Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: 'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 23.04.2010, 13:54   #1
trojaja
 
'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti - Icon17

'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti



Hallo zusammen!

Hab mir seit paar tagen was eingefangen. Mit antivir und HijackThis komme ich nicht weiter und bitte euch um eure hilfe. würde nur sehr sehr ungern WIN runterschmeissen...

rechner macht komische sachen: es wird alle 5min ein leerer ordner im verzeichnis C:\WINDOWS\Temp angelegt, manchmal schlägt antivir deshalb alarm; es öffnen sich komische internetseiten im browser; svochst.exe zieht leistung (am anfang, nicht mehr glaub ich) ; und obwohl es nich stimmt(hoffe ich) zeigt mir windows an dass meine firewall inaktiv ist.

hab versucht die anleitung durchzugehen punkt für punkt.

Danke schon mal im vorraus.

(hab auch ganz viel dazu gegoogelt und über den selben virus viel gelesen, aber lösungen die zu mir passen habe ich leider nicht gefunden weils am ende ja meistens ein individueles problem ist)




1. ich versuch mein bestes

2. CCleaner-- > erledigt

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4024

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23.04.2010 21:14:07
mbam-log-2010-04-23 (21-14-07).txt

Scan type: Quick scan
Objects scanned: 104250
Time elapsed: 8 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Alt 23.04.2010, 14:07   #2
trojaja
 
'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti - Standard

'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti



-----------------------------------------------------
log.txt
-----------------------------------------------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by Australia at 2010-04-23 21:17:57
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 900 MB (1%) free of 85 GB
Total RAM: 2039 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:18:03, on 23.04.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\Winexit\Winexit.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Australia\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Australia.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O4 - Global Startup: Winexit.lnk = C:\Program Files\Winexit\Winexit.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6957 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3749761151-401764716-3361445173-1006Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3749761151-401764716-3361445173-1006UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-02-13 1372160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-05 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-09-18 16855040]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-12-20 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-12-20 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-12-20 131072]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2009-01-23 416768]
"AsusTray"=C:\Program Files\EeePC\ACPI\AsTray.exe [2008-12-05 114688]
"AsusACPIServer"=C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe [2008-12-18 622592]
"AsusEPCMonitor"=C:\Program Files\EeePC\ACPI\AsEPCMon.exe [2008-05-21 94208]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-14 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
""= []
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"SpywareTerminator"=C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe [2010-04-22 2176512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2008-12-03 3882312]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe
SuperHybridEngine.lnk - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
Winexit.lnk - C:\Program Files\Winexit\Winexit.exe

C:\Documents and Settings\Australia\Start Menu\Programs\Startup
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-12-20 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-08-12 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0
"DisableStatusMessages"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Documents and Settings\Australia\Local Settings\Temp\WZSE0.TMP\UpgradeWizard\upgradeST.exe"="C:\Documents and Settings\Australia\Local Settings\Temp\WZSE0.TMP\UpgradeWizard\upgradeST.exe:*:Enabled:SpeedTouch Upgrade Wizard"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus / Vuze"
"C:\DOCUME~1\AUSTRA~1\LOCALS~1\Temp\IXP000.TMP\crypted.exe"="C:\DOCUME~1\AUSTRA~1\LOCALS~1\Temp\IXP000.TMP\crypted.exe:*:Enabled:Windows Messanger"
"C:\DOCUME~1\AUSTRA~1\LOCALS~1\Temp\winlogon.exe"="C:\DOCUME~1\AUSTRA~1\LOCALS~1\Temp\winlogon.exe:*:Enabled:Windows Messanger"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f5dc59c-1606-11df-84a3-9051e48dcac4}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f5dc59d-1606-11df-84a3-9051e48dcac4}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f5dc5a2-1606-11df-84a3-94ac0aec1ad1}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f5dc5a3-1606-11df-84a3-94ac0aec1ad1}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f5dc5a9-1606-11df-84a3-fca769c85c25}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f5dc5aa-1606-11df-84a3-fca769c85c25}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f4ff85a-b58f-11de-8473-00224393fe74}]
shell\AutoRun\command - wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bbd49af-c91b-11de-8477-cab254fafa2b}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bbd49b2-c91b-11de-8477-cab254fafa2b}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cfe34fe-19f2-11df-84a4-f7e7719ee0eb}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cfe34ff-19f2-11df-84a4-f7e7719ee0eb}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cfe3501-19f2-11df-84a4-f7e7719ee0eb}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cfe3504-19f2-11df-84a4-f7e7719ee0eb}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97f21127-80a6-11de-845f-d54517746cd0}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97f21128-80a6-11de-845f-d54517746cd0}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d6c3026-7fae-11de-845c-e7c8d430d06e}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca9237a2-d030-11de-847a-00224393fe74}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca9237ac-d030-11de-847a-00224393fe74}]
shell\AutoRun\command - explorer .
shell\mobile\command - F:\MobileLaunch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2802592-2ab1-11df-84a5-f74041b7af63}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2802593-2ab1-11df-84a5-f74041b7af63}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e280259b-2ab1-11df-84a5-911e02fae402}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e280259c-2ab1-11df-84a5-911e02fae402}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9fb2356-7fc3-11de-845a-c1b44543c5b1}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9fb2358-7fc3-11de-845a-c1b44543c5b1}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea6fa975-fe50-11de-848d-ec6ca350652e}]
shell\AutoRun\command - H:\Setup_FlipShare.exe
shell\Setup FlipShare\command - H:\Setup_FlipShare.exe


