Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 15.05.2010, 20:59   #1
windrose
 
Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu - Standard

Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu



Hallo zusammen,

durch Dummheit habe ich mir Viren & Trojaner eingefangen.

Wenn ich mit Kasperksy reinige findet er folgende Sachen:

Virus.Win32.Protector.f
Trojan-Dropper.Win32.delf.eu


kann sie aber beide nicht loeschen.

Wenn ich Malwarebytes laufen lassen, findet er ebenfalls 2 Trojaner:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4103

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/15/2010 2:56:39 PM
mbam-log-2010-05-15 (14-56-39).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 121172
Laufzeit: 7 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\ipsecndis.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Drivers\ntndis.sys (Rootkit.Agent) -> Delete on reboot.



in beiden Fallen kann er sie nach einem Neustart nich loeschen.

Thanks

Alt 16.05.2010, 10:42   #2
Larusso
/// Selecta Jahrusso
 
Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu - Standard

Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu





Bitte die Logfiles nicht einfärben, macht sie schwerer zu lesen.

schritt 1

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread


schritt 2
  • alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
  • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
  • nichts am Rechner getan werden,
  • nach jedem Scan der Rechner neu gestartet werden.
Gmer scannen lassen
  • Lade Dir Gmer von dieser Seite herunter
    (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Gmer ist geeignet für => NT/W2K/XP/VISTA.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
  • Vista-User mit Rechtsklick und als Administrator starten.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf "Save" und speichere das Log als Gmer.txt auf dem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Bitte poste in Deiner nächsten Antwort
OTL.txt
Extra.txt
Gmer.txt
__________________

__________________

Alt 16.05.2010, 17:06   #3
windrose
 
Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu - Standard

Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu



Danke fuer die schnelle Antwort.

OTL-File:

Code:
ATTFilter
OTL logfile created on: 5/16/2010 7:32:43 AM - Run 1
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Documents and Settings\Guenther\My Documents\My Videos
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.74 Gb Total Space | 199.99 Gb Free Space | 42.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SHUTTLE
Current User Name: Guenther
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010/05/16 07:27:19 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guenther\My Documents\My Videos\OTL.exe
PRC - [2010/05/07 12:39:36 | 000,344,736 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/05/19 14:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/14 07:01:56 | 000,492,600 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007/09/14 05:55:26 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/04/20 14:22:22 | 000,079,324 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\WeatherProfessional\database\bin\pg_ctl.exe
PRC - [2007/04/20 14:22:04 | 003,596,659 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\WeatherProfessional\database\bin\postgres.exe
PRC - [2007/03/21 16:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2004/11/08 15:48:56 | 000,237,568 | ---- | M] (Delta) -- C:\Program Files\Belkin Bulldog Plus\upsd.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/05/16 07:27:19 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guenther\My Documents\My Videos\OTL.exe
MOD - [2009/05/25 01:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010/05/07 12:39:36 | 000,344,736 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/06/18 20:49:54 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/19 14:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/10/29 10:50:23 | 000,077,824 | ---- | M] (Extensoft) [Disabled | Stopped] -- C:\Program Files\Extensions for Windows\Extensions\Updater\ExtensionsUpdatesService.exe -- (Extensions Updates Service)
SRV - [2007/09/14 07:01:56 | 000,492,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007/09/14 05:55:26 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/04/20 14:22:22 | 000,079,324 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\WeatherProfessional\database\bin\pg_ctl.exe -- (pgsql-8.2)
SRV - [2007/03/21 16:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2004/11/08 15:48:56 | 000,237,568 | ---- | M] (Delta) [Auto | Running] -- C:\Program Files\Belkin Bulldog Plus\upsd.exe -- (UPSentry_Smart)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010/05/11 19:20:15 | 000,477,784 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/05/11 07:51:56 | 000,210,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2010/05/07 00:19:06 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/05/07 00:19:02 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 14:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/07/07 18:27:50 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/06/18 18:58:55 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/06/18 18:58:55 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/06/18 18:58:48 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/06/18 18:58:46 | 000,368,736 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2009/05/09 04:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/03/28 03:03:00 | 006,280,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/03/15 06:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/02/06 21:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/01/13 22:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/01/13 22:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/01/13 22:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/01/13 22:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2008/08/14 10:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2008/04/13 14:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/03 03:40:56 | 000,047,249 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2007/07/06 14:16:34 | 000,016,000 | ---- | M] (USBest Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UT_FPRd.sys -- (USB_FPRd)
DRV - [2007/06/19 22:14:40 | 004,432,384 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/21 15:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2006/11/02 11:01:00 | 000,250,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/08/16 17:50:50 | 000,278,016 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211U.sys -- (WLAN(WLAN)) XPC 802.11b/g Wireless Kit Driver(WLAN)
DRV - [2004/10/25 16:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.yahoo.com/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://cm.my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.6.17
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.68.2
FF - prefs.js..extensions.enabledItems: {3354F302-9928-4b07-B947-82F65A8FF70D}:2.0.2009110201
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3
FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3
FF - prefs.js..extensions.enabledItems: weatherwatcherlive@singerscreations.com:1.0.13
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.6.14
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.0.232
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/13 12:36:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/13 12:36:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010/05/11 19:21:20 | 000,000,000 | ---D | M]
 
[2009/06/18 22:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Extensions
[2009/06/18 22:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/05/11 21:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions
[2010/03/25 19:45:08 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/05/10 07:01:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/04/11 06:25:50 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/04/27 00:43:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/25 19:45:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{3354F302-9928-4b07-B947-82F65A8FF70D}
[2010/04/13 07:06:55 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/05/04 14:45:48 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2010/04/12 17:58:39 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/04/21 03:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\foxmarks@kei.com
[2010/04/13 07:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\personas@christopher.beard
[2010/03/25 19:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\smartbookmarksbar@remy.juteau
[2010/05/04 22:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\support@lastpass.com
[2010/03/25 19:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\weatherwatcherlive@singerscreations.com
[2010/01/11 16:22:54 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\searchplugins\diigo--google.xml
[2010/04/30 17:18:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\searchplugins\icqplugin-1.xml
[2008/07/10 13:07:28 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\searchplugins\icqplugin.xml
[2010/05/11 21:13:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/11 21:12:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2010/05/11 21:12:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2009/07/11 00:39:25 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
 
O1 HOSTS File: ([2010/05/11 19:13:11 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\RunServices: [4.tmp] c:\docume~1\guenther\locals~1\temp\4.tmp File not found
O4 - HKLM..\RunServices: [EnhancementSearchHelper] c:\program files\microsoft\search enhancement pack\search helper\extentionsearchhelper1.2.118.0.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243652328765 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Documents and Settings\Guenther\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Guenther\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/29 22:18:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010/05/15 07:03:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Guenther\Recent
[2010/05/13 08:13:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Application Data\Malwarebytes
[2010/05/13 08:13:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/13 08:13:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/13 08:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/13 08:13:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/12 19:47:23 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/05/11 19:20:32 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010/05/11 19:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2010/05/11 19:20:15 | 000,477,784 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/05/11 19:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/05/11 17:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/05/11 17:45:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\61D3AAE1D5214CD7939B37813DE8F955.TMP
[2010/05/11 17:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/05/11 14:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/05/11 14:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/08 17:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\easyHDR PRO 2
[2010/05/08 17:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\easyHDR PRO 2
[2010/05/08 17:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Application Data\onOne Software
[2010/05/08 17:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\onOne Software
[2010/05/08 17:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\onOne Software
[2010/05/07 12:37:58 | 000,228,024 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\klogon.dll
[2010/05/07 00:19:06 | 000,132,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kl2.sys
[2010/05/07 00:19:02 | 000,132,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kl1.sys
[2010/05/05 14:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/05/05 13:21:38 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/05/04 16:32:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/04 16:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/05/04 16:31:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\My Documents\AVG
[2010/05/01 17:55:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Local Settings\Application Data\ACD Systems
[2010/05/01 17:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Application Data\ACD Systems
[2010/05/01 17:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/05/01 17:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ACD Systems
[2010/05/01 17:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\ACD Systems
[2010/05/01 17:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Local Settings\Application Data\Downloaded Installations
[2010/04/11 15:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Navigator Systems
[2010/04/07 07:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\My Documents\Bank
[2010/04/03 06:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2010/04/03 05:36:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/03/31 08:43:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/03/28 18:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Application Data\vlc
[2010/03/28 17:17:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2010/03/25 21:00:23 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/03/25 20:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2010/05/16 07:24:21 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/16 07:22:05 | 000,194,667 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/16 07:22:05 | 000,018,980 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2010/05/16 07:22:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/16 07:22:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/15 22:19:46 | 003,670,016 | ---- | M] () -- C:\Documents and Settings\Guenther\NTUSER.DAT
[2010/05/13 08:13:33 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/11 19:22:05 | 000,113,933 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/05/11 19:22:05 | 000,097,549 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/05/11 19:20:15 | 000,477,784 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/05/11 07:51:56 | 000,210,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\ndis.sys
[2010/05/07 12:37:58 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\klogon.dll
[2010/05/07 06:41:19 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\Guenther\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/07 00:19:06 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kl2.sys
[2010/05/07 00:19:02 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kl1.sys
[2010/05/04 16:05:48 | 000,000,210 | -HS- | M] () -- C:\boot.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/16 21:25:14 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Guenther\My Documents\Order Form.xls
[2010/04/07 19:06:16 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Guenther\My Documents\OFM.xls
[2010/04/02 07:53:43 | 000,025,262 | ---- | M] () -- C:\Documents and Settings\Guenther\My Documents\cc_20100402_075337.reg
[2010/03/26 06:46:02 | 000,019,072 | ---- | M] () -- C:\Documents and Settings\Guenther\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/26 06:14:17 | 000,550,666 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/26 06:14:17 | 000,462,390 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/26 06:14:17 | 000,078,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/26 06:12:14 | 002,004,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010/05/13 08:13:33 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/11 19:22:05 | 000,113,933 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/05/11 19:22:05 | 000,097,549 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/04/16 21:25:06 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Guenther\My Documents\Order Form.xls
[2010/04/07 19:06:15 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Guenther\My Documents\OFM.xls
[2010/04/02 07:53:40 | 000,025,262 | ---- | C] () -- C:\Documents and Settings\Guenther\My Documents\cc_20100402_075337.reg
[2009/07/07 18:27:50 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/06/18 20:49:29 | 000,000,614 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/18 17:18:05 | 000,000,609 | R--- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2009/05/29 22:30:41 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2009/05/29 22:30:41 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2007/09/27 13:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 13:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 13:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/28 12:43:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/06/28 12:43:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/06/28 12:43:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/06/28 12:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/06/28 12:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/05/20 16:44:46 | 000,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2006/02/28 08:00:00 | 000,210,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\ndis.sys
[2002/12/13 12:50:00 | 000,021,696 | ---- | C] () -- C:\WINDOWS\System32\lmpcl5d$.ini
 
