| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: W32.katusha.BN blockt alle Scanner inlkusive Malwarebytes Anti-MalwareWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.09.2011, 05:21
| #1 |
| |  W32.katusha.BN blockt alle Scanner inlkusive Malwarebytes Anti-Malware Hallo, ich habe seit Gestern ein riesen Problem. Nach dem Start einer harmlos aussehnden *.EXE Datei hat sich auf meinem Rechner der oben genannte Virus/Trojaner eingeschlichen. Wärend das passiert ist, bin ich als nichtadmin angemeldet gewesen. jedoch habe ich die Möglichkeit mich als Admin anzumelden oder Programme als admin ausführen zu lassen, falls erforderlich. Seit dem erhalte ich Firewall blockieranfragen und Panda hat mir zwar gesagt das er den Virus entdeckt hat. Hier: C:\Programme\Java\jre6\bin\jqs.exe und in einem weiteren Programm das ich Aber das war dann auch seine letze Handlung. Komplettscann kann ich nicht durchführen und alle anderen Vorgehensweisen wie im Forum beschrieben brechen bei dem Versuch ab den PC zu Scannen. Z.B habe ich mir Malwarebytes Anti-Malware und HijackThis runtergeladen. Nach dem Starten mit hilfe von OHT.scr der alle Prozesse killen sollte, hat er genauso wieder nach ca 2-3% den Scann abgebrochen. Ich kann also keine Protokolle oder sonst etwas erstellen. Der Virus blockiert mir alle Virenscanns die ich ausführen wollte. h Das einzige was ich noch hingebracht habe ist eine Startup-Liste. Da ist mir ein Prozess aufgefallen: "1536554124:1930128036.exe" diesen kann ich aber auch nicht beenden. Code:
ATTFilter StartupList report, 20.09.2011, 15:16:45
StartupList version: 1.52.2
Started from : C:\Dokumente und Einstellungen\b.zuber\Desktop\neues\HiJackThis204(3).EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v8.00 (8.00.6001.18702)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\1536554124:1930128036.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Panda Security\WAC\pavFnSvr.exe
C:\Programme\Panda Security\WAC\psksvc.exe
C:\Programme\Panda Security\WAC\pavsrvx86.exe
C:\Programme\Panda Security\WAC\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programme\Panda Security\WAC\PsCtrlS.exe
C:\Programme\Panda Security\WaAgent\Scheduler\PavSched.exe
C:\Programme\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
C:\Programme\Panda Security\WAC\PSHost.exe
C:\Programme\Panda Security\WAC\PSIMSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programme\Panda Security\WaAgent\WasAgent\WasAgent.exe
C:\Programme\Panda Security\WaAgent\WasWD\WasWD.exe
C:\Programme\Panda Security\WAC\WebProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Dokumente und Einstellungen\b.zuber\Desktop\neues\HiJackThis204(3).exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = c:\windows\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ATICCC = "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
SoundMAXPnP = C:\Programme\Analog Devices\Core\smax4pnp.exe
Adobe Reader Speed Launcher = "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Panda Software Controller Client = "C:\Programme\Panda Security\WAC\PSCtrlC.exe"
QuickTime Task = "C:\Programme\QuickTime\qttask.exe" -atboottime
SunJavaUpdateSched = "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
PDFPrint = C:\Programme\pdf24\pdf24.exe
CanonMyPrinter = C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon
ConnectionCenter = "C:\Programme\Citrix\ICA Client\concentr.exe" /startup
BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
Panda_cleaner = C:\Programme\Panda Security\WAC\pavdr.exe "C:\Programme\Panda Security\WAC\4d1b34a5c899a16f7caef192b5a7a8c9pavdr.act"
*Restore = C:\WINDOWS\system32\restore\rstrui.exe -c
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
=
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
AcroIEHelperStub - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
(no name) - C:\Programme\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
JQSIEStartDetectorImpl - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
--------------------------------------------------
Enumerating Task Scheduler jobs:
AppleSoftwareUpdate.job
User_Feed_Synchronization-{B132F4BA-4C1C-489C-9644-3B73725B5BAA}.job
--------------------------------------------------
Enumerating Download Program Files:
[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1291300736812
[{67DABFBF-D0AB-41FA-9C46-CC0F21721616}]
CODEBASE = hxxp://download.divx.com/player/DivXBrowserPlugin.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash10l.ocx
CODEBASE = https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #4: C:\WINDOWS\system32\wshbth.dll
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll
--------------------------------------------------
End of report, 6.212 bytes
Report generated in 0,078 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Code:
ATTFilter OTL logfile created on: 21.09.2011 06:38:06 - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = C:\Dokumente und Einstellungen\XXXXX\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,50% Memory free 3,85 Gb Paging File | 2,94 Gb Available in Paging File | 76,49% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 74,50 Gb Total Space | 54,64 Gb Free Space | 73,34% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 2,88 Gb Free Space | 1,24% Space Free | Partition Type: NTFS Computer Name: DLRO1 | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\WINDOWS\1536554124:1930128036.exe File not found PRC - C:\Dokumente und Einstellungen\XXXXX\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Panda Security\WAC\PsCtrlS.exe (Panda Security) PRC - C:\Programme\Panda Security\WAC\avengine.exe (Panda Security, S.L.) PRC - C:\Programme\Panda Security\WAC\pavsrvx86.exe (Panda Security, S.L.) PRC - C:\Programme\Panda Security\WAC\psksvc.exe (Panda Software International) PRC - C:\Programme\Panda Security\WaAgent\WasWD\WasWD.exe (Panda Security) PRC - C:\Programme\Panda Security\WaAgent\WasAgent\WasAgent.exe (Panda Security) PRC - C:\Programme\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe (Panda Security) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation) PRC - C:\Programme\Panda Security\WaAgent\Scheduler\PavSched.exe (Panda Security) PRC - C:\Programme\Panda Security\WAC\pavFnSvr.exe (Panda Security, S.L.) PRC - C:\Programme\Winamp\Winamp.exe (Nullsoft, Inc.) PRC - C:\Programme\phonostar-Player\phonostarTimer.exe () PRC - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) PRC - C:\Programme\Citrix\ICA Client\CDViewer.exe (Citrix Systems, Inc.) PRC - C:\Programme\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.) PRC - C:\Programme\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) PRC - C:\Programme\Citrix\ICA Client\wfica32.exe (Citrix Systems, Inc.) PRC - C:\Programme\Panda Security\WAC\PsCtrlC.exe (Panda Security) PRC - C:\Programme\Panda Security\WAC\WEBPROXY.EXE (Panda Security International) PRC - C:\Programme\Panda Security\WAC\PSIMSVC.EXE (Panda Security S.L.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Panda Security\WAC\PSHost.exe (Panda Security International) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Panda Security\WaAgent\Common\libxml2.dll () MOD - C:\Programme\Panda Security\WaAgent\Common\MiniCrypto.dll () MOD - C:\Programme\Panda Security\WaAgent\Common\APIcr.dll () MOD - \\?\globalroot\systemroot\system32\mswsock.dll () MOD - C:\Programme\Panda Security\WAC\libxml2.dll () MOD - C:\Programme\Panda Security\WAC\MiniCrypto.dll () MOD - C:\Programme\Panda Security\WAC\APIcr.dll () ========== Win32 Services (SafeList) ========== SRV - (JavaQuickStarterService) -- File not found SRV - (HidServ) -- File not found SRV - (Panda Software Controller) -- C:\Programme\Panda Security\WAC\PsCtrlS.exe (Panda Security) SRV - (PavSrv) -- C:\Programme\Panda Security\WAC\pavsrvx86.exe (Panda Security, S.L.) SRV - (PskSvc) -- C:\Programme\Panda Security\WAC\psksvc.exe (Panda Software International) SRV - (WASWD) -- C:\Programme\Panda Security\WaAgent\WasWD\WasWD.exe (Panda Security) SRV - (WASAgent) -- C:\Programme\Panda Security\WaAgent\WasAgent\WasAgent.exe (Panda Security) SRV - (PavWASLpMng) -- C:\Programme\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe (Panda Security) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation) SRV - (PavAt3Scheduler) -- C:\Programme\Panda Security\WaAgent\Scheduler\PavSched.exe (Panda Security) SRV - (PavFnSvr) -- C:\Programme\Panda Security\WAC\pavFnSvr.exe (Panda Security, S.L.) SRV - (PSImSvc) -- C:\Programme\Panda Security\WAC\PSIMSVC.EXE (Panda Security S.L.) SRV - (PSHost) -- C:\Programme\Panda Security\WAC\PSHost.exe (Panda Security International) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (AmFSM) -- C:\WINDOWS\system32\drivers\amm8651.sys (Panda Security, S.L.) DRV - (APPFLT) -- C:\WINDOWS\system32\drivers\APPFLT.SYS (Panda Security, S.L.) DRV - (nsfim) -- C:\WINDOWS\system32\drivers\nsfim.sys (Panda Security, S.L.) DRV - (NETIMFLT01060044) -- C:\WINDOWS\system32\drivers\neti1644.sys (Panda Security, S.L.) DRV - (IDSFLT) -- C:\WINDOWS\system32\drivers\idsflt.sys (Panda Security, S.L.) DRV - (ctxusbm) -- C:\WINDOWS\system32\drivers\ctxusbm.sys (Citrix Systems, Inc.) DRV - (NETFLTDI) -- C:\WINDOWS\system32\drivers\NETFLTDI.SYS (Panda Security, S.L.) DRV - (FNETMON) -- C:\WINDOWS\system32\drivers\fnetmon.sys (Panda Security, S.L.) DRV - (DSAFLT) -- C:\WINDOWS\system32\drivers\dsaflt.sys (Panda Security, S.L.) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.130.1.1:8080 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\npPDFXCviewNPPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\npPDFXCviewNPPlugin.