======List of files/folders created in the last 1 months======

2010-04-23 21:17:56 ----D---- C:\rsit
2010-04-22 23:23:58 ----D---- C:\Documents and Settings\Australia\Application Data\Malwarebytes
2010-04-22 23:23:28 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-04-22 23:23:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-22 23:02:36 ----D---- C:\Program Files\CCleaner
2010-04-22 02:59:37 ----D---- C:\Documents and Settings\Australia\Application Data\Spyware Terminator
2010-04-22 02:59:25 ----D---- C:\Program Files\Spyware Terminator
2010-04-22 02:59:25 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2010-04-22 02:29:34 ----D---- C:\Program Files\Trend Micro
2010-04-21 03:43:57 ----D---- C:\WINDOWS\Minidump
2010-04-16 00:32:27 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus
2010-04-14 22:55:02 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-14 22:54:48 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 22:52:10 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 22:52:00 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 22:51:52 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 22:51:31 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-10 07:00:09 ----D---- C:\Program Files\Common Files\DivX Shared
2010-04-10 07:00:08 ----D---- C:\Program Files\DivX
2010-03-30 23:18:00 ----D---- C:\temp
2010-03-30 09:35:55 ----D---- C:\Documents and Settings\Australia\Application Data\Facebook
2010-03-29 07:31:50 ----D---- C:\WINDOWS\system32\NtmsData
2010-03-29 07:28:34 ----D---- C:\Documents and Settings\Australia\Application Data\Avira
2010-03-29 07:27:13 ----D---- C:\Program Files\Avira
2010-03-29 07:27:13 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2010-03-24 01:23:41 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2010-03-24 00:28:19 ----A---- C:\WINDOWS\system32\hpz3l3xu.dll
2010-03-24 00:27:10 ----A---- C:\WINDOWS\system32\HPZisn12.dll
2010-03-24 00:27:10 ----A---- C:\WINDOWS\system32\HPZipt12.dll
2010-03-24 00:27:10 ----A---- C:\WINDOWS\system32\HPZipr12.dll
2010-03-24 00:27:10 ----A---- C:\WINDOWS\system32\HPZipm12.exe
2010-03-24 00:27:10 ----A---- C:\WINDOWS\system32\HPZinw12.exe
2010-03-24 00:27:10 ----A---- C:\WINDOWS\system32\HPZidr12.dll

======List of files/folders modified in the last 1 months======

2010-04-23 21:17:31 ----D---- C:\Documents and Settings\Australia\Application Data\Skype
2010-04-23 21:15:11 ----D---- C:\WINDOWS\Temp
2010-04-23 20:50:35 ----D---- C:\Documents and Settings\Australia\Application Data\Azureus
2010-04-23 20:50:25 ----D---- C:\WINDOWS
2010-04-23 20:24:33 ----D---- C:\WINDOWS\Prefetch
2010-04-23 20:20:33 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-23 19:30:42 ----D---- C:\Documents and Settings\Australia\Application Data\vlc
2010-04-23 18:33:21 ----D---- C:\Documents and Settings\Australia\Application Data\skypePM
2010-04-23 03:06:09 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-04-23 00:53:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2010-04-23 00:53:59 ----D---- C:\WINDOWS\system32\drivers
2010-04-22 23:23:26 ----D---- C:\Program Files
2010-04-22 23:14:00 ----D---- C:\WINDOWS\Debug
2010-04-22 18:09:48 ----D---- C:\WINDOWS\Registration
2010-04-21 20:29:08 ----D---- C:\Documents and Settings\Australia\Application Data\Adobe
2010-04-21 03:51:15 ----HD---- C:\WINDOWS\inf
2010-04-19 19:04:48 ----SHD---- C:\WINDOWS\Installer
2010-04-19 19:03:55 ----HD---- C:\Config.Msi
2010-04-16 07:28:04 ----D---- C:\Program Files\Winamp
2010-04-16 00:32:10 ----D---- C:\Program Files\Azureus
2010-04-15 00:04:43 ----D---- C:\WINDOWS\system32
2010-04-15 00:04:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-14 22:55:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-14 22:54:55 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-14 22:51:44 ----D---- C:\WINDOWS\ie8updates
2010-04-10 07:00:21 ----D---- C:\WINDOWS\WinSxS
2010-04-10 07:00:09 ----D---- C:\Program Files\Common Files
2010-04-07 03:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-03 00:04:31 ----D---- C:\Program Files\Mozilla Firefox
2010-03-31 20:44:38 ----D---- C:\Program Files\Internet Explorer
2010-03-29 07:31:50 ----D---- C:\WINDOWS\repair
2010-03-29 05:41:40 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2010-03-24 01:25:40 ----D---- C:\Documents and Settings\Australia\Application Data\HP
2010-03-24 01:24:01 ----D---- C:\Program Files\HP