========== LOP Check ==========
 
[2010/05/01 17:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009/07/07 18:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/05/11 19:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/06/18 21:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/03/31 08:43:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/06/18 22:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Extensions
[2010/03/28 17:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2009/07/25 14:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Martau
[2010/05/08 17:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\onOne Software
[2010/05/11 17:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/18 22:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/06/30 12:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/07/07 13:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{1C806443-3EF6-4749-9244-5B8BB16AC237}
[2009/07/07 18:27:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{44C0A247-3014-411F-95CB-B1729C1B82D5}
[2009/06/18 20:30:01 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/06/18 17:19:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{6E81C7A8-EA69-4F66-A6DA-F1E4B472DE1C}
[2010/04/03 05:36:05 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2009/07/07 13:08:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E43D54EF-B3D5-44DC-8466-C4CC70E63FDD}
[2010/05/01 17:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\ACD Systems
[2009/06/18 18:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Acronis
[2009/07/07 18:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\AquaSoft
[2010/05/15 07:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Azureus
[2009/07/07 18:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Barbecue
[2009/06/19 10:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\COWON
[2009/07/11 00:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Foxit
[2009/09/11 11:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Foxit Software
[2009/07/23 14:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Jpeg Resampler
[2009/07/28 10:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\jpg-Illuminator
[2009/06/19 08:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\kikin
[2009/07/03 11:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mp3tag
[2010/05/08 17:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\onOne Software
[2009/06/18 21:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\OpenOffice.org
[2009/08/26 12:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\PanoramaStudio
[2009/07/07 18:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\PhotoAlbum
[2010/04/17 06:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\SpeedProject
[2009/09/18 20:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\TomTom
[2009/06/18 20:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\TuneUp Software
[2009/07/07 18:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\WebShow
[2009/06/02 12:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Windows Desktop Search
[2009/06/18 17:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Windows Search
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2009/05/29 22:18:29 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/04 16:05:48 | 000,000,210 | -HS- | M] () -- C:\boot.ini
[2009/06/18 19:14:10 | 2567,319,550 | ---- | M] () -- C:\CleanSystem.tib
[2009/05/29 22:18:29 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/05/29 22:18:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/05/29 22:18:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/28 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/05/29 23:16:51 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/16 07:21:58 | 4194,304,000 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010/05/07 12:37:58 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\klogon.dll
[2008/04/13 20:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2009/05/29 15:08:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/05/29 15:08:00 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/05/29 15:08:00 | 000,933,888 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\system32\drivers\*.sys /90 >
[2010/05/07 00:19:02 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\system32\drivers\kl1.sys
[2010/05/07 00:19:06 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\system32\drivers\kl2.sys
[2010/05/11 19:20:15 | 000,477,784 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/05/11 07:51:56 | 000,210,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\ndis.sys
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
         
Extras-File:

Code:
ATTFilter
OTL Extras logfile created on: 5/16/2010 7:32:43 AM - Run 1
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Documents and Settings\Guenther\My Documents\My Videos
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.74 Gb Total Space | 199.99 Gb Free Space | 42.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SHUTTLE
Current User Name: Guenther
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 3.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [JpegResamplerDir] -- "C:\Program Files\JPEG Resampler\JpegResampler.exe" "%1" (David Macek)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (hxxp://www.emule-project.net)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0180F30F-52A8-4414-8E3B-931917211845}" = AquaSoft DiaShow Studio 6
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15CA0C1F-3F1E-40D2-9B58-9DD570C8EE11}" = AquaSoft PhotoAlbum
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3
"{1D243F00-1389-4C63-A7E9-B17E967D1901}" = WebEx Record and Playback
"{1F701DBD-1660-4108-B10A-FB435EA63BF0}" = PostgreSQL 8.2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 15
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{42A96544-2842-444E-8A27-A61848DDEC87}" = Adobe Photoshop Lightroom 2.1
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A85524E-9681-41D1-976B-8E6954055500}" = Simply Accounting by Sage 2007
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011 Beta
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{768F22DC-2D20-4F52-A9A1-5E231FB7F752}" = Logitech Gaming Software 5.04
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{76E2A1A0-CE72-48A0-8D8E-767A1B0C2191}" = PhotoFrame 4.5 Free
"{77EDEF61-D63C-4441-9BEC-1874CE56FF6E}" = WeatherProfessional
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A8004C8-A4CB-4493-A0BD-683A648204A8}" = AquaSoft WebShow 3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AFAF626C-D2E6-455C-9A5A-ACDF049A6168}" = ASUS nVidia Driver
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1" = CheckDrive
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Plus VX
"{E3D16DAD-1AEE-11D6-B82B-004033AA2C09}" = Belkin Bulldog Plus
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E5343B27-55DF-40BD-9FCF-A643C1331E8A}" = Acronis*True*Image*Home
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AquaSoft DiaShow Studio 6" = AquaSoft DiaShow Studio 6
"AquaSoft PhotoAlbum" = AquaSoft PhotoAlbum
"AquaSoft WebShow 3" = AquaSoft WebShow 3
"CCleaner" = CCleaner
"easyHDR_PRO_2" = easyHDR PRO 2
"eMule" = eMule
"Extensions for Windows" = Extensions for Windows
"Finger Printer Driver_is1" = FPRD 1.7
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"FTDICOMM" = eQ-3 USB Serial Converter Drivers
"ie8" = Windows Internet Explorer 8
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011 Beta
"JPEG Resampler_is1" = JPEG Resampler Vs 5.0
"kikin plugin (Murb.com Edition)" = kikin plugin (Murb.com Edition) 1.11
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mp3tag" = Mp3tag v2.44
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"PanoramaStudio" = PanoramaStudio 1.6 (deinstallieren)
"PhotoFiltre" = PhotoFiltre
"PhotomatixPro3_is1" = Photomatix Pro version 3.0
"PhotomatixPro3Betax32_is1" = Photomatix Pro version 3.2.2
"PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.8
"PowerISO" = PowerISO
"SpeedCommander 13" = SpeedCommander 13
"SystemRequirementsLab" = System Requirements Lab
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Total Uninstall 5 & Power Dream_is1" = Total Uninstall 5.2.0
"Viveza" = Viveza
"VLC media player" = VLC media player 1.0.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WeatherProfessional" = WeatherProfessional
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Messenger Remover" = Windows Messenger Remover 1.0
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 5/14/2010 5:49:04 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating.  Details:
	This
 operation returned because the timeout period expired.   (0x800705b4) 
 
Error - 5/14/2010 5:53:10 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating.  Details:
	This
 operation returned because the timeout period expired.   (0x800705b4) 
 
Error - 5/14/2010 5:57:31 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating.  Details:
	This
 operation returned because the timeout period expired.   (0x800705b4) 
 
Error - 5/14/2010 6:01:37 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating.  Details:
	This
 operation returned because the timeout period expired.   (0x800705b4) 
 
Error - 5/14/2010 6:05:49 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating.  Details:
	This
 operation returned because the timeout period expired.   (0x800705b4) 
 
Error - 5/14/2010 6:10:08 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating.  Details:
	This
 operation returned because the timeout period expired.   (0x800705b4) 
 
Error - 5/14/2010 6:44:58 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating.  Details:
	This
 operation returned because the timeout period expired.   (0x800705b4) 
 
Error - 5/14/2010 6:49:11 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating.  Details:
	This
 operation returned because the timeout period expired.   (0x800705b4) 
 
Error - 5/14/2010 6:53:31 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating.  Details:
	This
 operation returned because the timeout period expired.   (0x800705b4) 
 
Error - 5/14/2010 6:57:44 PM | Computer Name = SHUTTLE | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating.  Details:
	This
 operation returned because the timeout period expired.   (0x800705b4) 
 
[ System Events ]
Error - 4/15/2010 7:38:37 AM | Computer Name = SHUTTLE | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
 MARMALON-PC  that believes that it is the master browser for the domain on transport
 NetBT_Tcpip_{B9637D46-9AA5-4D.  The master browser is stopping or an election is 
being forced.
 