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.09.07 07:54:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.07.05 16:46:24 | 000,000,000 | ---D | M] [2011.08.17 06:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.09.07 07:54:58 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.06.30 20:30:14 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll [2011.08.12 06:19:37 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.08.12 06:14:12 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.08.12 06:19:37 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.08.12 06:19:37 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.08.12 06:19:37 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.08.12 06:19:37 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [ConnectionCenter] C:\Programme\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [Panda Software Controller Client] C:\Programme\Panda Security\WAC\PSCtrlC.exe (Panda Security) O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [Spybot-S&D Cleaning] "C:\Programme\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean File not found O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malwa\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Panda Security\WAC\pavlsp.dll (Panda Software International) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Panda Security\WAC\pavlsp.dll (Panda Software International) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Panda Security\WAC\pavlsp.dll (Panda Software International) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Programme\Panda Security\WAC\pavlsp.dll (Panda Software International) O15 - HKCU\..Trusted Domains: fastsupport.com ([www] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: sommer-hof.de ([aqua] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: sommer-hof.de ([ctxint] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: sommer-hof.de ([fuego] https in Vertrauenswürdige Sites) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1291300736812 (WUWebControl Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97C62B42-D1D5-48A8-BCE5-70D03B887E81}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\PROGRAMME\PROCESS-EXPLORER\PROCEXP.EXE () O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.11.30 16:36:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{a1507d62-feb7-11df-a075-001aa0e04921}\Shell - "" = AutoRun O33 - MountPoints2\{a1507d62-feb7-11df-a075-001aa0e04921}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a1507d62-feb7-11df-a075-001aa0e04921}\Shell\AutoRun\command - "" = D:\SETUP.EXE O33 - MountPoints2\{a1507d62-feb7-11df-a075-001aa0e04921}\Shell\configure\command - "" = D:\SETUP.EXE O33 - MountPoints2\{a1507d62-feb7-11df-a075-001aa0e04921}\Shell\install\command - "" = D:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\WINDOWS\System32\ [2011.09.20 16:53:37 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.09.20 16:53:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes [2011.09.20 16:53:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.09.20 16:53:15 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.09.20 16:53:15 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malwa [2011.09.20 15:55:32 | 000,000,000 | ---D | C] -- C:\ProcAlyzer Dumps [2011.09.20 15:26:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy [2011.09.20 15:26:16 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy 2 [2011.09.20 15:20:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IObit [2011.09.20 14:49:03 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Verwaltung [2011.09.20 14:18:55 | 000,000,000 | ---D | C] -- C:\Programme\JOSM [2011.09.20 14:18:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MagicMaps [2011.09.20 14:18:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MagicMaps [2011.09.20 14:18:25 | 000,000,000 | ---D | C] -- C:\Programme\DOSBox-0.74 [2011.09.20 14:18:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DOSBox-0.74 [2011.09.20 14:17:44 | 000,000,000 | ---D | C] -- C:\Programme\EF Duplicate MP3 Finder [2011.09.20 14:17:39 | 000,000,000 | ---D | C] -- C:\Programme\phonostar-Player [2011.09.20 14:17:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\pdf24 [2011.09.20 14:07:10 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.09.20 13:23:16 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2011.09.20 13:17:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.09.20 13:17:44 | 000,000,000 | ---D | C] -- C:\Programme\Anti-Malware [2011.09.15 09:13:09 | 000,000,000 | ---D | C] -- C:\Vimeo [2011.09.14 19:31:32 | 000,000,000 | ---D | C] -- C:\Programme\PowerPro [2011.09.14 19:11:43 | 000,000,000 | ---D | C] -- C:\usbdlm [2011.09.13 14:51:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations [2011.09.13 14:30:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2011.09.09 09:30:01 | 000,000,000 | ---D | C] -- C:\Programme\CDex_150 [2011.09.06 15:12:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2011.09.06 15:10:01 | 000,000,000 | ---D | C] -- C:\GAMES [2011.09.01 08:56:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Web Installer [2011.08.22 15:55:33 | 000,000,000 | ---D | C] -- C:\Programme\Process-Explorer [2011.08.22 09:17:08 | 000,000,000 | ---D | C] -- C:\Programme\Project64 1.6 [2004.11.24 21:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== File not found -- C:\WINDOWS\System32\ [2011.09.21 06:37:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B132F4BA-4C1C-489C-9644-3B73725B5BAA}.job [2011.09.21 06:05:58 | 000,191,256 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck [2011.09.21 06:05:58 | 000,191,256 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT [2011.09.21 05:48:00 | 000,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg.bck [2011.09.21 05:48:00 | 000,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg [2011.09.21 05:47:59 | 000,000,060 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt.bck [2011.09.21 05:47:59 | 000,000,060 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt [2011.09.21 05:47:46 | 000,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg.bck [2011.09.21 05:47:46 | 000,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg [2011.09.21 05:47:46 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg.bck [2011.09.21 05:47:46 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg [2011.09.21 05:47:45 | 000,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck [2011.09.21 05:47:45 | 000,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG [2011.09.21 05:47:45 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg.bck [2011.09.21 05:47:45 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg [2011.09.21 05:47:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.09.21 05:47:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\1536554124 [2011.09.21 05:46:48 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt [2011.09.20 16:53:44 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.09.20 16:53:18 | 000,000,742 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.09.20 16:35:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.09.20 15:55:29 | 000,000,245 | -HS- | M] () -- C:\boot.ini [2011.09.20 15:52:49 | 000,002,605 | ---- | M] () -- C:\WINDOWS\wininit.ini [2011.09.20 13:59:38 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt.bck [2011.09.20 10:15:26 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735} [2011.09.15 10:45:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011.09.14 16:39:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011.09.09 11:11:59 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll [2011.09.08 05:33:23 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.09.20 16:53:18 | 000,000,742 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.09.20 10:15:26 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735} [2011.09.20 10:13:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\1536554124 [2011.08.11 11:12:55 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\PDF2TXT.DAT [2011.07.11 09:08:19 | 000,000,020 | ---- | C] () -- C:\WINDOWS\vidplaylist.ini [2011.06.29 14:01:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011.05.05 10:44:17 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\hvscd.dat [2011.04.29 08:13:04 | 000,098,344 | ---- | C] () -- C:\WINDOWS\unTMV.exe [2011.03.01 17:36:41 | 002,748,624 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2011.01.28 13:24:30 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011.01.25 16:08:59 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2010.12.13 13:37:55 | 000,002,605 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010.12.02 17:02:16 | 000,191,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck [2010.12.02 17:02:16 | 000,191,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT [2010.12.02 16:40:00 | 000,000,133 | ---- | C] () -- C:\WINDOWS\AdminIE.ini [2010.12.02 16:05:05 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2010.12.02 16:04:34 | 000,129,112 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2010.11.30 16:38:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010.11.30 16:33:59 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010.11.30 16:30:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010.11.30 16:29:44 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008.12.19 17:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2008.12.17 19:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2008.12.17 19:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2008.12.17 19:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008.12.17 19:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2008.12.17 18:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2008.04.14 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2008.04.14 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2008.04.14 14:00:00 | 000,452,408 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2008.04.14 14:00:00 | 000,435,688 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2008.04.14 