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-09-19 1326528]
R3 AsusACPI;ASUS ACPI Driver; C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys [2008-04-09 10752]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-20 5854688]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-09-18 4816896]
R3 Ktp;Elantech Smart-Pad; C:\WINDOWS\system32\DRIVERS\ETD.sys [2009-02-13 93696]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12160]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2008-08-12 1752704]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 ava1bujm;ava1bujm; C:\WINDOWS\system32\drivers\ava1bujm.sys []
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-09 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-09 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-09 21744]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys []
S3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-09-24 38400]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RT80x86;Ralink 802.11n Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2860.sys [2009-01-20 933504]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-29 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-20 267432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-05 226640]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-04-22 488960]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-08-04 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
__________________


Alt 23.04.2010, 14:10   #3
trojaja
 
'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti - Standard

'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti



-----------------------------------------------------------------------------
info.txt
-------------------------------------------------------------------------------------

info.txt logfile of random's system information tool 1.06 2010-04-23 21:18:09

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3ivx MPEG-4 5.0.3 (remove only)-->"C:\Program Files\3ivx\3ivx MPEG-4 5.0.3\uninstaller.exe"
ACDSee Pro 2-->MsiExec.exe /I{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}
Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000002}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Asus ACPI Driver-->MsiExec.exe /X{19F5658D-92E8-4A08-8657-D38ABB1574B2}
ASUSUpdate for Eee PC-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x0009 -removeonly
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Azureus-->C:\Program Files\Azureus\Uninstall.exe
Azurewave Wireless LAN-->C:\Program Files\InstallShield Installation Information\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}\setup.exe -runfromtemp -l0x0009 -removeonly
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Eee Instant Key-->C:\Program Files\InstallShield Installation Information\{6E4DAE31-7CF3-441A-B6E5-B014D63C80CD}\setup.exe -runfromtemp -l0x0009 -removeonly
Eee Storage-->C:\Program Files\ASUS\Eee Storage\uninst.exe
ETDWare PS/2-x86 7.0.4.3 WHQL-->C:\Program Files\Elantech\ETDUninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
IsoBuster 1.8-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{299CF645-48C7-4FA1-8BCD-5CE200CF180D}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
SecureW2 EAP Suite 2.0.2 for Windows-->C:\Program Files\SecureW2\Uninstall.exe
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
Super Hybrid Engine-->C:\Program Files\InstallShield Installation Information\{88F08F98-12BC-4613-81A2-8F9B88CFC73E}\setup.exe -runfromtemp -l0x0009 -removeonly
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB972636)-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951618-v2)-->"C:\WINDOWS\$NtUninstallKB951618-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
USB 2.0 1.3M UVC WebCam-->C:\WINDOWS\Uninstsxga.bat
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vuze-->C:\Program Files\Azureus\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{D9D754A1-EAC5-406C-A28B-C49B1E846711}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{F73A5B18-EB75-4B2C-B32D-9457576E2417}
Windows Live Toolbar-->MsiExec.exe /X{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Winexit 3.5-->"C:\Program Files\Winexit\unins000.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

=====HijackThis Backups=====

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') [2010-04-22]
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2010-04-22]
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') [2010-04-22]
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2010-04-22]
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html [2010-04-22]
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html [2010-04-22]
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html [2010-04-22]
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2010-04-22]
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html [2010-04-22]
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html [2010-04-22]
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html [2010-04-22]
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2010-04-22]
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html [2010-04-22]
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html [2010-04-22]
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html [2010-04-22]
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html [2010-04-22]
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html [2010-04-22]
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html [2010-04-22]
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html [2010-04-22]
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html [2010-04-22]
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 [2010-04-22]
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html [2010-04-22]
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html [2010-04-22]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN [2010-04-22]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings [2010-04-22]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Pennergame - Berlin [2010-04-22]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing [2010-04-22]
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-22]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN [2010-04-22]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing [2010-04-22]
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2010-04-22]
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Australia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [2010-04-22]
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-22]
O4 - HKLM\..\Policies\Explorer\Run: []  [2010-04-22]
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM') [2010-04-22]
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE') [2010-04-22]
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE') [2010-04-22]
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user') [2010-04-22]

======Security center information======

AV: AntiVir Desktop (outdated)

======System event log======

Computer Name: ANDREW
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 00248CB3F63C. The IP address being used is 169.254.148.136.

Record Number: 8608
Source Name: Dhcp
Time Written: 20100312184753.000000+600
Event Type: warning
User:

Computer Name: ANDREW
Event Code: 240
Message: A request to suspend power was denied by winlogon.exe.

Record Number: 8584
Source Name: Win32k
Time Written: 20100312084417.000000+600
Event Type: warning
User:

Computer Name: ANDREW
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 00248CB3F63C. The IP address being used is 169.254.148.136.

Record Number: 8579
Source Name: Dhcp
Time Written: 20100312081209.000000+600
Event Type: warning
User:

Computer Name: ANDREW
Event Code: 12
Message: The device 'Atheros AR5007EG Wireless Network Adapter' (PCI\VEN_168C&DEV_001C&SUBSYS_10261A3B&REV_01\4&37028e5f&0&00E3) disappeared from the system without first being prepared for removal.

