:55:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Local Settings\Application Data\ACD Systems

[2010/05/01 17:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Application Data\ACD Systems

[2010/05/01 17:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ACD Systems

[2010/05/01 17:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ACD Systems

[2010/05/01 17:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\ACD Systems

[2010/05/01 17:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Local Settings\Application Data\Downloaded Installations

[2010/04/11 15:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Navigator Systems

[2010/04/07 07:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\My Documents\Bank

[2010/04/03 06:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software

[2010/04/03 05:36:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

[2010/03/31 08:43:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2010/03/28 18:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Application Data\vlc

[2010/03/28 17:17:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ICQ

[2010/03/25 21:00:23 | 000,000,000 | ---D | C] -- C:\Program Files\JRE

[2010/03/25 20:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 90 Days ==========

 

[2010/05/16 07:24:21 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/05/16 07:22:05 | 000,194,667 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/05/16 07:22:05 | 000,018,980 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml

[2010/05/16 07:22:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/05/16 07:22:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/05/15 22:19:46 | 003,670,016 | ---- | M] () -- C:\Documents and Settings\Guenther\NTUSER.DAT

[2010/05/13 08:13:33 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/11 19:22:05 | 000,113,933 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat

[2010/05/11 19:22:05 | 000,097,549 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat

[2010/05/11 19:20:15 | 000,477,784 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys

[2010/05/11 07:51:56 | 000,210,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\ndis.sys

[2010/05/07 12:37:58 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\klogon.dll

[2010/05/07 06:41:19 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\Guenther\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/07 00:19:06 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kl2.sys

[2010/05/07 00:19:02 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kl1.sys

[2010/05/04 16:05:48 | 000,000,210 | -HS- | M] () -- C:\boot.ini

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/04/16 21:25:14 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Guenther\My Documents\Order Form.xls

[2010/04/07 19:06:16 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Guenther\My Documents\OFM.xls

[2010/04/02 07:53:43 | 000,025,262 | ---- | M] () -- C:\Documents and Settings\Guenther\My Documents\cc_20100402_075337.reg

[2010/03/26 06:46:02 | 000,019,072 | ---- | M] () -- C:\Documents and Settings\Guenther\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/03/26 06:14:17 | 000,550,666 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/03/26 06:14:17 | 000,462,390 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/03/26 06:14:17 | 000,078,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/03/26 06:12:14 | 002,004,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010/05/13 08:13:33 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/11 19:22:05 | 000,113,933 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat

[2010/05/11 19:22:05 | 000,097,549 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat

[2010/04/16 21:25:06 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Guenther\My Documents\Order Form.xls

[2010/04/07 19:06:15 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Guenther\My Documents\OFM.xls

[2010/04/02 07:53:40 | 000,025,262 | ---- | C] () -- C:\Documents and Settings\Guenther\My Documents\cc_20100402_075337.reg

[2009/07/07 18:27:50 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2009/06/18 20:49:29 | 000,000,614 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/06/18 17:18:05 | 000,000,609 | R--- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini

[2009/05/29 22:30:41 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll

[2009/05/29 22:30:41 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL

[2007/09/27 13:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 13:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 13:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2007/06/28 12:43:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/06/28 12:43:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/06/28 12:43:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/06/28 12:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/06/28 12:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2006/05/20 16:44:46 | 000,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys

[2006/02/28 08:00:00 | 000,210,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\ndis.sys

[2002/12/13 12:50:00 | 000,021,696 | ---- | C] () -- C:\WINDOWS\System32\lmpcl5d$.ini

 
 ========== LOP Check ==========

 

[2010/05/01 17:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems

[2009/07/07 18:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis

[2010/05/11 19:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2009/06/18 21:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus

[2010/03/31 08:43:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2009/06/18 22:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Extensions

[2010/03/28 17:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ

[2009/07/25 14:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Martau

[2010/05/08 17:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\onOne Software

[2010/05/11 17:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/06/18 22:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom

[2009/06/30 12:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2009/07/07 13:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{1C806443-3EF6-4749-9244-5B8BB16AC237}

[2009/07/07 18:27:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{44C0A247-3014-411F-95CB-B1729C1B82D5}

[2009/06/18 20:30:01 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

[2009/06/18 17:19:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{6E81C7A8-EA69-4F66-A6DA-F1E4B472DE1C}

[2010/04/03 05:36:05 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

[2009/07/07 13:08:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E43D54EF-B3D5-44DC-8466-C4CC70E63FDD}

[2010/05/01 17:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\ACD Systems

[2009/06/18 18:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Acronis

[2009/07/07 18:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\AquaSoft

[2010/05/15 07:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Azureus

[2009/07/07 18:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Barbecue

[2009/06/19 10:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\COWON

[2009/07/11 00:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Foxit

[2009/09/11 11:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Foxit Software

[2009/07/23 14:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Jpeg Resampler

[2009/07/28 10:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\jpg-Illuminator

[2009/06/19 08:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\kikin

[2009/07/03 11:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mp3tag

[2010/05/08 17:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\onOne Software

[2009/06/18 21:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\OpenOffice.org

[2009/08/26 12:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\PanoramaStudio

[2009/07/07 18:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\PhotoAlbum

[2010/04/17 06:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\SpeedProject

[2009/09/18 20:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\TomTom

[2009/06/18 20:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\TuneUp Software

[2009/07/07 18:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\WebShow

[2009/06/02 12:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Windows Desktop Search

[2009/06/18 17:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Windows Search

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*.* >

[2009/05/29 22:18:29 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2010/05/04 16:05:48 | 000,000,210 | -HS- | M] () -- C:\boot.ini

[2009/06/18 19:14:10 | 2567,319,550 | ---- | M] () -- C:\CleanSystem.tib

[2009/05/29 22:18:29 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2009/05/29 22:18:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2009/05/29 22:18:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2006/02/28 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2009/05/29 23:16:51 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2010/05/16 07:21:58 | 4194,304,000 | -HS- | M] () -- C:\pagefile.sys

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2010/05/07 12:37:58 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\klogon.dll

[2008/04/13 20:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 
 < %systemroot%\Tasks\*.job /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2009/05/29 15:08:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2009/05/29 15:08:00 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2009/05/29 15:08:00 | 000,933,888 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

 
 < %systemroot%\system32\drivers\*.sys /90 >

[2010/05/07 00:19:02 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\system32\drivers\kl1.sys

[2010/05/07 00:19:06 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\system32\drivers\kl2.sys

[2010/05/11 19:20:15 | 000,477,784 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys

[2010/05/11 07:51:56 | 000,210,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\ndis.sys

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

Extras-File:

Code:

OTL Extras logfile created on: 5/16/2010 7:32:43 AM - Run 1

OTL by OldTimer - Version 3.2.4.1     Folder = C:\Documents and Settings\Guenther\My Documents\My Videos

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free

7.00 Gb Paging File | 7.00 Gb Available in Paging File | 93.00% Paging File free

Paging file location(s): C:\pagefile.sys 4000 4000 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 465.74 Gb Total Space | 199.99 Gb Free Space | 42.94% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: SHUTTLE

Current User Name: Guenther

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [ACDSee Pro 3.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [JpegResamplerDir] -- "C:\Program Files\JPEG Resampler\JpegResampler.exe" "%1" (David Macek)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- File not found

"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- File not found

"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found

"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)

"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (hxxp://www.emule-project.net)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0180F30F-52A8-4414-8E3B-931917211845}" = AquaSoft DiaShow Studio 6

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4

"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger

"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4

"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup

"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{15CA0C1F-3F1E-40D2-9B58-9DD570C8EE11}" = AquaSoft PhotoAlbum

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4

"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB

"{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3

"{1D243F00-1389-4C63-A7E9-B17E967D1901}" = WebEx Record and Playback

"{1F701DBD-1660-4108-B10A-FB435EA63BF0}" = PostgreSQL 8.2

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 15

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery

"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4

"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin

"{42A96544-2842-444E-8A27-A61848DDEC87}" = Adobe Photoshop Lightroom 2.1

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{4A85524E-9681-41D1-976B-8E6954055500}" = Simply Accounting by Sage 2007

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update

"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail

"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4

"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support

"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011 Beta

"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4

"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK

"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer

"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2

"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files

"{768F22DC-2D20-4F52-A9A1-5E231FB7F752}" = Logitech Gaming Software 5.04

"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety

"{76E2A1A0-CE72-48A0-8D8E-767A1B0C2191}" = PhotoFrame 4.5 Free

"{77EDEF61-D63C-4441-9BEC-1874CE56FF6E}" = WeatherProfessional

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager

"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A8004C8-A4CB-4493-A0BD-683A648204A8}" = AquaSoft WebShow 3

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{AFAF626C-D2E6-455C-9A5A-ACDF049A6168}" = ASUS nVidia Driver