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2008.04.14 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2008.04.14 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2008.04.14 14:00:00 | 000,081,542 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2008.04.14 14:00:00 | 000,068,584 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2008.04.14 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2008.04.14 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2008.04.14 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2008.04.14 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2008.04.14 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2008.04.14 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2008.04.14 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2006.11.02 18:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe [2004.10.03 19:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2002.09.18 00:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe ========== LOP Check ========== [2010.12.03 11:06:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ICAClient [2011.05.16 15:43:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bentley [2010.12.13 08:40:00 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2011.01.25 15:30:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Citrix [2011.09.20 15:20:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IObit [2011.07.21 12:54:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KETTLER [2011.09.20 14:18:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MagicMaps [2010.12.14 11:08:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSScanAppDataDir [2010.12.02 17:02:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sentinel [2010.12.14 11:09:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanAppDataDir [2011.09.13 14:33:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2011.09.01 08:56:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Web Installer [2011.09.21 06:37:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B132F4BA-4C1C-489C-9644-3B73725B5BAA}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 816 bytes -> C:\WINDOWS\1536554124:1930128036.exe @Alternate Data Stream - 137 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E8BE05FA < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.09.2011 06:26:59 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Dokumente und Einstellungen\XXXXX\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 59,93% Memory free
3,85 Gb Paging File | 2,97 Gb Available in Paging File | 77,13% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,50 Gb Total Space | 54,65 Gb Free Space | 73,35% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 2,88 Gb Free Space | 1,24% Space Free | Partition Type: NTFS
Computer Name: DLRO1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Panda Security\WaAgent\WasAgent\WasAgent.exe" = C:\Programme\Panda Security\WaAgent\WasAgent\WasAgent.exe -- (Panda Security)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Winamp\winamp.exe" = C:\Programme\Winamp\winamp.exe:*:Disabled:Winamp -- (Nullsoft, Inc.)
"C:\Programme\Winamp\winamp---.exe" = C:\Programme\Winamp\winamp---.exe:*:Disabled:Winamp
"C:\Programme\Winamp\winamp_gdi_original.exe" = C:\Programme\Winamp\winamp_gdi_original.exe:*:Disabled:Winamp -- (Nullsoft, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\XXXXX\Desktop\Apps\sTools_122\WinOnJET.exe" = C:\Dokumente und Einstellungen\XXXXX\Desktop\Apps\sTools_122\WinOnJET.exe:*:Disabled:WinOnJET Client
"C:\Programme\Winamp\winamp_normal.exe" = C:\Programme\Winamp\winamp_normal.exe:*:Disabled:Winamp -- (Nullsoft, Inc.)
"C:\Programme\Panda Security\WaAgent\WasAgent\WasAgent.exe" = C:\Programme\Panda Security\WaAgent\WasAgent\WasAgent.exe -- (Panda Security)
"C:\Dokumente und Einstellungen\XXXXX\Desktop\neues\dolphin-3.0-win32\Dolphin.exe" = C:\Dokumente und Einstellungen\XXXXX\Desktop\neues\dolphin-3.0-win32\Dolphin.exe:*:Disabled:Dolphin
"C:\GAMES\Privateer\bin\soundserver.exe" = C:\GAMES\Privateer\bin\soundserver.exe:*:Disabled:soundserver -- ()
"D:\Audials\Audials_8_0_54900_0_portable\Audials.exe" = D:\Audials\Audials_8_0_54900_0_portable\Audials.exe:*:Disabled:Audials -- ()
"C:\Programme\pdf24\pdf24-Updater.exe" = C:\Programme\pdf24\pdf24-Updater.exe:*:Disabled:PDF24 Creator -- (Geek Software GmbH)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Programme\IObit\IObit Security 360\is360tray.exe" = C:\Programme\IObit\IObit Security 360\is360tray.exe:*:Enabled:IObit Security 360
"C:\Programme\Spybot - Search & Destroy 2\SDTray.exe" = C:\Programme\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service
"C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
"C:\Programme\Panda Security\WAC\AVCIMAN.EXE" = C:\Programme\Panda Security\WAC\AVCIMAN.EXE:*:Disabled:Panda Interface Manager Application [Local and Mail Alerts] -- (Panda Security S.L.)