Record Number: 8575
Source Name: PlugPlayManager
Time Written: 20100312080019.000000+600
Event Type: error
User:

Computer Name: ANDREW
Event Code: 16
Message: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Record Number: 8572
Source Name: Windows Update Agent
Time Written: 20100311225845.000000+600
Event Type: error
User:

=====Application event log=====

Computer Name: ANDREW
Event Code: 20
Message:
Record Number: 485
Source Name: Google Update
Time Written: 20100117232706.000000+600
Event Type: error
User: ANDREW\Australia

Computer Name: ANDREW
Event Code: 1000
Message: Faulting application explorer.exe, version 6.0.2900.5512, stamp 48025c30, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x05e60fd1.

Record Number: 477
Source Name: .NET Runtime 2.0 Error Reporting
Time Written: 20100114223508.000000+600
Event Type: error
User:

Computer Name: ANDREW
Event Code: 20
Message:
Record Number: 468
Source Name: Google Update
Time Written: 20100112112705.000000+600
Event Type: error
User: ANDREW\Australia

Computer Name: ANDREW
Event Code: 1000
Message: Faulting application explorer.exe, version 6.0.2900.5512, stamp 48025c30, faulting module wzcdlg.dll, version 5.1.2600.5512, stamp 4802a175, debug? 0, fault address 0x000197cf.

Record Number: 466
Source Name: .NET Runtime 2.0 Error Reporting
Time Written: 20100111110339.000000+600
Event Type: error
User:

Computer Name: ANDREW
Event Code: 1000
Message: Faulting application acdseeqvpro2.exe, version 1.1.190.0, stamp 46ccdbf0, faulting module acdseeqvpro2.exe, version 1.1.190.0, stamp 46ccdbf0, debug? 0, fault address 0x00002ab0.

Record Number: 460
Source Name: .NET Runtime 2.0 Error Reporting
Time Written: 20100108152730.000000+600
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 28 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=1c02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------


3. ich hoffe hab nichts übersehen
4. OK


DANKE nochmal
__________________

Alt 23.04.2010, 16:24   #4
Sion
 
'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti - Standard

'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti



1. http://www.trojaner-board.de/74908-a...t-scanner.html
Log posten.

2. Hol dir OTL
Starte OTL
Kopiere unten in das Skript-Feld rein:

Zitat:
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
ndis.sys
ftdisk.sys
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav

Schließe alle anderen Programme.
Klicke auf Quick Scan.
Poste die beiden Logs - OTL.txt und Extras.txt (werden im gleichen Verzeichnis erstellt, in dem OTL ausgeführt wurde).

Alt 26.04.2010, 00:23   #5
trojaja
 
'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti - Standard

'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti



Sorry dass es was länger gedauert hat, war am we unterwegs und laptop blieb aus!

OTL.txt
Zitat:
OTL logfile created on: 24.04.2010 02:26:39 - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Australia\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 82,82 Gb Total Space | 0,82 Gb Free Space | 0,99% Space Free | Partition Type: NTFS
Drive D: | 61,29 Gb Total Space | 18,73 Gb Free Space | 30,56% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANDREW
Current User Name: Australia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.04.23 20:35:45 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Australia\My Documents\Downloads\OTL.exe
PRC - [2010.04.22 02:59:39 | 002,176,512 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
PRC - [2010.04.22 02:59:39 | 000,488,960 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2010.04.20 19:09:24 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 10:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.01.23 17:49:54 | 000,416,768 | ---- | M] (ELANTECH Devices Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2008.12.18 13:59:50 | 000,622,592 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
PRC - [2008.12.05 07:38:06 | 000,114,688 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsTray.exe
PRC - [2008.12.05 07:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008.11.15 08:55:56 | 000,376,832 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
PRC - [2008.05.21 19:56:24 | 000,094,208 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsEPCMon.exe
PRC - [2008.04.23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008.04.14 22:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.12.20 01:07:40 | 000,163,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2004.09.29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003.08.28 14:11:17 | 000,664,064 | ---- | M] (mysoft hxxp://www.mysoft.de) -- C:\Program Files\Winexit\Winexit.exe


========== Modules (SafeList) ==========

MOD - [2010.04.23 20:35:45 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Australia\My Documents\Downloads\OTL.exe
MOD - [2009.07.12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009.02.08 01:26:10 | 000,268,800 | ---- | M] (ELANTECH Devices Corp.) -- C:\Program Files\Elantech\ETDApix.dll
MOD - [2008.04.14 22:00:00 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2006.12.01 22:56:00 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
MOD - [2006.10.27 00:48:42 | 002,210,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
MOD - [2006.10.27 00:48:34 | 000,955,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll
MOD - [2006.10.27 00:48:02 | 000,222,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
MOD - [2006.10.27 00:47:40 | 000,022,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveNew.dll