"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect

"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4

"{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1" = CheckDrive

"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4

"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials

"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Plus VX

"{E3D16DAD-1AEE-11D6-B82B-004033AA2C09}" = Belkin Bulldog Plus

"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4

"{E5343B27-55DF-40BD-9FCF-A643C1331E8A}" = Acronis*True*Image*Home

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4

"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4

"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All

"8461-7759-5462-8226" = Vuze

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4

"AquaSoft DiaShow Studio 6" = AquaSoft DiaShow Studio 6

"AquaSoft PhotoAlbum" = AquaSoft PhotoAlbum

"AquaSoft WebShow 3" = AquaSoft WebShow 3

"CCleaner" = CCleaner

"easyHDR_PRO_2" = easyHDR PRO 2

"eMule" = eMule

"Extensions for Windows" = Extensions for Windows

"Finger Printer Driver_is1" = FPRD 1.7

"Foxit PDF Editor" = Foxit PDF Editor

"Foxit Reader" = Foxit Reader

"FTDICOMM" = eQ-3 USB Serial Converter Drivers

"ie8" = Windows Internet Explorer 8

"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011 Beta

"JPEG Resampler_is1" = JPEG Resampler Vs 5.0

"kikin plugin (Murb.com Edition)" = kikin plugin (Murb.com Edition) 1.11

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MozBackup" = MozBackup 1.4.10

"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)

"Mp3tag" = Mp3tag v2.44

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NVIDIA Drivers" = NVIDIA Drivers

"PanoramaStudio" = PanoramaStudio 1.6 (deinstallieren)

"PhotoFiltre" = PhotoFiltre

"PhotomatixPro3_is1" = Photomatix Pro version 3.0

"PhotomatixPro3Betax32_is1" = Photomatix Pro version 3.2.2

"PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.8

"PowerISO" = PowerISO

"SpeedCommander 13" = SpeedCommander 13

"SystemRequirementsLab" = System Requirements Lab

"TomTom HOME" = TomTom HOME 2.7.3.1894

"Total Uninstall 5 & Power Dream_is1" = Total Uninstall 5.2.0

"Viveza" = Viveza

"VLC media player" = VLC media player 1.0.5

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"WeatherProfessional" = WeatherProfessional

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows Messenger Remover" = Windows Messenger Remover 1.0

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 5/14/2010 5:49:04 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100

Description = Unable to initialize the filter host process. Terminating.  Details:

        This

 operation returned because the timeout period expired.   (0x800705b4) 

 

Error - 5/14/2010 5:53:10 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100

Description = Unable to initialize the filter host process. Terminating.  Details:

        This

 operation returned because the timeout period expired.   (0x800705b4) 

 

Error - 5/14/2010 5:57:31 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100

Description = Unable to initialize the filter host process. Terminating.  Details:

        This

 operation returned because the timeout period expired.   (0x800705b4) 

 

Error - 5/14/2010 6:01:37 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100

Description = Unable to initialize the filter host process. Terminating.  Details:

        This

 operation returned because the timeout period expired.   (0x800705b4) 

 

Error - 5/14/2010 6:05:49 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100

Description = Unable to initialize the filter host process. Terminating.  Details:

        This

 operation returned because the timeout period expired.   (0x800705b4) 

 

Error - 5/14/2010 6:10:08 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100

Description = Unable to initialize the filter host process. Terminating.  Details:

        This

 operation returned because the timeout period expired.   (0x800705b4) 

 

Error - 5/14/2010 6:44:58 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100

Description = Unable to initialize the filter host process. Terminating.  Details:

        This

 operation returned because the timeout period expired.   (0x800705b4) 

 

Error - 5/14/2010 6:49:11 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100

Description = Unable to initialize the filter host process. Terminating.  Details:

        This

 operation returned because the timeout period expired.   (0x800705b4) 

 

Error - 5/14/2010 6:53:31 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100

Description = Unable to initialize the filter host process. Terminating.  Details:

        This

 operation returned because the timeout period expired.   (0x800705b4) 

 

Error - 5/14/2010 6:57:44 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100

Description = Unable to initialize the filter host process. Terminating.  Details:

        This

 operation returned because the timeout period expired.   (0x800705b4) 

 

[ System Events ]

Error - 4/15/2010 7:38:37 AM | Computer Name = SHUTTLE | Source = MRxSmb | ID = 8003

Description = The master browser has received a server announcement from the computer

 MARMALON-PC  that believes that it is the master browser for the domain on transport

 NetBT_Tcpip_{B9637D46-9AA5-4D.  The master browser is stopping or an election is 

being forced.

 

Error - 4/15/2010 3:28:06 PM | Computer Name = SHUTTLE | Source = Print | ID = 23

Description = Printer Lexmark T630,0 failed to initialize because a suitable Lexmark

 T630 driver could not be found.

 

Error - 4/16/2010 6:37:01 AM | Computer Name = SHUTTLE | Source = Print | ID = 23

Description = Printer Lexmark T630,0 failed to initialize because a suitable Lexmark

 T630 driver could not be found.

 

 

< End of report >

Ich habe die 3 Files als Datei hochgeladen. Sollte einfacher sein.

Gruesse aus Florida

Gunther

Will mich da jemand verarschen. Florida pff, bei uns hat es Gefühlte 3 Grad :p

Achja, bitte die Logs nicht anhängen. Danke

Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop

Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.

**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

http://i94.photobucket.com/albums/l8...eWHKonsole.jpg

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

http://i94.photobucket.com/albums/l8...nstalliert.jpg

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.

Ich war erst im Februar wieder in Wien und da war es mir einfach zu kalt. Nun haben wir 28°C :singsing:

Leider kann ich ComboFix nicht laufen lassen, denn es kommt folgende Fehlermeldung:

C:\Documents and Settings\Guenther\Desktop\Combofix.exe

This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.

Gruesse gunther

Lösche bitte die vorhandene Combofix.exe.

Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.

**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**

http://i266.photobucket.com/albums/i...ownload_FF.gif

http://i94.photobucket.com/albums/l8...x-Download.png

Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
- Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
- Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.

Der ersten Versuch wurde durch einen blue screen abgebrochen!

Code:

ComboFix 10-05-16.01 - Guenther 05/16/2010  17:28:08.2.4 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3326.2691 [GMT -4:00]

Running from: c:\documents and settings\Guenther\Desktop\Combo-Fix.exe

.
 

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\program files\eMule\lang\ar_AE.dll

c:\program files\eMule\lang\ba_BA.dll

c:\program files\eMule\lang\bg_BG.dll

c:\program files\eMule\lang\ca_ES.dll

c:\program files\eMule\lang\cz_CZ.dll

c:\program files\eMule\lang\da_DK.dll

c:\program files\eMule\lang\de_DE.dll

c:\program files\eMule\lang\el_GR.dll

c:\program files\eMule\lang\es_AS.dll

c:\program files\eMule\lang\es_ES_T.dll

c:\program files\eMule\lang\et_EE.dll

c:\program files\eMule\lang\fa_IR.dll

c:\program files\eMule\lang\fi_FI.dll

c:\program files\eMule\lang\fr_BR.dll

c:\program files\eMule\lang\fr_FR.dll

c:\program files\eMule\lang\gl_ES.dll

c:\program files\eMule\lang\he_IL.dll

c:\program files\eMule\lang\hu_HU.dll

c:\program files\eMule\lang\it_IT.dll

c:\program files\eMule\lang\jp_JP.dll

c:\program files\eMule\lang\ko_KR.dll

c:\program files\eMule\lang\lt_LT.dll

c:\program files\eMule\lang\lv_LV.dll

c:\program files\eMule\lang\mt_MT.dll

c:\program files\eMule\lang\nb_NO.dll

c:\program files\eMule\lang\nl_NL.dll

c:\program files\eMule\lang\nn_NO.dll

c:\program files\eMule\lang\pl_PL.dll

c:\program files\eMule\lang\pt_BR.dll

c:\program files\eMule\lang\pt_PT.dll

c:\program files\eMule\lang\ro_RO.dll

c:\program files\eMule\lang\ru_RU.dll

c:\program files\eMule\lang\sl_SI.dll

c:\program files\eMule\lang\sq_AL.dll

c:\program files\eMule\lang\sv_SE.dll

c:\program files\eMule\lang\tr_TR.dll

c:\program files\eMule\lang\ua_UA.dll

c:\program files\eMule\lang\ug_CN.dll

c:\program files\eMule\lang\va_ES.dll

c:\program files\eMule\lang\va_ES_RACV.dll

c:\program files\eMule\lang\vi_VN.dll

c:\program files\eMule\lang\zh_CN.dll

c:\program files\eMule\lang\zh_TW.dll

c:\windows\windows_messenger.exe
 

.

(((((((((((((((((((((((((   Files Created from 2010-04-16 to 2010-05-16  )))))))))))))))))))))))))))))))

.
 