"C:\Dokumente und Einstellungen\XXXXX\Desktop\neues\stinger10.2.0.284.exe" = C:\Dokumente und Einstellungen\XXXXX\Desktop\neues\stinger10.2.0.284.exe:*:Disabled:stinger10.2.0.284 -- (McAfee Inc.)
"C:\Programme\Panda Security\WAC\WEBPROXY.EXE" = C:\Programme\Panda Security\WAC\WEBPROXY.EXE:*:Disabled:Internet resident proxy -- (Panda Security International)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Programme\Citrix\ICA Client\wfica32.exe" = C:\Programme\Citrix\ICA Client\wfica32.exe:*:Disabled:Citrix -- (Citrix Systems, Inc.)
"C:\Programme\Malwarebytes' Anti-Malware\mbam.com" = C:\Programme\Malwarebytes' Anti-Malware\mbam.com:*:Disabled:Malwarebytes' Anti-Malware -- ()
"C:\WINDOWS\system32\WgaTray.exe" = C:\WINDOWS\system32\WgaTray.exe:*:Disabled:Windows Genuine Advantage-Benachrichtigungen -- (Microsoft Corporation)
"C:\WINDOWS\system32\msfeedssync.exe" = C:\WINDOWS\system32\msfeedssync.exe:*:Enabled:Microsoft Feeds Synchronization -- (Microsoft Corporation)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Gemeinsame Dateien\Java\Java Update\jaucheck.exe" = C:\Programme\Gemeinsame Dateien\Java\Java Update\jaucheck.exe:*:Enabled:Java(TM) Update Client Checker -- (Sun Microsystems, Inc.)
"C:\Dokumente und Einstellungen\XXXXX\Desktop\neues\OTH.scr" = C:\Dokumente und Einstellungen\XXXXX\Desktop\neues\OTH.scr:*:Enabled:OTH -- (OldTimer Tools)
"C:\Programme\Malwarebytes' Anti-Malwa\mbam.exe" = C:\Programme\Malwarebytes' Anti-Malwa\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- ()
"C:\Dokumente und Einstellungen\XXXXX\Lokale Einstellungen\Temporary Internet Files\Content.IE5\N9ZIQRLG\tdsskiller[1].exe" = C:\Dokumente und Einstellungen\XXXXX\Lokale Einstellungen\Temporary Internet Files\Content.IE5\N9ZIQRLG\tdsskiller[1].exe:*:Disabled:TDSS rootkit removing tool -- (Kaspersky Lab ZAO)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0435DCA4-2633-4290-BB5C-58A52F2B77A3}" = MagicMaps Tour Explorer 25 Deutschland 5 Demo
"{14EC807A-F88E-4FCF-8013-CB909F930E88}_is1" = PDF-Tools 4
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix Online Plug-in (Web)
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2CA41BA1-9842-4819-8ABB-76FDC14AB9EA}" = ATI Catalyst Control Center
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix Online Plug-in (USB)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65163326-FA1A-4385-8668-83AFEEAE96AF}" = FreeUndelete 2.0.35248.1
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix Online Plug-in (DV)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.8.8
"{87D6CF41-5817-4725-8AB2-90E6B20EDE02}" = Bentley View V8i (SELECTseries 1) 08.11.07.171
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{A117C809-A34F-4D18-BFD1-917B20FC9F31}" = Panda Endpoint Protection
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications (R) Core - English
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CA9A3609-3ECC-4574-8824-A8161A71A603}" = Canon MP150
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE48AA2A-508F-45FD-BEEF-CD14447228AB}" = Panda Endpoint Agent
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix Online Plug-in (HDX)
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications (R) Core
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AndrewLabs ATSurround for Winamp" = AndrewLabs ATSurround for Winamp