========== Win32 Services (SafeList) ==========

SRV - [2010.04.22 02:59:39 | 000,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2010.04.20 19:09:24 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.12.05 07:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2004.09.29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010.04.22 02:59:39 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2010.03.01 09:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.08.04 00:23:53 | 000,639,224 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.05.11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 00:59:46 | 000,093,696 | ---- | M] (ELANTECH Devices Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ETD.sys -- (Ktp)
DRV - [2009.01.20 14:39:20 | 000,933,504 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
DRV - [2008.09.24 03:15:00 | 000,038,400 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2008.09.19 13:44:38 | 001,326,528 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008.09.18 20:48:58 | 004,816,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.08.12 00:14:12 | 001,752,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008.04.14 22:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.04.09 09:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2007.12.20 01:32:12 | 005,854,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://www.focus.de/"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.7
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.03 00:04:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.03 00:04:24 | 000,000,000 | ---D | M]

[2009.08.02 23:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Australia\Application Data\Mozilla\Extensions
[2010.03.29 05:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Australia\Application Data\Mozilla\Firefox\Profiles\68ovyzbr.default\extensions
[2009.09.04 10:02:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Australia\Application Data\Mozilla\Firefox\Profiles\68ovyzbr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.12.12 07:59:41 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Australia\Application Data\Mozilla\Firefox\Profiles\68ovyzbr.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.02.02 09:07:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.03.20 09:10:17 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.20 09:10:17 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.20 09:10:17 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.20 09:10:17 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.20 09:10:17 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2008.04.14 22:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELANTECH Devices Corp.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe (Crawler.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Winexit.lnk = C:\Program Files\Winexit\Winexit.exe (mysoft hxxp://www.mysoft.de)
O4 - Startup: C:\Documents and Settings\Australia\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\EeePC_green_pattern.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\EeePC_green_pattern.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.02.04 04:09:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5f5dc59c-1606-11df-84a3-9051e48dcac4}\Shell - "" = AutoRun
O33 - MountPoints2\{5f5dc59c-1606-11df-84a3-9051e48dcac4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5f5dc59c-1606-11df-84a3-9051e48dcac4}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{5f5dc59d-1606-11df-84a3-9051e48dcac4}\Shell - "" = AutoRun
O33 - MountPoints2\{5f5dc59d-1606-11df-84a3-9051e48dcac4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5f5dc59d-1606-11df-84a3-9051e48dcac4}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{5f5dc5a2-1606-11df-84a3-94ac0aec1ad1}\Shell - "" = AutoRun
O33 - MountPoints2\{5f5dc5a2-1606-11df-84a3-94ac0aec1ad1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5f5dc5a2-1606-11df-84a3-94ac0aec1ad1}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{5f5dc5a3-1606-11df-84a3-94ac0aec1ad1}\Shell - "" = AutoRun
O33 - MountPoints2\{5f5dc5a3-1606-11df-84a3-94ac0aec1ad1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5f5dc5a3-1606-11df-84a3-94ac0aec1ad1}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{5f5dc5a9-1606-11df-84a3-fca769c85c25}\Shell - "" = AutoRun
O33 - MountPoints2\{5f5dc5a9-1606-11df-84a3-fca769c85c25}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5f5dc5a9-1606-11df-84a3-fca769c85c25}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{5f5dc5aa-1606-11df-84a3-fca769c85c25}\Shell - "" = AutoRun
O33 - MountPoints2\{5f5dc5aa-1606-11df-84a3-fca769c85c25}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5f5dc5aa-1606-11df-84a3-fca769c85c25}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{6f4ff85a-b58f-11de-8473-00224393fe74}\Shell\AutoRun\command - "" = wd_windows_tools\WDSetup.exe