Error - 4/15/2010 3:28:06 PM | Computer Name = SHUTTLE | Source = Print | ID = 23
Description = Printer Lexmark T630,0 failed to initialize because a suitable Lexmark
 T630 driver could not be found.
 
Error - 4/16/2010 6:37:01 AM | Computer Name = SHUTTLE | Source = Print | ID = 23
Description = Printer Lexmark T630,0 failed to initialize because a suitable Lexmark
 T630 driver could not be found.
 
 
< End of report >
         
__________________

Alt 16.05.2010, 17:10   #4
windrose
 
Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu - Standard

Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu



Ich habe die 3 Files als Datei hochgeladen. Sollte einfacher sein.

Gruesse aus Florida

Gunther
Angehängte Dateien
Dateityp: txt Extras.Txt (36,4 KB, 263x aufgerufen)
Dateityp: txt OTL.Txt (74,8 KB, 307x aufgerufen)
Dateityp: txt Gmer.txt (36,9 KB, 275x aufgerufen)

Alt 16.05.2010, 17:31   #5
Larusso
/// Selecta Jahrusso
 
Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu - Standard

Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu



Will mich da jemand verarschen. Florida pff, bei uns hat es Gefühlte 3 Grad

Achja, bitte die Logs nicht anhängen. Danke


Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop
  • Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
  • Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
  • ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
  • Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.



Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:



Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.

__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 16.05.2010, 20:00   #6
windrose
 
Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu - Standard

Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu



Ich war erst im Februar wieder in Wien und da war es mir einfach zu kalt. Nun haben wir 28°C

Leider kann ich ComboFix nicht laufen lassen, denn es kommt folgende Fehlermeldung:

C:\Documents and Settings\Guenther\Desktop\Combofix.exe

This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.

Gruesse gunther

Alt 16.05.2010, 22:02   #7
Larusso
/// Selecta Jahrusso
 
Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu - Standard

Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu



Lösche bitte die vorhandene Combofix.exe.

Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**



  • Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
  • Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
    • Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
    • Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 16.05.2010, 23:38   #8
windrose
 
Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu - Standard

Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu



Der ersten Versuch wurde durch einen blue screen abgebrochen!

Code:
ATTFilter
ComboFix 10-05-16.01 - Guenther 05/16/2010  17:28:08.2.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3326.2691 [GMT -4:00]
Running from: c:\documents and settings\Guenther\Desktop\Combo-Fix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\eMule\lang\ar_AE.dll
c:\program files\eMule\lang\ba_BA.dll
c:\program files\eMule\lang\bg_BG.dll
c:\program files\eMule\lang\ca_ES.dll
c:\program files\eMule\lang\cz_CZ.dll
c:\program files\eMule\lang\da_DK.dll
c:\program files\eMule\lang\de_DE.dll
c:\program files\eMule\lang\el_GR.dll
c:\program files\eMule\lang\es_AS.dll
c:\program files\eMule\lang\es_ES_T.dll
c:\program files\eMule\lang\et_EE.dll
c:\program files\eMule\lang\fa_IR.dll
c:\program files\eMule\lang\fi_FI.dll
c:\program files\eMule\lang\fr_BR.dll
c:\program files\eMule\lang\fr_FR.dll
c:\program files\eMule\lang\gl_ES.dll
c:\program files\eMule\lang\he_IL.dll
c:\program files\eMule\lang\hu_HU.dll
c:\program files\eMule\lang\it_IT.dll
c:\program files\eMule\lang\jp_JP.dll
c:\program files\eMule\lang\ko_KR.dll
c:\program files\eMule\lang\lt_LT.dll
c:\program files\eMule\lang\lv_LV.dll
c:\program files\eMule\lang\mt_MT.dll
c:\program files\eMule\lang\nb_NO.dll
c:\program files\eMule\lang\nl_NL.dll
c:\program files\eMule\lang\nn_NO.dll
c:\program files\eMule\lang\pl_PL.dll
c:\program files\eMule\lang\pt_BR.dll
c:\program files\eMule\lang\pt_PT.dll
c:\program files\eMule\lang\ro_RO.dll
c:\program files\eMule\lang\ru_RU.dll
c:\program files\eMule\lang\sl_SI.dll
c:\program files\eMule\lang\sq_AL.dll
c:\program files\eMule\lang\sv_SE.dll
c:\program files\eMule\lang\tr_TR.dll
c:\program files\eMule\lang\ua_UA.dll
c:\program files\eMule\lang\ug_CN.dll
c:\program files\eMule\lang\va_ES.dll
c:\program files\eMule\lang\va_ES_RACV.dll
c:\program files\eMule\lang\vi_VN.dll
c:\program files\eMule\lang\zh_CN.dll
c:\program files\eMule\lang\zh_TW.dll
c:\windows\windows_messenger.exe

.
(((((((((((((((((((((((((   Files Created from 2010-04-16 to 2010-05-16  )))))))))))))))))))))))))))))))
.

2010-05-16 21:27 . 2010-05-16 21:27	--------	d-----w-	c:\windows\LastGood
2010-05-13 12:13 . 2010-05-13 12:13	--------	d-----w-	c:\documents and settings\Guenther\Application Data\Malwarebytes
2010-05-13 12:13 . 2010-04-29 19:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-13 12:13 . 2010-05-13 12:13	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-05-13 12:13 . 2010-05-13 12:13	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-13 12:13 . 2010-04-29 19:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-05-12 23:47 . 2010-05-12 23:47	--------	d-----w-	C:\found.000
2010-05-11 21:46 . 2010-05-11 21:46	--------	d-----w-	c:\program files\Enigma Software Group
2010-05-11 21:45 . 2010-05-11 23:19	--------	d-----w-	c:\windows\61D3AAE1D5214CD7939B37813DE8F955.TMP
2010-05-11 21:45 . 2010-05-11 21:45	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2010-05-11 18:34 . 2010-05-11 21:35	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-05-11 18:20 . 2010-05-11 21:31	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2010-05-08 21:41 . 2010-05-13 17:59	--------	d-----w-	c:\program files\easyHDR PRO 2
2010-05-08 21:41 . 2010-05-08 21:41	--------	d-----w-	c:\documents and settings\Guenther\easyHDR PRO 2
2010-05-08 21:14 . 2010-05-08 21:16	--------	d-----w-	c:\documents and settings\Guenther\Application Data\onOne Software
2010-05-08 21:14 . 2010-05-08 21:14	--------	d-----w-	c:\program files\onOne Software
2010-05-08 21:14 . 2010-05-08 21:14	--------	d-----w-	c:\documents and settings\All Users\Application Data\onOne Software
2010-05-05 18:47 . 2010-05-13 18:05	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-05-05 17:21 . 2010-05-05 17:21	--------	d-----w-	C:\$AVG
2010-05-05 02:01 . 2010-05-04 11:26	650240	----a-w-	c:\documents and settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2010-05-04 20:32 . 2010-05-11 23:11	--------	d-----w-	c:\documents and settings\All Users\Application Data\avg9
2010-05-04 20:32 . 2010-05-04 20:32	--------	d-----w-	c:\program files\AVG
2010-05-01 21:55 . 2010-05-01 22:03	--------	d-----w-	c:\documents and settings\Guenther\Local Settings\Application Data\ACD Systems
2010-05-01 21:55 . 2010-05-01 21:55	--------	d-----w-	c:\documents and settings\Guenther\Application Data\ACD Systems
2010-05-01 21:52 . 2010-05-01 21:52	--------	d-----w-	c:\documents and settings\All Users\Application Data\ACD Systems
2010-05-01 21:52 . 2010-05-13 17:53	--------	d-----w-	c:\program files\Common Files\ACD Systems
2010-05-01 21:52 . 2010-05-01 21:52	--------	d-----w-	c:\program files\ACD Systems
2010-05-01 21:50 . 2010-05-01 21:50	--------	d-----w-	c:\documents and settings\Guenther\Local Settings\Application Data\Downloaded Installations