2010-05-16 21:27 . 2010-05-16 21:27        --------        d-----w-        c:\windows\LastGood

2010-05-13 12:13 . 2010-05-13 12:13        --------        d-----w-        c:\documents and settings\Guenther\Application Data\Malwarebytes

2010-05-13 12:13 . 2010-04-29 19:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-13 12:13 . 2010-05-13 12:13        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2010-05-13 12:13 . 2010-05-13 12:13        --------        d-----w-        c:\documents and settings\All Users\Application Data\Malwarebytes

2010-05-13 12:13 . 2010-04-29 19:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2010-05-12 23:47 . 2010-05-12 23:47        --------        d-----w-        C:\found.000

2010-05-11 21:46 . 2010-05-11 21:46        --------        d-----w-        c:\program files\Enigma Software Group

2010-05-11 21:45 . 2010-05-11 23:19        --------        d-----w-        c:\windows\61D3AAE1D5214CD7939B37813DE8F955.TMP

2010-05-11 21:45 . 2010-05-11 21:45        --------        d-----w-        c:\program files\Common Files\Wise Installation Wizard

2010-05-11 18:34 . 2010-05-11 21:35        --------        d-----w-        c:\program files\Spybot - Search & Destroy

2010-05-11 18:20 . 2010-05-11 21:31        --------        d---a-w-        c:\documents and settings\All Users\Application Data\TEMP

2010-05-08 21:41 . 2010-05-13 17:59        --------        d-----w-        c:\program files\easyHDR PRO 2

2010-05-08 21:41 . 2010-05-08 21:41        --------        d-----w-        c:\documents and settings\Guenther\easyHDR PRO 2

2010-05-08 21:14 . 2010-05-08 21:16        --------        d-----w-        c:\documents and settings\Guenther\Application Data\onOne Software

2010-05-08 21:14 . 2010-05-08 21:14        --------        d-----w-        c:\program files\onOne Software

2010-05-08 21:14 . 2010-05-08 21:14        --------        d-----w-        c:\documents and settings\All Users\Application Data\onOne Software

2010-05-05 18:47 . 2010-05-13 18:05        --------        d-----w-        c:\program files\Microsoft Silverlight

2010-05-05 17:21 . 2010-05-05 17:21        --------        d-----w-        C:\$AVG

2010-05-05 02:01 . 2010-05-04 11:26        650240        ----a-w-        c:\documents and settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

2010-05-04 20:32 . 2010-05-11 23:11        --------        d-----w-        c:\documents and settings\All Users\Application Data\avg9

2010-05-04 20:32 . 2010-05-04 20:32        --------        d-----w-        c:\program files\AVG

2010-05-01 21:55 . 2010-05-01 22:03        --------        d-----w-        c:\documents and settings\Guenther\Local Settings\Application Data\ACD Systems

2010-05-01 21:55 . 2010-05-01 21:55        --------        d-----w-        c:\documents and settings\Guenther\Application Data\ACD Systems

2010-05-01 21:52 . 2010-05-01 21:52        --------        d-----w-        c:\documents and settings\All Users\Application Data\ACD Systems

2010-05-01 21:52 . 2010-05-13 17:53        --------        d-----w-        c:\program files\Common Files\ACD Systems

2010-05-01 21:52 . 2010-05-01 21:52        --------        d-----w-        c:\program files\ACD Systems

2010-05-01 21:50 . 2010-05-01 21:50        --------        d-----w-        c:\documents and settings\Guenther\Local Settings\Application Data\Downloaded Installations
 

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-16 19:10 . 2010-03-28 22:52        --------        d-----w-        c:\documents and settings\Guenther\Application Data\vlc

2010-05-16 11:34 . 2009-06-19 01:41        1        ----a-w-        c:\documents and settings\Guenther\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-05-15 11:03 . 2009-06-19 01:48        --------        d-----w-        c:\documents and settings\Guenther\Application Data\Azureus

2010-05-13 18:07 . 2009-05-30 02:29        --------        d-----w-        c:\program files\FPRD

2010-05-13 18:07 . 2009-06-19 02:16        --------        d-----w-        c:\program files\kikin

2010-05-13 18:07 . 2010-03-26 01:00        --------        d-----w-        c:\program files\JRE

2010-05-13 18:07 . 2009-07-23 18:16        --------        d-----w-        c:\program files\JPEG Resampler

2010-05-13 18:06 . 2009-06-19 14:41        --------        d-----w-        c:\program files\JetAudio

2010-05-13 18:05 . 2009-07-03 15:35        --------        d-----w-        c:\program files\Mp3tag

2010-05-13 18:05 . 2009-07-03 14:43        --------        d-----w-        c:\program files\MP3Gain

2010-05-13 18:04 . 2009-06-19 02:19        --------        d-----w-        c:\program files\Windows Messenger Remover

2010-05-13 18:04 . 2009-05-30 03:46        --------        d-----w-        c:\program files\Windows Media Connect 2

2010-05-13 18:03 . 2009-06-02 16:47        --------        d-----w-        c:\program files\Windows Desktop Search

2010-05-13 18:03 . 2009-06-18 21:18        --------        d-----w-        c:\program files\WeatherProfessional

2010-05-13 18:03 . 2009-06-19 01:47        --------        d-----w-        c:\program files\Vuze

2010-05-13 18:02 . 2009-07-25 18:02        --------        d-----w-        c:\program files\Total Uninstall 5

2010-05-13 18:02 . 2009-06-19 02:40        --------        d-----w-        c:\program files\TomTom HOME 2

2010-05-13 18:02 . 2009-05-30 03:07        --------        d-----w-        c:\program files\SystemRequirementsLab

2010-05-13 18:02 . 2009-07-17 17:11        --------        d-----w-        c:\program files\Thoosje Vista Sidebar

2010-05-13 18:01 . 2009-07-21 00:07        --------        d-----w-        c:\program files\PowerISO

2010-05-13 18:01 . 2009-06-30 16:30        --------        d-----w-        c:\program files\PhotomatixPro3

2010-05-13 18:01 . 2009-07-19 17:49        --------        d-----w-        c:\program files\PhotoFiltre

2010-05-13 17:59 . 2009-06-19 02:26        --------        d-----w-        c:\program files\Extensions for Windows

2010-05-13 17:59 . 2009-06-29 23:14        --------        d-----w-        c:\program files\eMule

2010-05-13 17:58 . 2010-03-26 00:39        --------        d-----w-        c:\program files\Common Files\Skype

2010-05-13 17:55 . 2009-06-19 14:41        --------        d-----w-        c:\program files\Common Files\COWON

2010-05-13 17:52 . 2009-07-06 20:38        --------        d-----w-        c:\program files\CheckDrive

2010-05-13 17:52 . 2009-06-19 02:21        --------        d-----w-        c:\program files\CCleaner

2010-05-13 17:52 . 2009-09-04 18:37        --------        d-----w-        c:\program files\Belkin Bulldog Plus

2010-05-09 22:43 . 2009-06-19 02:08        --------        d-----w-        c:\documents and settings\Guenther\Application Data\Skype

2010-05-09 22:43 . 2009-06-19 02:09        --------        d-----w-        c:\documents and settings\Guenther\Application Data\skypePM

2010-05-08 21:14 . 2009-05-30 02:24        --------        d--h--w-        c:\program files\InstallShield Installation Information

2010-04-26 02:08 . 2009-06-19 02:08        --------        d-----r-        c:\program files\Skype

2010-04-17 10:47 . 2009-06-19 00:15        --------        d-----w-        c:\program files\Simply Accounting Basic 2007

2010-04-17 10:38 . 2009-06-19 00:23        --------        d-----w-        c:\documents and settings\Guenther\Application Data\SpeedProject

2010-04-17 10:35 . 2009-06-19 00:22        --------        d-----w-        c:\program files\SpeedProject

2010-04-11 10:26 . 2009-06-19 00:34        181096        ----a-w-        c:\documents and settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\FlashGot.exe

2010-04-07 22:58 . 2010-04-07 22:58        568832        ----a-w-        c:\documents and settings\Guenther\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\19D5.tmp_\sun-pdfimport.oxt\msvcp90.dll

2010-04-07 22:58 . 2010-04-07 22:58        655872        ----a-w-        c:\documents and settings\Guenther\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\19D5.tmp_\sun-pdfimport.oxt\msvcr90.dll

2010-04-07 22:58 . 2010-04-07 22:58        686080        ----a-w-        c:\documents and settings\Guenther\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\19D5.tmp_\sun-pdfimport.oxt\pdfimport.uno.dll

2010-04-07 22:58 . 2010-04-07 22:58        583168        ----a-w-        c:\documents and settings\Guenther\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\19D5.tmp_\sun-pdfimport.oxt\xpdfimport.exe

2010-04-07 22:58 . 2010-04-07 22:58        224768        ----a-w-        c:\documents and settings\Guenther\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\19D5.tmp_\sun-pdfimport.oxt\msvcm90.dll

2010-04-03 20:00 . 2010-04-03 20:00        --------        d-----w-        c:\documents and settings\postgres\Application Data\TuneUp Software