O33 - MountPoints2\{7bbd49af-c91b-11de-8477-cab254fafa2b}\Shell - "" = AutoRun
O33 - MountPoints2\{7bbd49af-c91b-11de-8477-cab254fafa2b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7bbd49af-c91b-11de-8477-cab254fafa2b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{7bbd49b2-c91b-11de-8477-cab254fafa2b}\Shell - "" = AutoRun
O33 - MountPoints2\{7bbd49b2-c91b-11de-8477-cab254fafa2b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7bbd49b2-c91b-11de-8477-cab254fafa2b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{7cfe34fe-19f2-11df-84a4-f7e7719ee0eb}\Shell - "" = AutoRun
O33 - MountPoints2\{7cfe34fe-19f2-11df-84a4-f7e7719ee0eb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7cfe34fe-19f2-11df-84a4-f7e7719ee0eb}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{7cfe34ff-19f2-11df-84a4-f7e7719ee0eb}\Shell - "" = AutoRun
O33 - MountPoints2\{7cfe34ff-19f2-11df-84a4-f7e7719ee0eb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7cfe34ff-19f2-11df-84a4-f7e7719ee0eb}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{7cfe3501-19f2-11df-84a4-f7e7719ee0eb}\Shell - "" = AutoRun
O33 - MountPoints2\{7cfe3501-19f2-11df-84a4-f7e7719ee0eb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7cfe3501-19f2-11df-84a4-f7e7719ee0eb}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{7cfe3504-19f2-11df-84a4-f7e7719ee0eb}\Shell - "" = AutoRun
O33 - MountPoints2\{7cfe3504-19f2-11df-84a4-f7e7719ee0eb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7cfe3504-19f2-11df-84a4-f7e7719ee0eb}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{97f21127-80a6-11de-845f-d54517746cd0}\Shell - "" = AutoRun
O33 - MountPoints2\{97f21127-80a6-11de-845f-d54517746cd0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{97f21127-80a6-11de-845f-d54517746cd0}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{97f21128-80a6-11de-845f-d54517746cd0}\Shell - "" = AutoRun
O33 - MountPoints2\{97f21128-80a6-11de-845f-d54517746cd0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{97f21128-80a6-11de-845f-d54517746cd0}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{9d6c3026-7fae-11de-845c-e7c8d430d06e}\Shell - "" = AutoRun
O33 - MountPoints2\{9d6c3026-7fae-11de-845c-e7c8d430d06e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9d6c3026-7fae-11de-845c-e7c8d430d06e}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{ca9237a2-d030-11de-847a-00224393fe74}\Shell - "" = AutoRun
O33 - MountPoints2\{ca9237a2-d030-11de-847a-00224393fe74}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ca9237a2-d030-11de-847a-00224393fe74}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{ca9237ac-d030-11de-847a-00224393fe74}\Shell\AutoRun\command - "" = explorer .
O33 - MountPoints2\{ca9237ac-d030-11de-847a-00224393fe74}\Shell\mobile\command - "" = F:\MobileLaunch.exe -- File not found
O33 - MountPoints2\{e2802592-2ab1-11df-84a5-f74041b7af63}\Shell - "" = AutoRun
O33 - MountPoints2\{e2802592-2ab1-11df-84a5-f74041b7af63}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e2802592-2ab1-11df-84a5-f74041b7af63}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{e2802593-2ab1-11df-84a5-f74041b7af63}\Shell - "" = AutoRun
O33 - MountPoints2\{e2802593-2ab1-11df-84a5-f74041b7af63}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e2802593-2ab1-11df-84a5-f74041b7af63}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{e280259b-2ab1-11df-84a5-911e02fae402}\Shell - "" = AutoRun
O33 - MountPoints2\{e280259b-2ab1-11df-84a5-911e02fae402}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e280259b-2ab1-11df-84a5-911e02fae402}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{e280259c-2ab1-11df-84a5-911e02fae402}\Shell - "" = AutoRun
O33 - MountPoints2\{e280259c-2ab1-11df-84a5-911e02fae402}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e280259c-2ab1-11df-84a5-911e02fae402}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{e9fb2356-7fc3-11de-845a-c1b44543c5b1}\Shell - "" = AutoRun
O33 - MountPoints2\{e9fb2356-7fc3-11de-845a-c1b44543c5b1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e9fb2356-7fc3-11de-845a-c1b44543c5b1}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{e9fb2358-7fc3-11de-845a-c1b44543c5b1}\Shell - "" = AutoRun
O33 - MountPoints2\{e9fb2358-7fc3-11de-845a-c1b44543c5b1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e9fb2358-7fc3-11de-845a-c1b44543c5b1}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{ea6fa975-fe50-11de-848d-ec6ca350652e}\Shell\AutoRun\command - "" = H:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{ea6fa975-fe50-11de-848d-ec6ca350652e}\Shell\Setup FlipShare\command - "" = H:\Setup_FlipShare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009.02.04 04:09:02 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (69537929998893056)