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-16 19:10 . 2010-03-28 22:52	--------	d-----w-	c:\documents and settings\Guenther\Application Data\vlc
2010-05-16 11:34 . 2009-06-19 01:41	1	----a-w-	c:\documents and settings\Guenther\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-15 11:03 . 2009-06-19 01:48	--------	d-----w-	c:\documents and settings\Guenther\Application Data\Azureus
2010-05-13 18:07 . 2009-05-30 02:29	--------	d-----w-	c:\program files\FPRD
2010-05-13 18:07 . 2009-06-19 02:16	--------	d-----w-	c:\program files\kikin
2010-05-13 18:07 . 2010-03-26 01:00	--------	d-----w-	c:\program files\JRE
2010-05-13 18:07 . 2009-07-23 18:16	--------	d-----w-	c:\program files\JPEG Resampler
2010-05-13 18:06 . 2009-06-19 14:41	--------	d-----w-	c:\program files\JetAudio
2010-05-13 18:05 . 2009-07-03 15:35	--------	d-----w-	c:\program files\Mp3tag
2010-05-13 18:05 . 2009-07-03 14:43	--------	d-----w-	c:\program files\MP3Gain
2010-05-13 18:04 . 2009-06-19 02:19	--------	d-----w-	c:\program files\Windows Messenger Remover
2010-05-13 18:04 . 2009-05-30 03:46	--------	d-----w-	c:\program files\Windows Media Connect 2
2010-05-13 18:03 . 2009-06-02 16:47	--------	d-----w-	c:\program files\Windows Desktop Search
2010-05-13 18:03 . 2009-06-18 21:18	--------	d-----w-	c:\program files\WeatherProfessional
2010-05-13 18:03 . 2009-06-19 01:47	--------	d-----w-	c:\program files\Vuze
2010-05-13 18:02 . 2009-07-25 18:02	--------	d-----w-	c:\program files\Total Uninstall 5
2010-05-13 18:02 . 2009-06-19 02:40	--------	d-----w-	c:\program files\TomTom HOME 2
2010-05-13 18:02 . 2009-05-30 03:07	--------	d-----w-	c:\program files\SystemRequirementsLab
2010-05-13 18:02 . 2009-07-17 17:11	--------	d-----w-	c:\program files\Thoosje Vista Sidebar
2010-05-13 18:01 . 2009-07-21 00:07	--------	d-----w-	c:\program files\PowerISO
2010-05-13 18:01 . 2009-06-30 16:30	--------	d-----w-	c:\program files\PhotomatixPro3
2010-05-13 18:01 . 2009-07-19 17:49	--------	d-----w-	c:\program files\PhotoFiltre
2010-05-13 17:59 . 2009-06-19 02:26	--------	d-----w-	c:\program files\Extensions for Windows
2010-05-13 17:59 . 2009-06-29 23:14	--------	d-----w-	c:\program files\eMule
2010-05-13 17:58 . 2010-03-26 00:39	--------	d-----w-	c:\program files\Common Files\Skype
2010-05-13 17:55 . 2009-06-19 14:41	--------	d-----w-	c:\program files\Common Files\COWON
2010-05-13 17:52 . 2009-07-06 20:38	--------	d-----w-	c:\program files\CheckDrive
2010-05-13 17:52 . 2009-06-19 02:21	--------	d-----w-	c:\program files\CCleaner
2010-05-13 17:52 . 2009-09-04 18:37	--------	d-----w-	c:\program files\Belkin Bulldog Plus
2010-05-09 22:43 . 2009-06-19 02:08	--------	d-----w-	c:\documents and settings\Guenther\Application Data\Skype
2010-05-09 22:43 . 2009-06-19 02:09	--------	d-----w-	c:\documents and settings\Guenther\Application Data\skypePM
2010-05-08 21:14 . 2009-05-30 02:24	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-04-26 02:08 . 2009-06-19 02:08	--------	d-----r-	c:\program files\Skype
2010-04-17 10:47 . 2009-06-19 00:15	--------	d-----w-	c:\program files\Simply Accounting Basic 2007
2010-04-17 10:38 . 2009-06-19 00:23	--------	d-----w-	c:\documents and settings\Guenther\Application Data\SpeedProject
2010-04-17 10:35 . 2009-06-19 00:22	--------	d-----w-	c:\program files\SpeedProject
2010-04-11 10:26 . 2009-06-19 00:34	181096	----a-w-	c:\documents and settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\FlashGot.exe
2010-04-07 22:58 . 2010-04-07 22:58	568832	----a-w-	c:\documents and settings\Guenther\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\19D5.tmp_\sun-pdfimport.oxt\msvcp90.dll
2010-04-07 22:58 . 2010-04-07 22:58	655872	----a-w-	c:\documents and settings\Guenther\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\19D5.tmp_\sun-pdfimport.oxt\msvcr90.dll
2010-04-07 22:58 . 2010-04-07 22:58	686080	----a-w-	c:\documents and settings\Guenther\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\19D5.tmp_\sun-pdfimport.oxt\pdfimport.uno.dll
2010-04-07 22:58 . 2010-04-07 22:58	583168	----a-w-	c:\documents and settings\Guenther\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\19D5.tmp_\sun-pdfimport.oxt\xpdfimport.exe
2010-04-07 22:58 . 2010-04-07 22:58	224768	----a-w-	c:\documents and settings\Guenther\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\19D5.tmp_\sun-pdfimport.oxt\msvcm90.dll
2010-04-03 20:00 . 2010-04-03 20:00	--------	d-----w-	c:\documents and settings\postgres\Application Data\TuneUp Software
2010-04-03 10:00 . 2010-04-03 10:00	--------	d-----w-	c:\documents and settings\LocalService\Application Data\TuneUp Software
2010-04-03 09:36 . 2010-04-03 09:36	--------	d-sh--w-	c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-04-02 11:58 . 2009-06-19 00:30	--------	d-----w-	c:\program files\TuneUp Utilities 2009
2010-03-31 12:43 . 2010-03-31 12:43	--------	d--h--w-	c:\documents and settings\All Users\Application Data\CanonBJ
2010-03-28 21:17 . 2010-03-28 21:17	--------	d-----w-	c:\documents and settings\All Users\Application Data\ICQ
2010-03-26 10:46 . 2009-06-02 16:48	19072	----a-w-	c:\documents and settings\Guenther\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-26 01:00 . 2009-06-19 00:13	--------	d-----w-	c:\program files\OpenOffice.org 3
2010-03-10 06:15 . 2006-02-28 12:00	420352	----a-w-	c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2006-02-28 12:00	916480	----a-w-	c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2006-02-28 12:00	455680	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2006-02-28 12:00	2146304	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59	2024448	----a-w-	c:\windows\system32\ntkrnlpa.exe
2009-07-15 17:27 . 2009-06-18 21:14	13087008	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2009-07-15 17:27 . 2009-06-18 21:14	744736	--sha-w-	c:\windows\system32\drivers\fidbox2.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2009-06-09 15:40	429280	----a-w-	c:\program files\kikin\ie_kikin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-28 13684736]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MUPS.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MUPS.lnk
backup=c:\windows\pss\MUPS.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Guenther^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Guenther\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-09-14 09:55	140568	----a-w-	c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-09-14 10:02	905056	----a-w-	c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 14:58	611712	----a-w-	c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-01 02:43	69632	------r-	c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12	15360	----a-w-	c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-03-21 20:00	174872	----a-w-	c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-03-28 07:03	13684736	----a-w-	c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-03-28 07:03	86016	----a-w-	c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-03-28 07:03	1657376	----a-w-	c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-06-10 22:49	16377344	------r-	c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2009-01-21 21:19	92168	----a-w-	c:\program files\Logitech\Gaming Software\LWEMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 12:23	149280	----a-w-	c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2007-09-14 09:52	2595480	----a-w-	c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 pgsql-8.2;PostgreSQL Database Server 8.2;c:\program files\WeatherProfessional\database\bin\pg_ctl.exe [4/20/2007 2:22 PM 79324]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 7:31 AM 92008]
R3 USB_FPRd;FingerPrinterReader;c:\windows\system32\drivers\UT_FPRd.sys [5/29/2009 10:29 PM 16000]
S0 jsoiuong;jsoiuong;c:\windows\system32\drivers\kkkdwju.sys --> c:\windows\system32\drivers\kkkdwju.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/7/2009 6:27 PM 717296]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Corporate Edition\kerneld.wnt --> c:\program files\Lavalys\EVEREST Corporate Edition\kerneld.wnt [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/13/2010 8:13 AM 38224]
S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN);c:\windows\system32\drivers\ZD1211U.sys [8/16/2005 5:50 PM 278016]
S4 Extensions Updates Service;Extensions Updates Service;c:\program files\Extensions for Windows\Extensions\Updater\ExtensionsUpdatesService.exe [10/29/2008 10:50 AM 77824]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
IE: Hinzufügen zu Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
FF - ProfilePath - c:\documents and settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://cm.my.yahoo.com/
FF - component: c:\documents and settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
 c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SpywareTerminator - c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe
MSConfigStartUp-SpywareTerminatorUpdate - c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-05-16 17:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Corporate Edition\kerneld.wnt"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1196)
c:\windows\system32\relog_ap.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(2876)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-16  17:34:48
ComboFix-quarantined-files.txt  2010-05-16 21:34

Pre-Run: 217,234,444,288 bytes free
Post-Run: 217,196,175,360 bytes free

- - End Of File - - 61C7ADA87C289A2D334FC8E262C1DDB5
         

Alt 17.05.2010, 14:47   #9
Larusso
/// Selecta Jahrusso
 
Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu - Standard

Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
/md5start
ndis.sys
/md5stop
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread


schritt 2

Windows-Explorer öffnen (Windows-Taste + E) und unter => Extras => Ordneroptionen => im Reiter "Ansicht"
  • Dateien und Ordner: Erweiterungen bei bekannten Dateitypen ausblenden deaktivieren
  • Dateien und Ordner: Geschützte Systemdateien ausblenden (empfohlen) deaktivieren
  • Dateien und Ordner: Inhalte von Systemordnern anzeigen aktivieren (bei Vista nicht vorhanden)
  • Versteckte Dateien und Ordner: alle Dateien und Ordner anzeigen aktivieren

Lösche keinesfalls eine Datei oder Ordner ohne Anweisung !!!

schritt 3

Bitte lasse die Dateien aus der Code-Box bei Virustotal überprüfen
Code:
ATTFilter
c:\windows\system32\drivers\kkkdwju.sys
         
Also gehe wie hier beschrieben vor:
  • Öffne diese Webseite: virustotal
  • Klicke auf "Durchsuchen"
  • Suche die Datei auf deinem Rechner--> Doppelklick auf die zu prüfende Datei (oder kopiere den Inhalt ab aus der Codebox)
  • "Senden der Datei"
  • Warte, bis der Scandurchlauf aller Virenscanner beendet ist
  • Auf "Filter" klicken
  • dann auf "Ergebnisse"
  • das Ergebnis (wie Du es bekommst )
    komplett markieren und hier rein kopieren
Sollte die Datei als schädlich erkannt werden bitte noch nicht entfernen


Bitte poste in Deiner nächsten Antwort
OTL.txt
Auswertung von Virustotal
Berichte wie der Rechner läuft
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 17.05.2010, 23:40   #10
windrose
 
Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu - Standard

Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu



Sorry aber die Datei kkkdwju.sys finde ich nicht!!