2010-04-03 10:00 . 2010-04-03 10:00        --------        d-----w-        c:\documents and settings\LocalService\Application Data\TuneUp Software

2010-04-03 09:36 . 2010-04-03 09:36        --------        d-sh--w-        c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

2010-04-02 11:58 . 2009-06-19 00:30        --------        d-----w-        c:\program files\TuneUp Utilities 2009

2010-03-31 12:43 . 2010-03-31 12:43        --------        d--h--w-        c:\documents and settings\All Users\Application Data\CanonBJ

2010-03-28 21:17 . 2010-03-28 21:17        --------        d-----w-        c:\documents and settings\All Users\Application Data\ICQ

2010-03-26 10:46 . 2009-06-02 16:48        19072        ----a-w-        c:\documents and settings\Guenther\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-26 01:00 . 2009-06-19 00:13        --------        d-----w-        c:\program files\OpenOffice.org 3

2010-03-10 06:15 . 2006-02-28 12:00        420352        ----a-w-        c:\windows\system32\vbscript.dll

2010-02-25 06:24 . 2006-02-28 12:00        916480        ----a-w-        c:\windows\system32\wininet.dll

2010-02-24 13:11 . 2006-02-28 12:00        455680        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys

2010-02-16 14:08 . 2006-02-28 12:00        2146304        ----a-w-        c:\windows\system32\ntoskrnl.exe

2010-02-16 13:25 . 2004-08-03 22:59        2024448        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2009-07-15 17:27 . 2009-06-18 21:14        13087008        --sha-w-        c:\windows\system32\drivers\fidbox.dat

2009-07-15 17:27 . 2009-06-18 21:14        744736        --sha-w-        c:\windows\system32\drivers\fidbox2.dat

.
 

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4
 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]

2009-06-09 15:40        429280        ----a-w-        c:\program files\kikin\ie_kikin.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-28 13684736]
 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MUPS.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MUPS.lnk

backup=c:\windows\pss\MUPS.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Documents and Settings^Guenther^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]

path=c:\documents and settings\Guenther\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk

backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]

2007-09-14 09:55        140568        ----a-w-        c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]

2007-09-14 10:02        905056        ----a-w-        c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2008-08-14 14:58        611712        ----a-w-        c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-01 02:43        69632        ------r-        c:\windows\Alcmtr.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12        15360        ----a-w-        c:\windows\system32\ctfmon.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

2007-03-21 20:00        174872        ----a-w-        c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2009-03-28 07:03        13684736        ----a-w-        c:\windows\system32\nvcpl.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2009-03-28 07:03        86016        ----a-w-        c:\windows\system32\nvmctray.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2009-03-28 07:03        1657376        ----a-w-        c:\windows\system32\nwiz.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2007-06-10 22:49        16377344        ------r-        c:\windows\RTHDCPL.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]

2009-01-21 21:19        92168        ----a-w-        c:\program files\Logitech\Gaming Software\LWEMon.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-07-25 12:23        149280        ----a-w-        c:\program files\Java\jre6\bin\jusched.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]

2007-09-14 09:52        2595480        ----a-w-        c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
 

R2 pgsql-8.2;PostgreSQL Database Server 8.2;c:\program files\WeatherProfessional\database\bin\pg_ctl.exe [4/20/2007 2:22 PM 79324]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 7:31 AM 92008]

R3 USB_FPRd;FingerPrinterReader;c:\windows\system32\drivers\UT_FPRd.sys [5/29/2009 10:29 PM 16000]

S0 jsoiuong;jsoiuong;c:\windows\system32\drivers\kkkdwju.sys --> c:\windows\system32\drivers\kkkdwju.sys [?]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/7/2009 6:27 PM 717296]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Corporate Edition\kerneld.wnt --> c:\program files\Lavalys\EVEREST Corporate Edition\kerneld.wnt [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/13/2010 8:13 AM 38224]

S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN);c:\windows\system32\drivers\ZD1211U.sys [8/16/2005 5:50 PM 278016]

S4 Extensions Updates Service;Extensions Updates Service;c:\program files\Extensions for Windows\Extensions\Updater\ExtensionsUpdatesService.exe [10/29/2008 10:50 AM 77824]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://my.yahoo.com/

IE: Hinzufügen zu Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm

IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll

FF - ProfilePath - c:\documents and settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://cm.my.yahoo.com/

FF - component: c:\documents and settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 

---- FIREFOX POLICIES ----

 c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - ORPHANS REMOVED - - - -
 

MSConfigStartUp-SpywareTerminator - c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe

MSConfigStartUp-SpywareTerminatorUpdate - c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe

MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
 
 
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2010-05-16 17:33

Windows 5.1.2600 Service Pack 3 NTFS
 

scanning hidden processes ...  
 

scanning hidden autostart entries ... 
 

scanning hidden files ...  
 

scan completed successfully

hidden files: 0
 

**************************************************************************
 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\c:\program files\Lavalys\EVEREST Corporate Edition\kerneld.wnt"

.

--------------------- DLLs Loaded Under Running Processes ---------------------
 

- - - - - - - > 'lsass.exe'(1196)

c:\windows\system32\relog_ap.dll

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
 

- - - - - - - > 'explorer.exe'(2876)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-05-16  17:34:48

ComboFix-quarantined-files.txt  2010-05-16 21:34
 

Pre-Run: 217,234,444,288 bytes free

Post-Run: 217,196,175,360 bytes free
 

- - End Of File - - 61C7ADA87C289A2D334FC8E262C1DDB5

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox.

Code:

/md5start

ndis.sys

/md5stop

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

schritt 2

Windows-Explorer öffnen (Windows-Taste + E) und unter => Extras => Ordneroptionen => im Reiter "Ansicht"

Dateien und Ordner: Erweiterungen bei bekannten Dateitypen ausblenden deaktivieren
Dateien und Ordner: Geschützte Systemdateien ausblenden (empfohlen) deaktivieren
Dateien und Ordner: Inhalte von Systemordnern anzeigen aktivieren (bei Vista nicht vorhanden)
Versteckte Dateien und Ordner: alle Dateien und Ordner anzeigen aktivieren

Lösche keinesfalls eine Datei oder Ordner ohne Anweisung !!!

schritt 3

Bitte lasse die Dateien aus der Code-Box bei Virustotal überprüfen

Code:

c:\windows\system32\drivers\kkkdwju.sys

Also gehe wie hier beschrieben vor:

Öffne diese Webseite: virustotal
Klicke auf "Durchsuchen"
Suche die Datei auf deinem Rechner--> Doppelklick auf die zu prüfende Datei (oder kopiere den Inhalt ab aus der Codebox)
"Senden der Datei"
Warte, bis der Scandurchlauf aller Virenscanner beendet ist
Auf "Filter" klicken
dann auf "Ergebnisse"
das Ergebnis (wie Du es bekommst )
komplett markieren und hier rein kopieren

Sollte die Datei als schädlich erkannt werden bitte noch nicht entfernen

Bitte poste in Deiner nächsten Antwort
OTL.txt
Auswertung von Virustotal
Berichte wie der Rechner läuft

Sorry aber die Datei kkkdwju.sys finde ich nicht!! :confused:

Ich kann den Inhalt aus der codebox auch nicht bei VirusTotal reinkopieren.

was mache ich falsch? :headbang:

Code:

OTL logfile created on: 5/17/2010 5:06:15 PM - Run 2

OTL by OldTimer - Version 3.2.4.1     Folder = C:\Documents and Settings\Guenther\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 80.00% Memory free

7.00 Gb Paging File | 6.00 Gb Available in Paging File | 92.00% Paging File free

Paging file location(s): C:\pagefile.sys 4000 4000 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 465.74 Gb Total Space | 201.70 Gb Free Space | 43.31% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: SHUTTLE

Current User Name: Guenther

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

 
 ========== Processes (SafeList) ==========

 

PRC - [2010/05/17 16:53:57 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guenther\Desktop\OTL.exe

PRC - [2010/05/16 22:15:21 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe

PRC - [2010/05/16 22:15:21 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe

PRC - [2010/05/16 22:15:21 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe

PRC - [2010/05/16 22:15:21 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe

PRC - [2010/05/16 22:15:19 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe

PRC - [2010/05/16 22:15:19 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe

PRC - [2010/05/16 22:15:18 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe

PRC - [2010/02/04 00:00:02 | 002,630,000 | ---- | M] (SWE Sven Ritter) -- C:\Program Files\SpeedProject\SpeedCommander 13\SpeedCommander.exe

PRC - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

PRC - [2009/05/19 14:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/09/14 07:01:56 | 000,492,600 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

PRC - [2007/09/14 05:55:26 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

PRC - [2007/04/20 14:22:22 | 000,079,324 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\WeatherProfessional\database\bin\pg_ctl.exe