========== Files/Folders - Created Within 90 Days ==========

[2010.04.24 02:25:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.04.23 21:17:56 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.23 20:50:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Australia\Recent
[2010.04.22 23:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Australia\Application Data\Malwarebytes
[2010.04.22 23:23:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.22 23:23:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.04.22 23:23:27 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.22 23:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.04.22 23:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.04.22 02:59:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Australia\Application Data\Spyware Terminator
[2010.04.22 02:59:25 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2010.04.22 02:59:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2010.04.22 02:29:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010.04.21 19:10:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010.04.21 19:09:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010.04.21 03:43:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010.04.16 00:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010.04.15 00:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Australia\My Documents\hannah.bady
[2010.04.10 07:00:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010.04.10 07:00:08 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010.03.30 23:18:00 | 000,000,000 | ---D | C] -- C:\temp
[2010.03.30 09:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Australia\Application Data\Facebook
[2010.03.29 20:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Australia\My Documents\Doks
[2010.03.29 07:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010.03.29 07:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Australia\Application Data\Avira
[2010.03.29 07:27:18 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010.03.29 07:27:16 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.03.29 07:27:15 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010.03.29 07:27:15 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010.03.29 07:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010.03.29 07:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010.03.24 01:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2010.03.23 23:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Australia\temp
[2010.03.23 23:27:18 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010.03.23 23:26:48 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010.03.23 23:24:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Australia\Application Data\HP
[2010.03.22 20:35:51 | 000,000,000 | ---D | C] -- C:\Program Files\Audible
[2010.03.13 20:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Australia\My Documents\Australien-Vortrag
[2010.03.13 20:31:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Australia\My Documents\OneNote-Notizbücher
[2010.02.14 12:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010.02.14 00:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\3 Mobile
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010.04.24 02:15:26 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.24 02:14:53 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010.04.24 02:14:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.24 02:14:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.24 00:08:12 | 000,369,532 | ---- | M] () -- C:\Documents and Settings\Australia\Desktop\NRWTicket.pdf
[2010.04.23 23:46:01 | 000,001,204 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3749761151-401764716-3361445173-1006UA.job
[2010.04.23 21:14:06 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\Australia\Desktop\RSIT.exe
[2010.04.23 20:46:01 | 000,001,152 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3749761151-401764716-3361445173-1006Core.job
[2010.04.23 03:06:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Australia\ntuser.ini
[2010.04.23 03:06:05 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\Australia\NTUSER.DAT
[2010.04.22 06:22:13 | 000,079,360 | ---- | M] () -- C:\Documents and Settings\Australia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.22 05:03:44 | 007,440,588 | -H-- | M] () -- C:\Documents and Settings\Australia\Local Settings\Application Data\IconCache.db
[2010.04.22 02:59:39 | 000,142,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2010.04.22 02:29:34 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Australia\Desktop\HijackThis.lnk
[2010.04.22 00:30:48 | 000,014,461 | ---- | M] () -- C:\Documents and Settings\Australia\My Documents\copyright.jpg
[2010.04.21 04:28:25 | 001,116,321 | ---- | M] () -- C:\Documents and Settings\Australia\Desktop\unsa zweitwagen ;p.JPG
[2010.04.15 00:04:43 | 000,525,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.15 00:04:43 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.15 00:04:43 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.14 06:15:42 | 005,142,468 | ---- | M] () -- C:\Documents and Settings\Australia\Desktop\Berlin september 2009 018.jpg
[2010.04.14 06:15:28 | 000,428,714 | ---- | M] () -- C:\Documents and Settings\Australia\Desktop\unter den linden.jpg
[2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.03.30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.03.13 20:31:52 | 000,000,993 | ---- | M] () -- C:\Documents and Settings\Australia\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2010.03.12 08:06:55 | 000,000,532 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TEST.lnk
[2010.03.01 09:05:19 | 000,124,784 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.02.16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.01.30 00:06:15 | 000,000,663 | ---- | M] () -- C:\WINDOWS\win.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.24 00:08:11 | 000,369,532 | ---- | C] () -- C:\Documents and Settings\Australia\Desktop\NRWTicket.pdf
[2010.04.23 21:14:05 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\Australia\Desktop\RSIT.exe
[2010.04.22 02:59:39 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2010.04.22 02:29:34 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Australia\Desktop\HijackThis.lnk
[2010.04.22 00:28:37 | 000,014,461 | ---- | C] () -- C:\Documents and Settings\Australia\My Documents\copyright.jpg
[2010.04.21 04:28:22 | 001,116,321 | ---- | C] () -- C:\Documents and Settings\Australia\Desktop\unsa zweitwagen ;p.JPG
[2010.04.14 06:15:26 | 000,428,714 | ---- | C] () -- C:\Documents and Settings\Australia\Desktop\unter den linden.jpg
[2010.04.14 06:15:15 | 005,142,468 | ---- | C] () -- C:\Documents and Settings\Australia\Desktop\Berlin september 2009 018.jpg
[2010.03.23 23:58:35 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2010.03.23 23:58:35 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010.03.23 23:25:35 | 000,011,024 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010.03.13 20:31:52 | 000,000,993 | ---- | C] () -- C:\Documents and Settings\Australia\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2010.03.12 08:06:55 | 000,000,532 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TEST.lnk
[2009.10.16 10:55:03 | 000,000,114 | ---- | C] () -- C:\WINDOWS\Resize.INI
[2009.08.04 00:23:53 | 000,639,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.04.14 17:18:48 | 001,752,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009.04.14 17:18:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2009.02.20 00:23:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.02.19 22:27:17 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2009.02.04 02:54:14 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008.11.15 12:12:56 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2008.07.31 13:31:52 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2008.02.19 16:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll

========== LOP Check ==========

[2009.08.04 00:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010.04.16 00:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010.02.15 00:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010.04.23 19:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2009.02.19 23:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wireless LAN Card
[2009.08.04 00:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Australia\Application Data\ACD Systems
[2010.04.23 20:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Australia\Application Data\Azureus
[2010.03.30 09:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Australia\Application Data\Facebook
[2010.01.08 17:09:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Australia\Application Data\ICQ
[2009.08.14 08:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Australia\Application Data\SharePod
[2010.04.23 21:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Australia\Application Data\Spyware Terminator
[2009.08.19 09:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Australia\Application Data\Template

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008.04.14 22:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 22:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.04.14 22:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 22:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2008.04.14 18:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 18:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 22:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.14 22:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 22:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: FTDISK.SYS >
[2008.04.14 22:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) MD5=6AC26732762483366C3969C9E4D2259D -- C:\WINDOWS\system32\drivers\ftdisk.sys