Ich kann den Inhalt aus der codebox auch nicht bei VirusTotal reinkopieren.

was mache ich falsch?


Code:
ATTFilter
OTL logfile created on: 5/17/2010 5:06:15 PM - Run 2
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Documents and Settings\Guenther\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 80.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.74 Gb Total Space | 201.70 Gb Free Space | 43.31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SHUTTLE
Current User Name: Guenther
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010/05/17 16:53:57 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guenther\Desktop\OTL.exe
PRC - [2010/05/16 22:15:21 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/16 22:15:21 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/05/16 22:15:21 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/05/16 22:15:21 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/05/16 22:15:19 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/05/16 22:15:19 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/05/16 22:15:18 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/02/04 00:00:02 | 002,630,000 | ---- | M] (SWE Sven Ritter) -- C:\Program Files\SpeedProject\SpeedCommander 13\SpeedCommander.exe
PRC - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/05/19 14:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/14 07:01:56 | 000,492,600 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007/09/14 05:55:26 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/04/20 14:22:22 | 000,079,324 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\WeatherProfessional\database\bin\pg_ctl.exe
PRC - [2007/04/20 14:22:04 | 003,596,659 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\WeatherProfessional\database\bin\postgres.exe
PRC - [2007/03/21 16:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2004/11/08 15:48:56 | 000,237,568 | ---- | M] (Delta) -- C:\Program Files\Belkin Bulldog Plus\upsd.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/05/17 16:53:57 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guenther\Desktop\OTL.exe
MOD - [2009/05/25 01:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll
MOD - [2008/04/13 20:11:50 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010/05/16 22:15:19 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/05/16 22:15:18 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/19 10:25:38 | 000,430,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/06/18 20:49:54 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/19 14:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/10/29 10:50:23 | 000,077,824 | ---- | M] (Extensoft) [Disabled | Stopped] -- C:\Program Files\Extensions for Windows\Extensions\Updater\ExtensionsUpdatesService.exe -- (Extensions Updates Service)
SRV - [2007/09/14 07:01:56 | 000,492,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007/09/14 05:55:26 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/04/20 14:22:22 | 000,079,324 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\WeatherProfessional\database\bin\pg_ctl.exe -- (pgsql-8.2)
SRV - [2007/03/21 16:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2004/11/08 15:48:56 | 000,237,568 | ---- | M] (Delta) [Auto | Running] -- C:\Program Files\Belkin Bulldog Plus\upsd.exe -- (UPSentry_Smart)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010/05/16 22:15:40 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/05/16 22:15:37 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/05/16 22:15:33 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/07/07 18:27:50 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/06/18 18:58:55 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/06/18 18:58:55 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/06/18 18:58:48 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/06/18 18:58:46 | 000,368,736 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2009/05/09 04:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/03/28 03:03:00 | 006,280,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/03/15 06:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/02/06 21:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/01/13 22:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/01/13 22:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/01/13 22:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/01/13 22:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2008/08/14 10:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2008/04/13 14:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/03 03:40:56 | 000,047,249 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2007/07/06 14:16:34 | 000,016,000 | ---- | M] (USBest Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UT_FPRd.sys -- (USB_FPRd)
DRV - [2007/06/19 22:14:40 | 004,432,384 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/21 15:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2006/11/02 11:01:00 | 000,250,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/08/16 17:50:50 | 000,278,016 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211U.sys -- (WLAN(WLAN)) XPC 802.11b/g Wireless Kit Driver(WLAN)
DRV - [2004/10/25 16:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.yahoo.com/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://cm.my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.6.17
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.68.2
FF - prefs.js..extensions.enabledItems: {3354F302-9928-4b07-B947-82F65A8FF70D}:2.0.2009110201
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3
FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3
FF - prefs.js..extensions.enabledItems: weatherwatcherlive@singerscreations.com:1.0.13
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.6.14
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/05/16 22:15:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/05/16 22:15:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/13 12:36:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/13 12:36:01 | 000,000,000 | ---D | M]
 
[2009/06/18 22:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Extensions
[2009/06/18 22:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/05/17 06:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions
[2010/03/25 19:45:08 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/05/10 07:01:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/04/11 06:25:50 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/04/27 00:43:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/25 19:45:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{3354F302-9928-4b07-B947-82F65A8FF70D}
[2010/04/13 07:06:55 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/05/04 14:45:48 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2010/04/12 17:58:39 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/04/21 03:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\foxmarks@kei.com
[2010/04/13 07:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\personas@christopher.beard
[2010/03/25 19:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\smartbookmarksbar@remy.juteau
[2010/05/04 22:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\support@lastpass.com
[2010/03/25 19:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\weatherwatcherlive@singerscreations.com
[2010/01/11 16:22:54 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\searchplugins\diigo--google.xml
[2010/04/30 17:18:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\searchplugins\icqplugin-1.xml
[2008/07/10 13:07:28 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\searchplugins\icqplugin.xml
[2010/05/17 06:55:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/11 00:39:25 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
 
O1 HOSTS File: ([2010/05/16 17:20:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243652328765 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Guenther\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Guenther\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/29 22:18:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010/05/17 16:53:56 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Guenther\Desktop\OTL.exe
[2010/05/17 06:55:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Local Settings\Application Data\AVG Security Toolbar
[2010/05/16 22:15:40 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/05/16 22:15:40 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/05/16 22:15:37 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/05/16 22:15:33 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/16 22:15:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/05/16 22:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/05/16 22:15:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/16 21:58:20 | 095,153,416 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Guenther\Desktop\avg_free_stf_eu_90_819a2842.exe
[2010/05/16 17:27:28 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2010/05/16 17:02:43 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/16 16:59:17 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/16 16:59:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/16 16:59:16 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/16 16:59:16 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/16 16:58:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/16 16:29:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/15 07:03:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Guenther\Recent
[2010/05/13 08:13:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Application Data\Malwarebytes
[2010/05/13 08:13:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/13 08:13:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/13 08:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/13 08:13:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/12 19:47:23 | 000,000,000 | ---D | C] -- C:\found.000
[2010/05/11 17:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/05/11 17:45:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\61D3AAE1D5214CD7939B37813DE8F955.TMP
[2010/05/11 17:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/05/11 14:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/05/11 14:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/08 17:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\easyHDR PRO 2
[2010/05/08 17:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\easyHDR PRO 2
[2010/05/08 17:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Application Data\onOne Software
[2010/05/08 17:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\onOne Software
[2010/05/08 17:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\onOne Software
[2010/05/05 14:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/05/05 13:21:38 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/05/04 16:32:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/04 16:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/05/04 16:31:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\My Documents\AVG
[2010/05/01 17:55:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Local Settings\Application Data\ACD Systems
[2010/05/01 17:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Application Data\ACD Systems
[2010/05/01 17:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/05/01 17:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ACD Systems
[2010/05/01 17:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\ACD Systems
[2010/05/01 17:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Local Settings\Application Data\Downloaded Installations
[2010/04/11 15:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Navigator Systems
[2010/04/07 07:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\My Documents\Bank
[2010/04/03 06:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2010/04/03 05:36:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/03/31 08:43:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/03/28 18:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Application Data\vlc
[2010/03/28 17:17:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2010/03/25 21:00:23 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/03/25 20:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2010/05/17 16:53:57 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guenther\Desktop\OTL.exe
[2010/05/17 16:47:25 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/17 16:47:00 | 000,194,667 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/17 16:47:00 | 000,018,980 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2010/05/17 16:46:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/17 16:46:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/17 07:19:56 | 003,670,016 | ---- | M] () -- C:\Documents and Settings\Guenther\NTUSER.DAT
[2010/05/17 06:58:21 | 060,075,572 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/16 22:15:40 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/05/16 22:15:40 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/05/16 22:15:40 | 000,001,516 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/05/16 22:15:37 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/05/16 22:15:33 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/05/16 22:15:33 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/16 22:12:32 | 095,153,416 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Guenther\Desktop\avg_free_stf_eu_90_819a2842.exe
[2010/05/16 17:33:21 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/16 17:20:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/16 17:02:47 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/05/16 16:23:29 | 003,689,722 | R--- | M] () -- C:\Documents and Settings\Guenther\Desktop\Combo-Fix.exe
[2010/05/16 11:07:55 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Guenther\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/16 07:35:26 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Guenther\My Documents\viren.doc
[2010/05/13 08:13:33 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/04 16:05:48 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/16 21:25:14 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Guenther\My Documents\Order Form.xls
[2010/04/07 19:06:16 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Guenther\My Documents\OFM.xls
[2010/04/02 07:53:43 | 000,025,262 | ---- | M] () -- C:\Documents and Settings\Guenther\My Documents\cc_20100402_075337.reg
[2010/03/26 06:46:02 | 000,019,072 | ---- | M] () -- C:\Documents and Settings\Guenther\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/26 06:14:17 | 000,550,666 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/26 06:14:17 | 000,462,390 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/26 06:14:17 | 000,078,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/26 06:12:14 | 002,004,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010/05/16 22:15:40 | 000,001,516 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/05/16 22:15:33 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/05/16 22:15:28 | 060,075,572 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/16 17:02:47 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2010/05/16 17:02:44 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/16 16:59:17 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/16 16:59:17 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/16 16:59:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/16 16:59:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/16 16:59:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/16 16:23:29 | 003,689,722 | R--- | C] () -- C:\Documents and Settings\Guenther\Desktop\Combo-Fix.exe
[2010/05/16 07:35:26 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Guenther\My Documents\viren.doc
[2010/05/13 08:13:33 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/16 21:25:06 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Guenther\My Documents\Order Form.xls
[2010/04/07 19:06:15 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Guenther\My Documents\OFM.xls
[2010/04/02 07:53:40 | 000,025,262 | ---- | C] () -- C:\Documents and Settings\Guenther\My Documents\cc_20100402_075337.reg
[2009/07/07 18:27:50 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/06/18 20:49:29 | 000,000,614 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/18 17:18:05 | 000,000,609 | R--- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2009/05/29 22:30:41 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2009/05/29 22:30:41 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2007/09/27 13:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 13:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 13:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/28 12:43:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/06/28 12:43:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/06/28 12:43:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/06/28 12:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/06/28 12:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/05/20 16:44:46 | 000,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2002/12/13 12:50:00 | 000,021,696 | ---- | C] () -- C:\WINDOWS\System32\lmpcl5d$.ini
 