PRC - [2007/04/20 14:22:04 | 003,596,659 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\WeatherProfessional\database\bin\postgres.exe

PRC - [2007/03/21 16:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2004/11/08 15:48:56 | 000,237,568 | ---- | M] (Delta) -- C:\Program Files\Belkin Bulldog Plus\upsd.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2010/05/17 16:53:57 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guenther\Desktop\OTL.exe

MOD - [2009/05/25 01:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll

MOD - [2008/04/13 20:11:50 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll

MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2010/05/16 22:15:19 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)

SRV - [2010/05/16 22:15:18 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2010/04/19 10:25:38 | 000,430,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)

SRV - [2009/06/18 20:49:54 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/05/19 14:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2008/10/29 10:50:23 | 000,077,824 | ---- | M] (Extensoft) [Disabled | Stopped] -- C:\Program Files\Extensions for Windows\Extensions\Updater\ExtensionsUpdatesService.exe -- (Extensions Updates Service)

SRV - [2007/09/14 07:01:56 | 000,492,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)

SRV - [2007/09/14 05:55:26 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2007/04/20 14:22:22 | 000,079,324 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\WeatherProfessional\database\bin\pg_ctl.exe -- (pgsql-8.2)

SRV - [2007/03/21 16:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

SRV - [2004/11/08 15:48:56 | 000,237,568 | ---- | M] (Delta) [Auto | Running] -- C:\Program Files\Belkin Bulldog Plus\upsd.exe -- (UPSentry_Smart)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2010/05/16 22:15:40 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2010/05/16 22:15:37 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2010/05/16 22:15:33 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2009/07/07 18:27:50 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009/06/18 18:58:55 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)

DRV - [2009/06/18 18:58:55 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)

DRV - [2009/06/18 18:58:48 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)

DRV - [2009/06/18 18:58:46 | 000,368,736 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)

DRV - [2009/05/09 04:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)

DRV - [2009/03/28 03:03:00 | 006,280,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2009/03/15 06:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)

DRV - [2009/02/06 21:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)

DRV - [2009/01/13 22:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)

DRV - [2009/01/13 22:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)

DRV - [2009/01/13 22:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)

DRV - [2009/01/13 22:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)

DRV - [2008/08/14 10:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)

DRV - [2008/04/13 14:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt)

DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2007/12/03 03:40:56 | 000,047,249 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)

DRV - [2007/07/06 14:16:34 | 000,016,000 | ---- | M] (USBest Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UT_FPRd.sys -- (USB_FPRd)

DRV - [2007/06/19 22:14:40 | 004,432,384 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2007/03/21 15:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)

DRV - [2006/11/02 11:01:00 | 000,250,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)

DRV - [2005/08/16 17:50:50 | 000,278,016 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211U.sys -- (WLAN(WLAN)) XPC 802.11b/g Wireless Kit Driver(WLAN)

DRV - [2004/10/25 16:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.yahoo.com/

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.startup.homepage: "hxxp://cm.my.yahoo.com/"

FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6

FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21

FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2

FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.6.17

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.68.2

FF - prefs.js..extensions.enabledItems: {3354F302-9928-4b07-B947-82F65A8FF70D}:2.0.2009110201

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3

FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3

FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3

FF - prefs.js..extensions.enabledItems: weatherwatcherlive@singerscreations.com:1.0.13

FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.6.14

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812

 

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/05/16 22:15:18 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/05/16 22:15:26 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/13 12:36:00 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/13 12:36:01 | 000,000,000 | ---D | M]

 

[2009/06/18 22:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Extensions

[2009/06/18 22:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Extensions\home2@tomtom.com

[2010/05/17 06:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions

[2010/03/25 19:45:08 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

[2010/05/10 07:01:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}

[2010/04/11 06:25:50 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

[2010/04/27 00:43:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/03/25 19:45:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{3354F302-9928-4b07-B947-82F65A8FF70D}

[2010/04/13 07:06:55 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}

[2010/05/04 14:45:48 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}

[2010/04/12 17:58:39 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

[2010/04/21 03:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\foxmarks@kei.com

[2010/04/13 07:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\personas@christopher.beard

[2010/03/25 19:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\smartbookmarksbar@remy.juteau

[2010/05/04 22:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\support@lastpass.com

[2010/03/25 19:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\weatherwatcherlive@singerscreations.com

[2010/01/11 16:22:54 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\searchplugins\diigo--google.xml

[2010/04/30 17:18:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\searchplugins\icqplugin-1.xml

[2008/07/10 13:07:28 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\searchplugins\icqplugin.xml

[2010/05/17 06:55:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/07/11 00:39:25 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

 

O1 HOSTS File: ([2010/05/16 17:20:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin)

O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243652328765 (WUWebControl Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop WallPaper: C:\Documents and Settings\Guenther\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Guenther\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/05/29 22:18:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 90 Days ==========

 

[2010/05/17 16:53:56 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Guenther\Desktop\OTL.exe

[2010/05/17 06:55:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Local Settings\Application Data\AVG Security Toolbar

[2010/05/16 22:15:40 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2010/05/16 22:15:40 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2010/05/16 22:15:37 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2010/05/16 22:15:33 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2010/05/16 22:15:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg

[2010/05/16 22:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2010/05/16 22:15:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/05/16 21:58:20 | 095,153,416 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Guenther\Desktop\avg_free_stf_eu_90_819a2842.exe

[2010/05/16 17:27:28 | 000,000,000 | ---D | C] -- C:\Combo-Fix

[2010/05/16 17:02:43 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/05/16 16:59:17 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/05/16 16:59:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/05/16 16:59:16 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/05/16 16:59:16 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/05/16 16:58:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/05/16 16:29:57 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/05/15 07:03:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Guenther\Recent

[2010/05/13 08:13:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Application Data\Malwarebytes

[2010/05/13 08:13:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/05/13 08:13:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/05/13 08:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/05/13 08:13:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/05/12 19:47:23 | 000,000,000 | ---D | C] -- C:\found.000

[2010/05/11 17:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2010/05/11 17:45:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\61D3AAE1D5214CD7939B37813DE8F955.TMP

[2010/05/11 17:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2010/05/11 14:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/05/11 14:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/05/08 17:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\easyHDR PRO 2

[2010/05/08 17:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\easyHDR PRO 2

[2010/05/08 17:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Application Data\onOne Software

[2010/05/08 17:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\onOne Software

[2010/05/08 17:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\onOne Software

[2010/05/05 14:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2010/05/05 13:21:38 | 000,000,000 | ---D | C] -- C:\$AVG

[2010/05/04 16:32:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9

[2010/05/04 16:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVG

[2010/05/04 16:31:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\My Documents\AVG

[2010/05/01 17:55:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Local Settings\Application Data\ACD Systems

[2010/05/01 17:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Application Data\ACD Systems

[2010/05/01 17:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ACD Systems

[2010/05/01 17:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ACD Systems

[2010/05/01 17:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\ACD Systems

[2010/05/01 17:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Local Settings\Application Data\Downloaded Installations

[2010/04/11 15:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Navigator Systems

[2010/04/07 07:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\My Documents\Bank

[2010/04/03 06:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software

[2010/04/03 05:36:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

[2010/03/31 08:43:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2010/03/28 18:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Application Data\vlc

[2010/03/28 17:17:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ICQ

[2010/03/25 21:00:23 | 000,000,000 | ---D | C] -- C:\Program Files\JRE

[2010/03/25 20:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 90 Days ==========

 

[2010/05/17 16:53:57 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guenther\Desktop\OTL.exe

[2010/05/17 16:47:25 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/05/17 16:47:00 | 000,194,667 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/05/17 16:47:00 | 000,018,980 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml

[2010/05/17 16:46:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/05/17 16:46:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/05/17 07:19:56 | 003,670,016 | ---- | M] () -- C:\Documents and Settings\Guenther\NTUSER.DAT

[2010/05/17 06:58:21 | 060,075,572 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/05/16 22:15:40 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2010/05/16 22:15:40 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2010/05/16 22:15:40 | 000,001,516 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk

[2010/05/16 22:15:37 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2010/05/16 22:15:33 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm

[2010/05/16 22:15:33 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2010/05/16 22:12:32 | 095,153,416 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Guenther\Desktop\avg_free_stf_eu_90_819a2842.exe

[2010/05/16 17:33:21 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/05/16 17:20:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/05/16 17:02:47 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2010/05/16 16:23:29 | 003,689,722 | R--- | M] () -- C:\Documents and Settings\Guenther\Desktop\Combo-Fix.exe

[2010/05/16 11:07:55 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Guenther\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/16 07:35:26 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Guenther\My Documents\viren.doc

[2010/05/13 08:13:33 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/04 16:05:48 | 000,000,210 | ---- | M] () -- C:\Boot.bak

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2010/04/16 21:25:14 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Guenther\My Documents\Order Form.xls

[2010/04/07 19:06:16 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Guenther\My Documents\OFM.xls