"ATI Display Driver" = ATI Display Driver
"CanonMyPrinter" = Canon My Printer
"CDex" = CDex extraction audio
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"EF Duplicate MP3 Finder" = EF Duplicate MP3 Finder
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiniLyrics" = Minilyrics(remove only)
"MiniTube" = MiniTube v1.0
"Ml_Icons" = Ml_Icons 0.3
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"Mp3tag" = Mp3tag v2.44
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"OSM" = JOSM 4279
"PCOP Agent" = Panda Endpoint Agent
"PCOP Endpoint" = Panda Endpoint Protection
"PROPLUS" = Microsoft Office Professional Plus 2007
"Tunatic" = Tunatic
"VegaStrike-Privateer" = VegaStrike Privateer
"vis_milk.dllWinamp" = MilkDrop for Winamp 2x (remove only)
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
"Winamp Offizielle Deutsche Sprachdatei Plus" = Winamp Offizielle Deutsche Sprachdatei Plus v5.60.1
"Winamp5MLImpex" = Winamp 5 Media Liabrary Import/Export (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinPowerPro" = PowerPro 4.9 (remove only)
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 23.08.2011 02:59:34 | Computer Name = DLRO1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung dolphin.exe, Version 0.0.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x0234001f.
Error - 23.08.2011 03:00:59 | Computer Name = DLRO1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung dolphin.exe, Version 0.0.0.0, fehlgeschlagenes
Modul atioglxx.dll, Version 6.14.10.5885, Fehleradresse 0x00165c83.
Error - 23.08.2011 03:02:36 | Computer Name = DLRO1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung dolphin.exe, Version 0.0.0.0, fehlgeschlagenes
Modul atioglxx.dll, Version 6.14.10.5885, Fehleradresse 0x00165c83.
Error - 23.08.2011 03:05:23 | Computer Name = DLRO1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung dolphin.exe, Version 0.0.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x10076310.
Error - 23.08.2011 03:05:24 | Computer Name = DLRO1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung dolphin.exe, Version 0.0.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x10076310.
Error - 23.08.2011 03:20:12 | Computer Name = DLRO1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung dolphin.exe, Version 0.0.0.0, fehlgeschlagenes
Modul dolphin.exe, Version 0.0.0.0, Fehleradresse 0x002ecabd.
Error - 23.08.2011 03:20:13 | Computer Name = DLRO1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung dolphin.exe, Version 0.0.0.0, fehlgeschlagenes
Modul dolphin.exe, Version 0.0.0.0, Fehleradresse 0x000f1c6c.
Error - 23.08.2011 10:33:14 | Computer Name = DLRO1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung winamp.exe, Version 5.6.2.3161, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x00019af2.
Error - 28.08.2011 23:44:01 | Computer Name = DLRO1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung dolphin.exe, Version 0.0.0.0, fehlgeschlagenes
Modul d3dx9_40.dll, Version 9.24.950.2656, Fehleradresse 0x001762e7.
Error - 28.08.2011 23:45:26 | Computer Name = DLRO1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung dolphin.exe, Version 0.0.0.0, fehlgeschlagenes
Modul d3dx9_40.dll, Version 9.24.950.2656, Fehleradresse 0x001762e7.
[ OSession Events ]
Error - 25.02.2011 07:33:44 | Computer Name = DLRO1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.