========== LOP Check ==========
 
[2010/05/01 17:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009/07/07 18:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/05/16 22:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/05/16 22:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/06/18 21:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/03/31 08:43:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/06/18 22:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Extensions
[2010/03/28 17:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2009/07/25 14:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Martau
[2010/05/08 17:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\onOne Software
[2010/05/11 17:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/18 22:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/06/30 12:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/07/07 13:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{1C806443-3EF6-4749-9244-5B8BB16AC237}
[2009/07/07 18:27:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{44C0A247-3014-411F-95CB-B1729C1B82D5}
[2009/06/18 20:30:01 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/06/18 17:19:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{6E81C7A8-EA69-4F66-A6DA-F1E4B472DE1C}
[2010/04/03 05:36:05 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2009/07/07 13:08:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E43D54EF-B3D5-44DC-8466-C4CC70E63FDD}
[2010/05/01 17:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\ACD Systems
[2009/06/18 18:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Acronis
[2009/07/07 18:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\AquaSoft
[2010/05/15 07:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Azureus
[2009/07/07 18:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Barbecue
[2009/06/19 10:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\COWON
[2009/07/11 00:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Foxit
[2009/09/11 11:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Foxit Software
[2009/07/23 14:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Jpeg Resampler
[2009/07/28 10:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\jpg-Illuminator
[2009/06/19 08:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\kikin
[2009/07/03 11:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mp3tag
[2010/05/08 17:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\onOne Software
[2009/06/18 21:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\OpenOffice.org
[2009/08/26 12:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\PanoramaStudio
[2009/07/07 18:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\PhotoAlbum
[2010/04/17 06:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\SpeedProject
[2009/09/18 20:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\TomTom
[2009/06/18 20:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\TuneUp Software
[2009/07/07 18:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\WebShow
[2009/06/02 12:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Windows Desktop Search
[2009/06/18 17:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Windows Search
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
 
< MD5 for: NDIS.SYS  >
[2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2006/02/28 08:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
         

Alt 18.05.2010, 16:59   #11
Larusso
/// Selecta Jahrusso
 
Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu - Standard

Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu



Ist kein Problem, sowas passiert

schritt 1

Bereinigung mit Malwarebytes' Anti-Malware (Quick-Scan)

Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
  • Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
  • Lasse es online updaten (Reiter Updates), sofern sich das Programm bereits auf dem Rechner befand.
  • Aktiviere "Quick-Scan durchführen" => Scan.
  • Wenn der Scan beendet ist, klicke auf "Ergebnisse anzeigen".
  • Bei Funden in C:\System Volume Information den Haken entfernen.
    Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren.
    Er könnte jedoch trotz Malware noch gebraucht werden.
  • Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Entferne Auswahl".
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
  • Berichte, wie der Rechner nun läuft.
Hier findest Du eine ausführliche und bebilderte Anleitung.


schritt 2

Java aktualisieren

Deine Javaversion ist veraltet. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, muss Java aktualisiert werden und alte Versionen müssen vom System entfernt werden, da die alten Versionen ein Sicherheitsrisiko darstellen. Lade JavaRa von prm753 herunter und entpacke es auf den Desktop. JavaRA ist geeignet für Windows 9x, 2k, XP und Vista (mit deaktivierter Benuterkontensteuerung).
  • Schließe alle Browserfenster.
  • Doppelklicke die JavaRa.exe, um das Programm zu starten.
  • Die Sprache auswählen, nimm Englisch und klicke "Select".
  • Klicke auf Additional Task, mache Haken bei Remove Useless JRE Files und [b]Remove Sun Download Manager[b].
  • Klicke auf Go und jeweils auf Ok und schließe das Fenster "Additional Tasks" wieder.
  • Klicke auf Remove Older Versions, um alte Java-Versionen, die auf dem Rechner installiert sind, zu entfernen.
  • Klicke auf Yes wenn es verlangt wird. Wenn JavaRa fertig, erscheint eine Notiz, dass ein Logfile erstellt wurde, klicke OK.
  • Das Logfile wird im Editor geöffnet, bitte speichern und später hier posten.
  • Kontrolliere in Systemsteuerung => Programme, ob noch Java-Versionen vorhanden sind und deinstalliere diese.
  • Rechner neu starten.
Downloade nun Java (Java Runtime Environment (JRE) 6 Update XX) von Oracle und installiere es. Vor dem Download musst Du die Lizenzbedingungen akzeptieren, indem Du "Accept License Agreement" aktivierst. Erweiterte Optionen anhaken, Sponsoren-Programm (Toolbar oder ähnliches) ggfs. abwählen.


schritt 3
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Unterstützte Betriebssysteme: Microsoft Windows 98/ME/NT 4.0/2000/XP und Windows Vista
  • Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.
  • Button "ESET Online Scanner" drücken.
  • Firefox-User müssen ein zusätzliches Addon (esetsmartinstaller_enu.exe) installieren.
  • Das Firefox-Addon auf dem Desktop speichern und dann installieren.
  • IE-User müssen das Installieren eines ActiveX Elements erlauben.
  • Einen Haken bei "Remove found threads" und "Scan archives" machen.
  • Start drücken.
  • Signaturen werden heruntergeladen.
  • Der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
  • IE-User zusätzlich: mit HJT folgenden Eintrag fixen:
  • O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)


schritt 4

Starte bitte OTL.exe und klicke auf den Quick Scan Button.


Bitte poste in Deiner nächsten Antwort
Log von MBAM
Log von ESET
OTL.txt
Berichte wie der Rechner läuft
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 18.05.2010, 22:36   #12
windrose
 
Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu - Standard

Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu



Toll das du immer so schnell atwortest!!

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4112

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/18/2010 1:12:16 PM
mbam-log-2010-05-18 (13-12-16).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 120912
Laufzeit: 3 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


--------------------------------------------------------------------------

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=87bced09f111ce409ac99d71c7b9e4a7
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-18 07:57:57
# local_time=2010-05-18 03:57:57 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 1113323 1113323 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=126610
# found=4
# cleaned=4
# scan_time=7816
C:\Diverse\Download\Foto\Photomatix Pro 3.1 v1.4.8.1 Cracked.rar probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Diverse\Download\Movies\Nie mehr Probleme mit Audio- und Videodateien\FFSetup185.zip a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Diverse\Download\Utlilities\unlocker1.8.7.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ndis.sys.vir Win32/Protector.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C


--------------------------------------------------------------------------

Code:
ATTFilter
OTL logfile created on: 5/18/2010 4:28:18 PM - Run 3
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Documents and Settings\Guenther\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.74 Gb Total Space | 201.85 Gb Free Space | 43.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SHUTTLE
Current User Name: Guenther
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010/05/17 16:53:57 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guenther\Desktop\OTL.exe
PRC - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/05/19 14:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/14 07:01:56 | 000,492,600 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007/09/14 05:55:26 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/04/20 14:22:22 | 000,079,324 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\WeatherProfessional\database\bin\pg_ctl.exe
PRC - [2007/04/20 14:22:04 | 003,596,659 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\WeatherProfessional\database\bin\postgres.exe
PRC - [2007/03/21 16:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2004/11/08 15:48:56 | 000,237,568 | ---- | M] (Delta) -- C:\Program Files\Belkin Bulldog Plus\upsd.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/05/17 16:53:57 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guenther\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/06/18 20:49:54 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/19 14:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/10/29 10:50:23 | 000,077,824 | ---- | M] (Extensoft) [Disabled | Stopped] -- C:\Program Files\Extensions for Windows\Extensions\Updater\ExtensionsUpdatesService.exe -- (Extensions Updates Service)
SRV - [2007/09/14 07:01:56 | 000,492,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007/09/14 05:55:26 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/04/20 14:22:22 | 000,079,324 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\WeatherProfessional\database\bin\pg_ctl.exe -- (pgsql-8.2)
SRV - [2007/03/21 16:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2004/11/08 15:48:56 | 000,237,568 | ---- | M] (Delta) [Auto | Running] -- C:\Program Files\Belkin Bulldog Plus\upsd.exe -- (UPSentry_Smart)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2009/07/07 18:27:50 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/06/18 18:58:55 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/06/18 18:58:55 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/06/18 18:58:48 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/06/18 18:58:46 | 000,368,736 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2009/05/09 04:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/03/28 03:03:00 | 006,280,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/03/15 06:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/02/06 21:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/01/13 22:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/01/13 22:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/01/13 22:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/01/13 22:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2008/08/14 10:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2008/04/13 14:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/03 03:40:56 | 000,047,249 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2007/07/06 14:16:34 | 000,016,000 | ---- | M] (USBest Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UT_FPRd.sys -- (USB_FPRd)
DRV - [2007/06/19 22:14:40 | 004,432,384 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/21 15:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2006/11/02 11:01:00 | 000,250,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/08/16 17:50:50 | 000,278,016 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211U.sys -- (WLAN(WLAN)) XPC 802.11b/g Wireless Kit Driver(WLAN)
DRV - [2004/10/25 16:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.yahoo.com/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://cm.my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.6.17
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.68.2
FF - prefs.js..extensions.enabledItems: {3354F302-9928-4b07-B947-82F65A8FF70D}:2.0.2009110201
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3
FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3
FF - prefs.js..extensions.enabledItems: weatherwatcherlive@singerscreations.com:1.0.13
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.6.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/13 12:36:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/18 13:44:15 | 000,000,000 | ---D | M]
 