[2010/04/02 07:53:43 | 000,025,262 | ---- | M] () -- C:\Documents and Settings\Guenther\My Documents\cc_20100402_075337.reg

[2010/03/26 06:46:02 | 000,019,072 | ---- | M] () -- C:\Documents and Settings\Guenther\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/03/26 06:14:17 | 000,550,666 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/03/26 06:14:17 | 000,462,390 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/03/26 06:14:17 | 000,078,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/03/26 06:12:14 | 002,004,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010/05/16 22:15:40 | 000,001,516 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk

[2010/05/16 22:15:33 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm

[2010/05/16 22:15:28 | 060,075,572 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/05/16 17:02:47 | 000,000,210 | ---- | C] () -- C:\Boot.bak

[2010/05/16 17:02:44 | 000,260,272 | ---- | C] () -- C:\cmldr

[2010/05/16 16:59:17 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/05/16 16:59:17 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/05/16 16:59:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/05/16 16:59:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/05/16 16:59:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/05/16 16:23:29 | 003,689,722 | R--- | C] () -- C:\Documents and Settings\Guenther\Desktop\Combo-Fix.exe

[2010/05/16 07:35:26 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Guenther\My Documents\viren.doc

[2010/05/13 08:13:33 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/04/16 21:25:06 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Guenther\My Documents\Order Form.xls

[2010/04/07 19:06:15 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Guenther\My Documents\OFM.xls

[2010/04/02 07:53:40 | 000,025,262 | ---- | C] () -- C:\Documents and Settings\Guenther\My Documents\cc_20100402_075337.reg

[2009/07/07 18:27:50 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2009/06/18 20:49:29 | 000,000,614 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/06/18 17:18:05 | 000,000,609 | R--- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini

[2009/05/29 22:30:41 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll

[2009/05/29 22:30:41 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL

[2007/09/27 13:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 13:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 13:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2007/06/28 12:43:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/06/28 12:43:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/06/28 12:43:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/06/28 12:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/06/28 12:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2006/05/20 16:44:46 | 000,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys

[2002/12/13 12:50:00 | 000,021,696 | ---- | C] () -- C:\WINDOWS\System32\lmpcl5d$.ini

 
 ========== LOP Check ==========

 

[2010/05/01 17:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems

[2009/07/07 18:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis

[2010/05/16 22:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2010/05/16 22:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2009/06/18 21:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus

[2010/03/31 08:43:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2009/06/18 22:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Extensions

[2010/03/28 17:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ

[2009/07/25 14:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Martau

[2010/05/08 17:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\onOne Software

[2010/05/11 17:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/06/18 22:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom

[2009/06/30 12:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2009/07/07 13:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{1C806443-3EF6-4749-9244-5B8BB16AC237}

[2009/07/07 18:27:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{44C0A247-3014-411F-95CB-B1729C1B82D5}

[2009/06/18 20:30:01 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

[2009/06/18 17:19:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{6E81C7A8-EA69-4F66-A6DA-F1E4B472DE1C}

[2010/04/03 05:36:05 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

[2009/07/07 13:08:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E43D54EF-B3D5-44DC-8466-C4CC70E63FDD}

[2010/05/01 17:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\ACD Systems

[2009/06/18 18:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Acronis

[2009/07/07 18:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\AquaSoft

[2010/05/15 07:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Azureus

[2009/07/07 18:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Barbecue

[2009/06/19 10:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\COWON

[2009/07/11 00:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Foxit

[2009/09/11 11:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Foxit Software

[2009/07/23 14:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Jpeg Resampler

[2009/07/28 10:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\jpg-Illuminator

[2009/06/19 08:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\kikin

[2009/07/03 11:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mp3tag

[2010/05/08 17:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\onOne Software

[2009/06/18 21:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\OpenOffice.org

[2009/08/26 12:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\PanoramaStudio

[2009/07/07 18:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\PhotoAlbum

[2010/04/17 06:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\SpeedProject

[2009/09/18 20:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\TomTom

[2009/06/18 20:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\TuneUp Software

[2009/07/07 18:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\WebShow

[2009/06/02 12:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Windows Desktop Search

[2009/06/18 17:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Windows Search

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 

 
 < MD5 for: NDIS.SYS  >

[2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys

[2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys

[2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys

[2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

[2006/02/28 08:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

Ist kein Problem, sowas passiert :)

schritt 1

Bereinigung mit Malwarebytes' Anti-Malware (Quick-Scan)

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
Lasse es online updaten (Reiter Updates), sofern sich das Programm bereits auf dem Rechner befand.
Aktiviere "Quick-Scan durchführen" => Scan.
Wenn der Scan beendet ist, klicke auf "Ergebnisse anzeigen".
Bei Funden in C:\System Volume Information den Haken entfernen.
Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren.
Er könnte jedoch trotz Malware noch gebraucht werden.
Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Entferne Auswahl".
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
Berichte, wie der Rechner nun läuft.

Hier findest Du eine ausführliche und bebilderte Anleitung.

schritt 2

Java aktualisieren

Deine Javaversion ist veraltet. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, muss Java aktualisiert werden und alte Versionen müssen vom System entfernt werden, da die alten Versionen ein Sicherheitsrisiko darstellen. Lade JavaRa von prm753 herunter und entpacke es auf den Desktop. JavaRA ist geeignet für Windows 9x, 2k, XP und Vista (mit deaktivierter Benuterkontensteuerung).

Schließe alle Browserfenster.
Doppelklicke die JavaRa.exe, um das Programm zu starten.
Die Sprache auswählen, nimm Englisch und klicke "Select".
Klicke auf Additional Task, mache Haken bei Remove Useless JRE Files und [b]Remove Sun Download Manager[b].
Klicke auf Go und jeweils auf Ok und schließe das Fenster "Additional Tasks" wieder.
Klicke auf Remove Older Versions, um alte Java-Versionen, die auf dem Rechner installiert sind, zu entfernen.
Klicke auf Yes wenn es verlangt wird. Wenn JavaRa fertig, erscheint eine Notiz, dass ein Logfile erstellt wurde, klicke OK.
Das Logfile wird im Editor geöffnet, bitte speichern und später hier posten.
Kontrolliere in Systemsteuerung => Programme, ob noch Java-Versionen vorhanden sind und deinstalliere diese.
Rechner neu starten.

Downloade nun Java (Java Runtime Environment (JRE) 6 Update XX) von Oracle und installiere es. Vor dem Download musst Du die Lizenzbedingungen akzeptieren, indem Du "Accept License Agreement" aktivierst. Erweiterte Optionen anhaken, Sponsoren-Programm (Toolbar oder ähnliches) ggfs. abwählen.

schritt 3

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Unterstützte Betriebssysteme: Microsoft Windows 98/ME/NT 4.0/2000/XP und Windows Vista
Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
Dein Anti-Virus-Programm während des Scans deaktivieren.
Button "ESET Online Scanner" drücken.
Firefox-User müssen ein zusätzliches Addon (esetsmartinstaller_enu.exe) installieren.
Das Firefox-Addon auf dem Desktop speichern und dann installieren.
IE-User müssen das Installieren eines ActiveX Elements erlauben.
Einen Haken bei "Remove found threads" und "Scan archives" machen.
Start drücken.
Signaturen werden heruntergeladen.
Der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
IE-User zusätzlich: mit HJT folgenden Eintrag fixen:
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)

schritt 4

Starte bitte OTL.exe und klicke auf den Quick Scan Button.

Bitte poste in Deiner nächsten Antwort
Log von MBAM
Log von ESET
OTL.txt
Berichte wie der Rechner läuft

Toll das du immer so schnell atwortest!!:daumenhoc

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4112

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/18/2010 1:12:16 PM
mbam-log-2010-05-18 (13-12-16).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 120912
Laufzeit: 3 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

--------------------------------------------------------------------------

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=87bced09f111ce409ac99d71c7b9e4a7
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-18 07:57:57
# local_time=2010-05-18 03:57:57 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 1113323 1113323 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=126610
# found=4
# cleaned=4
# scan_time=7816
C:\Diverse\Download\Foto\Photomatix Pro 3.1 v1.4.8.1 Cracked.rar probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Diverse\Download\Movies\Nie mehr Probleme mit Audio- und Videodateien\FFSetup185.zip a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Diverse\Download\Utlilities\unlocker1.8.7.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ndis.sys.vir Win32/Protector.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

--------------------------------------------------------------------------

Code:

OTL logfile created on: 5/18/2010 4:28:18 PM - Run 3

OTL by OldTimer - Version 3.2.4.1     Folder = C:\Documents and Settings\Guenther\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free

7.00 Gb Paging File | 7.00 Gb Available in Paging File | 95.00% Paging File free

Paging file location(s): C:\pagefile.sys 4000 4000 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 465.74 Gb Total Space | 201.85 Gb Free Space | 43.34% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: SHUTTLE

Current User Name: Guenther

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

 
 ========== Processes (SafeList) ==========

 