Error - 25.02.2011 07:34:22 | Computer Name = DLRO1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 33
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10.05.2011 03:07:28 | Computer Name = DLRO1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10.05.2011 03:07:42 | Computer Name = DLRO1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10.05.2011 03:07:51 | Computer Name = DLRO1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10.05.2011 03:12:31 | Computer Name = DLRO1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 01.07.2011 03:42:49 | Computer Name = DLRO1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10326
seconds with 1200 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 20.09.2011 23:49:55 | Computer Name = DLRO1 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 20.09.2011 23:50:36 | Computer Name = DLRO1 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 20.09.2011 23:51:07 | Computer Name = DLRO1 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 20.09.2011 23:59:31 | Computer Name = DLRO1 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 21.09.2011 00:00:25 | Computer Name = DLRO1 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 21.09.2011 00:01:08 | Computer Name = DLRO1 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 21.09.2011 00:06:30 | Computer Name = DLRO1 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 21.09.2011 00:08:17 | Computer Name = DLRO1 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 21.09.2011 00:20:50 | Computer Name = DLRO1 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 21.09.2011 00:23:13 | Computer Name = DLRO1 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
< End of report >
Gruß triplesam Ich möchte jedoch nicht den ganzen PC ("PC1") platt machen! ich habe einen zweiten voll funktionstüchtigen PC hier "PC2" und eine externe Festplatte, die ich sonst immer von PC1 diesem zu PC2 anschließe. Traue mich nicht diese an den anderen anzuschließen, da ich befürchte der Virus ist auch schon auf der Festplatte drauf. Ich habe keine sonstigen Verbindung zwischen den beiden PC´s. Weiß auch nicht wie ich das anstelle, dass da keine Vieren durchschlüpfen können. Auf PC2 habe ich Anitvir drauf. Vieleicht kann ich irgendwie mit PC2 einen Scann auf PC1 durchführen und den Vierus entfernen. Aber natürlich habe ich keine Ahnung wie. Gruß und danke für eure Mühen!!!! Jetzt habe ich es geschaft im abgesicherten Modus die Trojaner zu entfernen. Nachdem ich neu gestartet habe, bestanden die probleme aber weiterhin und er hat wieder einen W32.Katusha.BN gefunden...  hilfeeee. |
|
21.09.2011, 10:14
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | W32.katusha.BN blockt alle Scanner inlkusive Malwarebytes Anti-MalwareZitat:
__________________ |
|
21.09.2011, 10:33
| #3 |
| | W32.katusha.BN blockt alle Scanner inlkusive Malwarebytes Anti-Malware Es war eine Ersatz-Startdatei für ein Programm das Doppelte Dateien auf dem PC sucht und entfernt "Moleskinsoft Clone Remover 3.8". Programm sowie Ersatz-Startdatei sind vom Pc restlos von mir gelöscht worden. Leider ist die *.Exe davor aber schon ausgeführt worden, die den Virus vermutlich "installiert" hat.
__________________Ich habe im Abgesicherten Modus die Zahlendatei wie oben beschrieben entfernen können, jedoch blockiert der Virus weiterhin meinen Panda und vierenscanner. Nach wiederhohlten Scann im abgesicherten Modus mit Malwarebytes Anti-Malware hat er aber nichtsmehr gefunden. Geändert von triplesam (21.09.2011 um 11:07 Uhr) |
|
21.09.2011, 10:46
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | W32.katusha.BN blockt alle Scanner inlkusive Malwarebytes Anti-MalwareZitat:
 Wie kann man "Crack" erst weglassen und dann anfangs behaupten "harmlos aussehend"? Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.09.2011, 11:02
| #5 |
| | W32.katusha.BN blockt alle Scanner inlkusive Malwarebytes Anti-Malware Alles klar... Gibt es überhaupt eine Möglich da was zu retten? Vielen dank trotzdem, auch wenn ich gehofft habe weiter zu kommen! |
|
21.09.2011, 11:18
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | W32.katusha.BN blockt alle Scanner inlkusive Malwarebytes Anti-MalwareZitat:
__________________ --> W32.katusha.BN blockt alle Scanner inlkusive Malwarebytes Anti-Malware |
|
| Themen zu W32.katusha.BN blockt alle Scanner inlkusive Malwarebytes Anti-Malware |
| 0x00000001, 32-bit, 7-zip, alternate, application/pdf, application/pdf:, blockiert, browser, desktop, dll, einstellungen, explorer, firewall, fontcache, frage, helper, hijack, internet, internet explorer, microsoft office word, ntdll.dll, plug-in, prozesse, registry, registry key, registry value, scan, security, software, starten, system, tracker, version=1.0, virus/trojaner, windows, windows internet, windows xp |
Linear-Darstellung