[2009/06/18 22:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Extensions
[2009/06/18 22:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/05/18 13:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions
[2010/03/25 19:45:08 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/05/10 07:01:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/04/11 06:25:50 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/04/27 00:43:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/25 19:45:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{3354F302-9928-4b07-B947-82F65A8FF70D}
[2010/04/13 07:06:55 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/05/04 14:45:48 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2010/04/12 17:58:39 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/04/21 03:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\foxmarks@kei.com
[2010/04/13 07:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\personas@christopher.beard
[2010/03/25 19:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\smartbookmarksbar@remy.juteau
[2010/05/04 22:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\support@lastpass.com
[2010/03/25 19:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\extensions\weatherwatcherlive@singerscreations.com
[2010/01/11 16:22:54 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\searchplugins\diigo--google.xml
[2010/04/30 17:18:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\searchplugins\icqplugin-1.xml
[2008/07/10 13:07:28 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Guenther\Application Data\Mozilla\Firefox\Profiles\5qj462i5.default\searchplugins\icqplugin.xml
[2010/05/18 13:44:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/18 13:44:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/18 13:44:06 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/07/11 00:39:25 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
 
O1 HOSTS File: ([2010/05/16 17:20:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243652328765 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Guenther\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Guenther\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/29 22:18:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010/05/18 13:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/18 13:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/05/18 13:40:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/17 16:53:56 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Guenther\Desktop\OTL.exe
[2010/05/16 22:15:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/16 21:58:20 | 095,153,416 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Guenther\Desktop\avg_free_stf_eu_90_819a2842.exe
[2010/05/16 17:27:28 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2010/05/16 17:02:43 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/16 16:59:17 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/16 16:59:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/16 16:59:16 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/16 16:59:16 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/16 16:58:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/16 16:29:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/15 07:03:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Guenther\Recent
[2010/05/13 08:13:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Application Data\Malwarebytes
[2010/05/13 08:13:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/13 08:13:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/13 08:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/13 08:13:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/12 19:47:23 | 000,000,000 | ---D | C] -- C:\found.000
[2010/05/11 17:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/05/11 17:45:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\61D3AAE1D5214CD7939B37813DE8F955.TMP
[2010/05/11 17:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/05/11 14:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/05/11 14:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/08 17:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\easyHDR PRO 2
[2010/05/08 17:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\easyHDR PRO 2
[2010/05/08 17:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Application Data\onOne Software
[2010/05/08 17:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\onOne Software
[2010/05/08 17:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\onOne Software
[2010/05/05 14:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/05/04 16:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/05/04 16:31:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\My Documents\AVG
[2010/05/01 17:55:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Local Settings\Application Data\ACD Systems
[2010/05/01 17:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Application Data\ACD Systems
[2010/05/01 17:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/05/01 17:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ACD Systems
[2010/05/01 17:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\ACD Systems
[2010/05/01 17:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Local Settings\Application Data\Downloaded Installations
[2010/04/11 15:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Navigator Systems
[2010/04/07 07:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\My Documents\Bank
[2010/04/03 06:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2010/04/03 05:36:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/03/31 08:43:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/03/28 18:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guenther\Application Data\vlc
[2010/03/28 17:17:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2010/03/25 21:00:23 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/03/25 20:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2010/05/18 13:45:17 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Guenther\Desktop\esetsmartinstaller_enu.exe
[2010/05/18 13:35:00 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/18 13:34:46 | 000,194,667 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/18 13:34:46 | 000,018,980 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2010/05/18 13:34:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/18 13:34:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/18 13:33:55 | 003,670,016 | ---- | M] () -- C:\Documents and Settings\Guenther\NTUSER.DAT
[2010/05/18 13:26:55 | 000,071,702 | ---- | M] () -- C:\Documents and Settings\Guenther\Desktop\JavaRaSource.zip
[2010/05/18 13:26:41 | 000,071,798 | ---- | M] () -- C:\Documents and Settings\Guenther\Desktop\JavaRa.zip
[2010/05/17 16:53:57 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guenther\Desktop\OTL.exe
[2010/05/16 22:12:32 | 095,153,416 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Guenther\Desktop\avg_free_stf_eu_90_819a2842.exe
[2010/05/16 17:33:21 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/16 17:20:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/16 17:02:47 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/05/16 16:23:29 | 003,689,722 | R--- | M] () -- C:\Documents and Settings\Guenther\Desktop\Combo-Fix.exe
[2010/05/16 11:07:55 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Guenther\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/16 07:35:26 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Guenther\My Documents\viren.doc
[2010/05/13 08:13:33 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/04 16:05:48 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/16 21:25:14 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Guenther\My Documents\Order Form.xls
[2010/04/07 19:06:16 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Guenther\My Documents\OFM.xls
[2010/04/02 07:53:43 | 000,025,262 | ---- | M] () -- C:\Documents and Settings\Guenther\My Documents\cc_20100402_075337.reg
[2010/03/26 06:46:02 | 000,019,072 | ---- | M] () -- C:\Documents and Settings\Guenther\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/26 06:14:17 | 000,550,666 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/26 06:14:17 | 000,462,390 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/26 06:14:17 | 000,078,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/26 06:12:14 | 002,004,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010/05/18 13:45:17 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Guenther\Desktop\esetsmartinstaller_enu.exe
[2010/05/18 13:26:54 | 000,071,702 | ---- | C] () -- C:\Documents and Settings\Guenther\Desktop\JavaRaSource.zip
[2010/05/18 13:26:40 | 000,071,798 | ---- | C] () -- C:\Documents and Settings\Guenther\Desktop\JavaRa.zip
[2010/05/16 17:02:47 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2010/05/16 17:02:44 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/16 16:59:17 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/16 16:59:17 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/16 16:59:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/16 16:59:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/16 16:59:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/16 16:23:29 | 003,689,722 | R--- | C] () -- C:\Documents and Settings\Guenther\Desktop\Combo-Fix.exe
[2010/05/16 07:35:26 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Guenther\My Documents\viren.doc
[2010/05/13 08:13:33 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/16 21:25:06 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Guenther\My Documents\Order Form.xls
[2010/04/07 19:06:15 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Guenther\My Documents\OFM.xls
[2010/04/02 07:53:40 | 000,025,262 | ---- | C] () -- C:\Documents and Settings\Guenther\My Documents\cc_20100402_075337.reg
[2009/07/07 18:27:50 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/06/18 20:49:29 | 000,000,614 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/18 17:18:05 | 000,000,609 | R--- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2009/05/29 22:30:41 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2009/05/29 22:30:41 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2007/09/27 13:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 13:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 13:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/28 12:43:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/06/28 12:43:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/06/28 12:43:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/06/28 12:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/06/28 12:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/05/20 16:44:46 | 000,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2002/12/13 12:50:00 | 000,021,696 | ---- | C] () -- C:\WINDOWS\System32\lmpcl5d$.ini
 
========== LOP Check ==========
 
[2010/05/01 17:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009/07/07 18:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/06/18 21:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/03/31 08:43:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/06/18 22:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Extensions
[2010/03/28 17:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2009/07/25 14:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Martau
[2010/05/08 17:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\onOne Software
[2010/05/11 17:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/18 22:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/06/30 12:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/07/07 13:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{1C806443-3EF6-4749-9244-5B8BB16AC237}
[2009/07/07 18:27:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{44C0A247-3014-411F-95CB-B1729C1B82D5}
[2009/06/18 20:30:01 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/06/18 17:19:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{6E81C7A8-EA69-4F66-A6DA-F1E4B472DE1C}
[2010/04/03 05:36:05 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2009/07/07 13:08:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E43D54EF-B3D5-44DC-8466-C4CC70E63FDD}
[2010/05/01 17:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\ACD Systems
[2009/06/18 18:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Acronis
[2009/07/07 18:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\AquaSoft
[2010/05/15 07:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Azureus
[2009/07/07 18:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Barbecue
[2009/06/19 10:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\COWON
[2009/07/11 00:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Foxit
[2009/09/11 11:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Foxit Software
[2009/07/23 14:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Jpeg Resampler
[2009/07/28 10:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\jpg-Illuminator
[2009/06/19 08:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\kikin
[2009/07/03 11:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Mp3tag
[2010/05/08 17:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\onOne Software
[2009/06/18 21:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\OpenOffice.org
[2009/08/26 12:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\PanoramaStudio
[2009/07/07 18:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\PhotoAlbum
[2010/04/17 06:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\SpeedProject
[2009/09/18 20:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\TomTom
[2009/06/18 20:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\TuneUp Software
[2009/07/07 18:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\WebShow
[2009/06/02 12:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Windows Desktop Search
[2009/06/18 17:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guenther\Application Data\Windows Search
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
         
-------------------------------------------------------------------------

Soweit laeuft er sehr gut!