PRC - [2010/05/17 16:53:57 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guenther\Desktop\OTL.exe

PRC - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

PRC - [2009/05/19 14:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/09/14 07:01:56 | 000,492,600 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

PRC - [2007/09/14 05:55:26 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

PRC - [2007/04/20 14:22:22 | 000,079,324 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\WeatherProfessional\database\bin\pg_ctl.exe

PRC - [2007/04/20 14:22:04 | 003,596,659 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\WeatherProfessional\database\bin\postgres.exe

PRC - [2007/03/21 16:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2004/11/08 15:48:56 | 000,237,568 | ---- | M] (Delta) -- C:\Program Files\Belkin Bulldog Plus\upsd.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2010/05/17 16:53:57 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guenther\Desktop\OTL.exe

MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)

SRV - [2009/06/18 20:49:54 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/05/19 14:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2008/10/29 10:50:23 | 000,077,824 | ---- | M] (Extensoft) [Disabled | Stopped] -- C:\Program Files\Extensions for Windows\Extensions\Updater\ExtensionsUpdatesService.exe -- (Extensions Updates Service)

SRV - [2007/09/14 07:01:56 | 000,492,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)

SRV - [2007/09/14 05:55:26 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2007/04/20 14:22:22 | 000,079,324 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\WeatherProfessional\database\bin\pg_ctl.exe -- (pgsql-8.2)

SRV - [2007/03/21 16:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

SRV - [2004/11/08 15:48:56 | 000,237,568 | ---- | M] (Delta) [Auto | Running] -- C:\Program Files\Belkin Bulldog Plus\upsd.exe -- (UPSentry_Smart)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2009/07/07 18:27:50 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009/06/18 18:58:55 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)

DRV - [2009/06/18 18:58:55 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)

DRV - [2009/06/18 18:58:48 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)

DRV - [2009/06/18 18:58:46 | 000,368,736 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)

DRV - [2009/05/09 04:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)

DRV - [2009/03/28 03:03:00 | 006,280,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2009/03/15 06:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)

DRV - [2009/02/06 21:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)

DRV - [2009/01/13 22:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)

DRV - [2009/01/13 22:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)

DRV - [2009/01/13 22:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)

DRV - [2009/01/13 22:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)

DRV - [2008/08/14 10:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)

DRV - [2008/04/13 14:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt)

DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2007/12/03 03:40:56 | 000,047,249 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)

DRV - [2007/07/06 14:16:34 | 000,016,000 | ---- | M] (USBest Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UT_FPRd.sys -- (USB_FPRd)

DRV - [2007/06/19 22:14:40 | 004,432,384 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2007/03/21 15:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)

DRV - [2006/11/02 11:01:00 | 000,250,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)

DRV - [2005/08/16 17:50:50 | 000,278,016 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211U.sys -- (WLAN(WLAN)) XPC 802.11b/g Wireless Kit Driver(WLAN)

DRV - [2004/10/25 16:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.yahoo.com/

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.startup.homepage: "hxxp://cm.my.yahoo.com/"

FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6

FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21

FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2

FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.6.17

FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.68.2

FF - prefs.js..extensions.enabledItems: {3354F302-9928-4b07-B947-82F65A8FF70D}:2.0.2009110201

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3

FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3

FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3

FF - prefs.js..extensions.enabledItems: weatherwatcherlive@singerscreations.com:1.0.13

FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.6.14

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/13 12:36:00 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/18 13:44:15 | 000,000,000 | ---D | M]

 

[2009/06/18 22:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Extensions

[2009/06/18 22:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Extensions\home2@tomtom.com

[2010/05/18 13:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions

[2010/03/25 19:45:08 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

[2010/05/10 07:01:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}

[2010/04/11 06:25:50 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

[2010/04/27 00:43:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/03/25 19:45:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{3354F302-9928-4b07-B947-82F65A8FF70D}

[2010/04/13 07:06:55 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}

[2010/05/04 14:45:48 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}

[2010/04/12 17:58:39 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

[2010/04/21 03:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\foxmarks@kei.com

[2010/04/13 07:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\personas@christopher.beard

[2010/03/25 19:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\smartbookmarksbar@remy.juteau

[2010/05/04 22:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\support@lastpass.com

[2010/03/25 19:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\weatherwatcherlive@singerscreations.com

[2010/01/11 16:22:54 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\searchplugins\diigo--google.xml

[2010/04/30 17:18:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\searchplugins\icqplugin-1.xml

[2008/07/10 13:07:28 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\searchplugins\icqplugin.xml

[2010/05/18 13:44:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/05/18 13:44:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/05/18 13:44:06 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2009/07/11 00:39:25 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

 

O1 HOSTS File: ([2010/05/16 17:20:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin)

O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243652328765 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Guenther\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Guenther\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/05/29 22:18:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 90 Days ==========

 

[2010/05/18 13:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010/05/18 13:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2010/05/18 13:40:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[2010/05/17 16:53:56 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Guenther\Desktop\OTL.exe

[2010/05/16 22:15:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/05/16 21:58:20 | 095,153,416 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Guenther\Desktop\avg_free_stf_eu_90_819a2842.exe

[2010/05/16 17:27:28 | 000,000,000 | ---D | C] -- C:\Combo-Fix

[2010/05/16 17:02:43 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/05/16 16:59:17 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/05/16 16:59:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/05/16 16:59:16 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/05/16 16:59:16 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/05/16 16:58:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/05/16 16:29:57 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/05/15 07:03:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Guenther\Recent

[2010/05/13 08:13:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Application Data\Malwarebytes

[2010/05/13 08:13:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/05/13 08:13:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/05/13 08:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/05/13 08:13:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/05/12 19:47:23 | 000,000,000 | ---D | C] -- C:\found.000

[2010/05/11 17:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2010/05/11 17:45:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\61D3AAE1D5214CD7939B37813DE8F955.TMP

[2010/05/11 17:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2010/05/11 14:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/05/11 14:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/05/08 17:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\easyHDR PRO 2

[2010/05/08 17:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\easyHDR PRO 2

[2010/05/08 17:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Application Data\onOne Software

[2010/05/08 17:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\onOne Software

[2010/05/08 17:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\onOne Software

[2010/05/05 14:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2010/05/04 16:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVG

[2010/05/04 16:31:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\My Documents\AVG

[2010/05/01 17:55:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Local Settings\Application Data\ACD Systems

[2010/05/01 17:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Application Data\ACD Systems

[2010/05/01 17:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ACD Systems

[2010/05/01 17:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ACD Systems

[2010/05/01 17:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\ACD Systems

[2010/05/01 17:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Local Settings\Application Data\Downloaded Installations

[2010/04/11 15:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Navigator Systems

[2010/04/07 07:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\My Documents\Bank

[2010/04/03 06:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software

[2010/04/03 05:36:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

[2010/03/31 08:43:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2010/03/28 18:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Application Data\vlc

[2010/03/28 17:17:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ICQ

[2010/03/25 21:00:23 | 000,000,000 | ---D | C] -- C:\Program Files\JRE

[2010/03/25 20:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 90 Days ==========

 

[2010/05/18 13:45:17 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Guenther\Desktop\esetsmartinstaller_enu.exe

[2010/05/18 13:35:00 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/05/18 13:34:46 | 000,194,667 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/05/18 13:34:46 | 000,018,980 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml

[2010/05/18 13:34:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/05/18 13:34:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/05/18 13:33:55 | 003,670,016 | ---- | M] () -- C:\Documents and Settings\Guenther\NTUSER.DAT

[2010/05/18 13:26:55 | 000,071,702 | ---- | M] () -- C:\Documents and Settings\Guenther\Desktop\JavaRaSource.zip

[2010/05/18 13:26:41 | 000,071,798 | ---- | M] () -- C:\Documents and Settings\Guenther\Desktop\JavaRa.zip

[2010/05/17 16:53:57 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guenther\Desktop\OTL.exe

[2010/05/16 22:12:32 | 095,153,416 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Guenther\Desktop\avg_free_stf_eu_90_819a2842.exe

[2010/05/16 17:33:21 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/05/16 17:20:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/05/16 17:02:47 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2010/05/16 16:23:29 | 003,689,722 | R--- | M] () -- C:\Documents and Settings\Guenther\Desktop\Combo-Fix.exe

[2010/05/16 11:07:55 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Guenther\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/16 07:35:26 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Guenther\My Documents\viren.doc

[2010/05/13 08:13:33 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/04 16:05:48 | 000,000,210 | ---- | M] () -- C:\Boot.bak

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2010/04/16 21:25:14 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Guenther\My Documents\Order Form.xls

[2010/04/07 19:06:16 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Guenther\My Documents\OFM.xls

[2010/04/02 07:53:43 | 000,025,262 | ---- | M] () -- C:\Documents and Settings\Guenther\My Documents\cc_20100402_075337.reg

[2010/03/26 06:46:02 | 000,019,072 | ---- | M] () -- C:\Documents and Settings\Guenther\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/03/26 06:14:17 | 000,550,666 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/03/26 06:14:17 | 000,462,390 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/03/26 06:14:17 | 000,078,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/03/26 06:12:14 | 002,004,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010/05/18 13:45:17 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Guenther\Desktop\esetsmartinstaller_enu.exe

[2010/05/18 13:26:54 | 000,071,702 | ---- | C] () -- C:\Documents and Settings\Guenther\Desktop\JavaRaSource.zip

[2010/05/18 13:26:40 | 000,071,798 | ---- | C] () -- C:\Documents and Settings\Guenther\Desktop\JavaRa.zip

[2010/05/16 17:02:47 | 000,000,210 | ---- | C] () -- C:\Boot.bak

[2010/05/16 17:02:44 | 000,260,272 | ---- | C] () -- C:\cmldr

[2010/05/16 16:59:17 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/05/16 16:59:17 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/05/16 16:59:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/05/16 16:59:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/05/16 16:59:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/05/16 16:23:29 | 003,689,722 | R--- | C] () -- C:\Documents and Settings\Guenther\Desktop\Combo-Fix.exe

[2010/05/16 07:35:26 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Guenther\My Documents\viren.doc

[2010/05/13 08:13:33 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/04/16 21:25:06 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Guenther\My Documents\Order Form.xls

[2010/04/07 19:06:15 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Guenther\My Documents\OFM.xls

[2010/04/02 07:53:40 | 000,025,262 | ---- | C] () -- C:\Documents and Settings\Guenther\My Documents\cc_20100402_075337.reg

[2009/07/07 18:27:50 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2009/06/18 20:49:29 | 000,000,614 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/06/18 17:18:05 | 000,000,609 | R--- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini

[2009/05/29 22:30:41 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll

[2009/05/29 22:30:41 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL

[2007/09/27 13:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 13:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 13:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2007/06/28 12:43:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/06/28 12:43:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/06/28 12:43:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/06/28 12:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/06/28 12:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2006/05/20 16:44:46 | 000,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys

[2002/12/13 12:50:00 | 000,021,696 | ---- | C] () -- C:\WINDOWS\System32\lmpcl5d$.ini

 
 ========== LOP Check ==========

 

[2010/05/01 17:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems

[2009/07/07 18:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis

[2009/06/18 21:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus

[2010/03/31 08:43:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2009/06/18 22:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Extensions

[2010/03/28 17:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ

[2009/07/25 14:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Martau

[2010/05/08 17:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\onOne Software

[2010/05/11 17:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/06/18 22:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom

[2009/06/30 12:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2009/07/07 13:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{1C806443-3EF6-4749-9244-5B8BB16AC237}

[2009/07/07 18:27:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{44C0A247-3014-411F-95CB-B1729C1B82D5}

[2009/06/18 20:30:01 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

[2009/06/18 17:19:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{6E81C7A8-EA69-4F66-A6DA-F1E4B472DE1C}

[2010/04/03 05:36:05 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

[2009/07/07 13:08:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E43D54EF-B3D5-44DC-8466-C4CC70E63FDD}

[2010/05/01 17:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\ACD Systems

[2009/06/18 18:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Acronis

[2009/07/07 18:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\AquaSoft

[2010/05/15 07:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Azureus

[2009/07/07 18:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Barbecue

[2009/06/19 10:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\COWON

[2009/07/11 00:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Foxit

[2009/09/11 11:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Foxit Software

[2009/07/23 14:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Jpeg Resampler

[2009/07/28 10:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\jpg-Illuminator

[2009/06/19 08:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\kikin

[2009/07/03 11:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mp3tag

[2010/05/08 17:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\onOne Software

[2009/06/18 21:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\OpenOffice.org

[2009/08/26 12:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\PanoramaStudio

[2009/07/07 18:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\PhotoAlbum

[2010/04/17 06:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\SpeedProject

[2009/09/18 20:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\TomTom

[2009/06/18 20:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\TuneUp Software

[2009/07/07 18:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\WebShow

[2009/06/02 12:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Windows Desktop Search

[2009/06/18 17:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Windows Search

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

-------------------------------------------------------------------------

Soweit laeuft er sehr gut!

Gruss Gunther

Logfile ist sauber :daumenhoc

Hier noch die letzten paar Schritte zur Säuberung Deines Rechners.

Schritt 1

Ich sehe keine laufenden Antiviren Programme (AVP)

Das ist gefährlich. Manchmal bemerkt man Malware durch PopUps oder Google-Umleitungen etc, aber meisten läuft diese unbemerkt im Hintergrund. Ein AVP kann Dir helfen, Malware zu finden. Bitte downloade und Installiere Dir eines der folgenden AVPs.

Schritt 2

Peer to peer oder filesharing software

Deine Logfile(s) zeigen mir das Du sogenannte Peer to Peer oder Filesharing Programme verwendest ( Bei Dir Azureus/Vuze; eMule ). Diese Programme erlauben es Dir, Daten mit anderen Usern auszutauschen. Heutzutage bekommt Cyber Crime einen immer höher werdenden Status und die Ausmaße sind enorm. Leider ist auch p2p oder Filesharing davon nicht ausgenommen. Es dient auch dazu, infizierte Dateien zu verbreiten und ist auch ein Grund warum sich Malware so schnell verbreitet.
Es ist also möglich, dass Du Dir eine Infizierte Datei herunter ladest. Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art Software mit äusserster Vorsicht benutzt werden.

Ein ebenfalls wichtiger Punkt ist, dass das verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt.
Du setzt Dich also selbst dem Risiko einer Anklage durch Orginastionen ( oder dem Author der "Datei" selbst ) die diese Rechte überwachen
Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service. Zum Beispiel zum Downloaden von Linux oder Open Office.
Denoch würde ich Dich ersuchen, diese Art von Software nicht weiterhin zu verwenden.
Bitte gehe zu

Start --> Systemsteuerung --> Software

und deinstalliere (falls vorhanden) Vuze, eMule, kikin plugin (Murb.com Edition) 1.11

Bitte sag bescheid wenn Du eines der gelisteten Software nicht finden kannst.

Schritt 3

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox.

Code:

:OTL

O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin)

O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin)

:services

:files

:reg

:Commands

[purity]

[emptytemp]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Run Fix Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 4

Bitte benenne die Combo-Fix.exe wieder in Combofix.exe

Combofix deinstallieren

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Start => Ausführen (bei Vista (Windows-Taste + R) => dort reinschreiben ComboFix /uninstall => Enter drücken - damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch auch dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.

Schritt 5

Tool CleanUp

Starte bitte die OTL.exe.
Klicke nun auf den CleanUp Button. Dies wird die meisten Tools und Logfiles entfernen.
Sollte denoch etwas bestehen bleiben, bitte manuell entfernen sowie den Papierkorb leeren.

Schritt 6

Automatische Updates

Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten.

Windows + R Taste drücken. Kopiere nun folgenden Text in die Kommandozeile

RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl

und klicke auf OK.
Stelle sicher das die automatischen Updates aktiviert sind.

Schritt 7

Um Dich für die Zukunft vor weiteren Infizierungen zu schützen empfehle ich Dir noch ein paar Programme.

SpywareBlaster
Ein Tutorial zur Verwendung findest Du Hier
MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
Hinweis: MBAM ersetzt keine Anti- Viren- Software.
Temp File Cleaner
TFC ist ein wirklich starkes Tool zum entfernen von Temp Dateien vom IE und WIndows, leert den Papierkorb und noch viel mehr.
Ausserdem hilft es Deinen Computer zu beschleunigen.
Du kannst Dir TFC ( by OldTimer ) hier downloaden.
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
Halte Dein System aktuell
Ich kann gar nicht oft genug betonen, wie wichtig es ist, dass der PC auf dem aktuellsten Stand der Dinge ist.
Es werden oft genug Sicherheitslücken in Windows eigenen Anwendungen gefunden. Diese "Löcher" gehören entfernt, weil Angreifer diese womöglich nutzen um unauthorisiert auf Dein System zu zugreifen.
Jeden zweiten Dienstag im Monat ist Update Tag. Besuche bitte dazu die Microsoft Update Seite.
Halte Deine Software aktuell
Der einfachste Weg dafür ist der Secunia Online Software.

Schritt 8

Tipps für sicheres Surfen

Das sind meine Vorschläge.
Verwende einen alternativen Browser statt den IE.
Ich empfehle Mozilla Firefox.

Für Firefox gibt es verschiedenste AddOns um sicher durch das WWW zu kommen.

NoScript
Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
AdblockPlus
Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
Es spart ausserdem Downloadkapazität.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

es laueft alles prima!!! :Boogie:

Habe auch die noch fehlenden Zusatzprogramme installiert.

Nochmals vielen Dank fuer deine Bemuehungen. Werde gleich noch eine Spende machen.

Gruss gunther