Gruss Gunther

Alt 19.05.2010, 16:16   #13
Larusso
/// Selecta Jahrusso
 
Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu - Standard

Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu



Logfile ist sauber

Hier noch die letzten paar Schritte zur Säuberung Deines Rechners.

Schritt 1

Ich sehe keine laufenden Antiviren Programme (AVP)

Das ist gefährlich. Manchmal bemerkt man Malware durch PopUps oder Google-Umleitungen etc, aber meisten läuft diese unbemerkt im Hintergrund. Ein AVP kann Dir helfen, Malware zu finden. Bitte downloade und Installiere Dir eines der folgenden AVPs.

Schritt 2

Peer to peer oder filesharing software

Deine Logfile(s) zeigen mir das Du sogenannte Peer to Peer oder Filesharing Programme verwendest ( Bei Dir Azureus/Vuze; eMule ). Diese Programme erlauben es Dir, Daten mit anderen Usern auszutauschen. Heutzutage bekommt Cyber Crime einen immer höher werdenden Status und die Ausmaße sind enorm. Leider ist auch p2p oder Filesharing davon nicht ausgenommen. Es dient auch dazu, infizierte Dateien zu verbreiten und ist auch ein Grund warum sich Malware so schnell verbreitet.
Es ist also möglich, dass Du Dir eine Infizierte Datei herunter ladest. Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art Software mit äusserster Vorsicht benutzt werden.

Ein ebenfalls wichtiger Punkt ist, dass das verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt.
Du setzt Dich also selbst dem Risiko einer Anklage durch Orginastionen ( oder dem Author der "Datei" selbst ) die diese Rechte überwachen
Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service. Zum Beispiel zum Downloaden von Linux oder Open Office.
Denoch würde ich Dich ersuchen, diese Art von Software nicht weiterhin zu verwenden.
Bitte gehe zu

Start --> Systemsteuerung --> Software

und deinstalliere (falls vorhanden) Vuze, eMule, kikin plugin (Murb.com Edition) 1.11

Bitte sag bescheid wenn Du eines der gelisteten Software nicht finden kannst.


Schritt 3
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:OTL
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin)
:services
:files
:reg
:Commands
[purity]
[emptytemp]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Run Fix Button.
  • Klick auf .
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Schritt 4

Bitte benenne die Combo-Fix.exe wieder in Combofix.exe

Combofix deinstallieren

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Start => Ausführen (bei Vista (Windows-Taste + R) => dort reinschreiben ComboFix /uninstall => Enter drücken - damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch auch dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.

Schritt 5

Tool CleanUp

Starte bitte die OTL.exe.
Klicke nun auf den CleanUp Button. Dies wird die meisten Tools und Logfiles entfernen.
Sollte denoch etwas bestehen bleiben, bitte manuell entfernen sowie den Papierkorb leeren.


Schritt 6

Automatische Updates

Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten.

Windows + R Taste drücken. Kopiere nun folgenden Text in die Kommandozeile

RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl

und klicke auf OK.
Stelle sicher das die automatischen Updates aktiviert sind.

Schritt 7

Um Dich für die Zukunft vor weiteren Infizierungen zu schützen empfehle ich Dir noch ein paar Programme.
  • SpywareBlaster
    Ein Tutorial zur Verwendung findest Du Hier

  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
    Hinweis: MBAM ersetzt keine Anti- Viren- Software.

  • Temp File Cleaner
    TFC ist ein wirklich starkes Tool zum entfernen von Temp Dateien vom IE und WIndows, leert den Papierkorb und noch viel mehr.
    Ausserdem hilft es Deinen Computer zu beschleunigen.
    Du kannst Dir TFC ( by OldTimer ) hier downloaden.

  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.

  • Halte Dein System aktuell
    Ich kann gar nicht oft genug betonen, wie wichtig es ist, dass der PC auf dem aktuellsten Stand der Dinge ist.
    Es werden oft genug Sicherheitslücken in Windows eigenen Anwendungen gefunden. Diese "Löcher" gehören entfernt, weil Angreifer diese womöglich nutzen um unauthorisiert auf Dein System zu zugreifen.
    Jeden zweiten Dienstag im Monat ist Update Tag. Besuche bitte dazu die Microsoft Update Seite.

  • Halte Deine Software aktuell
    Der einfachste Weg dafür ist der Secunia Online Software.


Schritt 8

Tipps für sicheres Surfen

Das sind meine Vorschläge.
Verwende einen alternativen Browser statt den IE.
Ich empfehle Mozilla Firefox.

Für Firefox gibt es verschiedenste AddOns um sicher durch das WWW zu kommen.
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.

  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart ausserdem Downloadkapazität.

  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 19.05.2010, 23:30   #14
windrose
 
Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu - Standard

Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu



es laueft alles prima!!!

Habe auch die noch fehlenden Zusatzprogramme installiert.

Nochmals vielen Dank fuer deine Bemuehungen. Werde gleich noch eine Spende machen.

Gruss gunther

Antwort

Themen zu Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu
anti-malware, bösartige, dateien, dummheit, ebenfalls, explorer, folge, folgende, gefunde, hallo zusammen, laufen, malwarebytes, malwarebytes' anti-malware, minute, neustart, sache, sachen, service, system, system32, troja, trojaner, version, verzeichnisse, viren, zusammen



Ähnliche Themen: Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu


  1. PC langsam, hängt sich beim Surfen auf, Bluescreen, Advanced System Protector, Win32:Dropper-gen, Win32:Malware-gen, Win32:Rootkit-gen u.a.
    Log-Analyse und Auswertung - 07.02.2015 (12)
  2. Kaspersky findet Backdoor.Win32.Zaccess, Trojan-Ransom.Win32.Gimeno, Trojan.Win32.Inject
    Log-Analyse und Auswertung - 01.02.2014 (17)
  3. Windows 8.1: Trojan:Win32/Meredrop, Trojan:Win32/Malagent, Trojan:Win32/Matsnu.L und Worm:Win32/Ainslot.A
    Log-Analyse und Auswertung - 19.01.2014 (5)
  4. Desinfizierung durch Kaspersky nicht möglich: Trojan.Win32.Bromngr.k, HEUR:Trojan.Win32.Generic, Trojan-Downloader.Win32.MultiDL.I
    Plagegeister aller Art und deren Bekämpfung - 28.11.2013 (1)
  5. BKA-Virus Trojan-Dropper.Win32.Dapato
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (24)
  6. Mehrere Viren u.a. Trojan-Dropper.Win32.FrauDrop.bdq, Trojan.Win32.Generic
    Log-Analyse und Auswertung - 13.09.2010 (5)
  7. TR/DROPPER.GEN, TR/RUNNER.QC.2, TR/PCK.KRAP.29 und WIN32.DELF.UV
    Log-Analyse und Auswertung - 02.10.2009 (1)
  8. Trojan-Spy.Win32.Pophot.gzv / Trojan.Win32.Buzus.alwl / Virus.Win32.Virut.ce
    Plagegeister aller Art und deren Bekämpfung - 19.02.2009 (1)
  9. eventuell noch trojaner? Trojan-PSW.Win32.Delf.cqp, Backdoor.Win32.Poison.jmo
    Log-Analyse und Auswertung - 21.11.2008 (0)
  10. Trojan-PSW.Win32.Delf.sp
    Plagegeister aller Art und deren Bekämpfung - 15.11.2006 (1)
  11. Trojan Backdoor Win32.Delf.aml
    Plagegeister aller Art und deren Bekämpfung - 25.01.2006 (5)
  12. Trojan Backdoor win32.Delf.aml
    Mülltonne - 24.01.2006 (1)
  13. Was tut Trojan.Win32.Delf.nl?
    Plagegeister aller Art und deren Bekämpfung - 06.09.2005 (11)
  14. Trojan.Win32.Delf.gh
    Plagegeister aller Art und deren Bekämpfung - 03.02.2005 (4)
  15. HELP - trojan-dropper.win32.delf
    Plagegeister aller Art und deren Bekämpfung - 16.01.2005 (7)
  16. win32.delf.trojan.a
    Plagegeister aller Art und deren Bekämpfung - 02.09.2004 (8)
  17. Win32.delf.trojan.a
    Plagegeister aller Art und deren Bekämpfung - 13.08.2004 (2)

Zum Thema Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu - Hallo zusammen, durch Dummheit habe ich mir Viren & Trojaner eingefangen. Wenn ich mit Kasperksy reinige findet er folgende Sachen: Virus.Win32.Protector.f Trojan-Dropper.Win32.delf.eu kann sie aber beide nicht loeschen. Wenn ich - Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu...
Archiv
Du betrachtest: Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.