< MD5 for: NDIS.SYS >
[2008.04.14 22:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 22:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 22:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 22:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 22:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 22:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.08.04 00:23:53 | 000,639,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2009.02.03 20:00:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.02.03 20:00:02 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.02.03 20:00:02 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >
[2010.04.24 02:26:28 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Australia\ntuser.dat.LOG
[2010.04.24 02:15:26 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.24 02:14:53 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010.04.24 02:14:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.24 02:14:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.24 01:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Australia\Desktop
[2010.04.24 00:46:50 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Australia\Cookies
[2010.04.24 00:08:12 | 000,369,532 | ---- | M] () -- C:\Documents and Settings\Australia\Desktop\NRWTicket.pdf
[2010.04.24 00:08:11 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Australia\Recent
[2010.04.23 23:46:01 | 000,001,204 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3749761151-401764716-3361445173-1006UA.job
[2010.04.23 22:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Australia\Application Data\Skype
[2010.04.23 21:45:00 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Terminator
[2010.04.23 21:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Australia\Application Data\Spyware Terminator
[2010.04.23 21:14:06 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\Australia\Desktop\RSIT.exe
[2010.04.23 20:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Australia\Application Data\Azureus
[2010.04.23 20:46:01 | 000,001,152 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3749761151-401764716-3361445173-1006Core.job
[2010.04.23 19:30:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Australia\Application Data\vlc
[2010.04.23 19:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2010.04.23 18:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Australia\Application Data\skypePM
[2010.04.23 03:06:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Australia\ntuser.ini
[2010.04.23 03:06:05 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\Australia\NTUSER.DAT
[2010.04.22 23:23:58 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Australia\Application Data
[2010.04.22 23:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Australia\Application Data\Malwarebytes
[2010.04.22 23:23:40 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.04.22 23:23:28 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2010.04.22 23:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.04.22 23:02:41 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010.04.22 06:22:13 | 000,079,360 | ---- | M] () -- C:\Documents and Settings\Australia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.22 05:03:44 | 007,440,588 | -H-- | M] () -- C:\Documents and Settings\Australia\Local Settings\Application Data\IconCache.db
[2010.04.22 02:29:34 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Australia\Desktop\HijackThis.lnk
[2010.04.22 02:29:34 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2010.04.22 00:30:48 | 000,014,461 | ---- | M] () -- C:\Documents and Settings\Australia\My Documents\copyright.jpg
[2010.04.22 00:30:48 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Australia\My Documents
[2010.04.21 20:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Australia\Local Settings\Application Data\Adobe
[2010.04.21 20:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Australia\Application Data\Adobe
[2010.04.21 19:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010.04.21 19:09:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010.04.21 06:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010.04.21 04:28:25 | 001,116,321 | ---- | M] () -- C:\Documents and Settings\Australia\Desktop\unsa zweitwagen ;p.JPG
[2010.04.21 04:22:28 | 000,011,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010.04.16 07:28:04 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2010.04.16 00:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010.04.16 00:32:10 | 000,000,000 | ---D | M] -- C:\Program Files\Azureus
[2010.04.14 06:15:42 | 005,142,468 | ---- | M] () -- C:\Documents and Settings\Australia\Desktop\Berlin september 2009 018.jpg
[2010.04.14 06:15:28 | 000,428,714 | ---- | M] () -- C:\Documents and Settings\Australia\Desktop\unter den linden.jpg
[2010.04.10 07:00:30 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2010.04.10 07:00:09 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\DivX Shared
[2010.04.10 07:00:09 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010.04.03 00:04:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010.04.02 20:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Australia\Local Settings\Application Data\Temp
[2010.03.31 21:35:19 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\Australia\SharePod.log
[2010.03.31 20:44:38 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010.03.30 09:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Australia\Application Data\Facebook
[2010.03.29 07:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Desktop
[2010.03.29 07:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Australia\Application Data\Avira
[2010.03.29 07:27:13 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2010.03.29 07:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010.03.29 05:41:40 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\DVDVideoSoft
[2010.03.24 21:23:47 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu
[2010.03.24 01:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Australia\Application Data\HP
[2010.03.24 01:24:01 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010.03.24 01:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2010.03.24 00:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Australia\temp
[2010.03.22 20:35:51 | 000,000,000 | ---D | M] -- C:\Program Files\Audible
[2010.03.16 07:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Australia\Local Settings\Application Data\Microsoft
[2010.03.15 15:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Australia\Application Data\AdobeUM
[2010.03.13 20:31:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Australia\Application Data\Microsoft
[2010.03.12 19:12:42 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Adobe
[2010.03.12 18:54:04 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010.03.10 20:01:52 | 000,000,000 | ---D | M] -- C:\Program Files\3 MobileBroadband
[2010.02.15 15:29:50 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010.02.15 00:15:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Templates
[2010.02.15 00:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010.02.15 00:13:59 | 000,000,000 | ---D | M] -- C:\Program Files\Optus Wireless Broadband
[2010.02.14 00:48:48 | 000,000,000 | ---D | M] -- C:\Program Files\3 Mobile

========== Files - Modified Within 90 Days ==========

[2010.04.24 02:15:26 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.24 02:14:53 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010.04.24 02:14:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.24 02:14:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.24 00:08:12 | 000,369,532 | ---- | M] () -- C:\Documents and Settings\Australia\Desktop\NRWTicket.pdf
[2010.04.23 23:46:01 | 000,001,204 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3749761151-401764716-3361445173-1006UA.job
[2010.04.23 21:14:06 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\Australia\Desktop\RSIT.exe
[2010.04.23 20:46:01 | 000,001,152 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3749761151-401764716-3361445173-1006Core.job
[2010.04.23 03:06:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Australia\ntuser.ini
[2010.04.23 03:06:05 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\Australia\NTUSER.DAT
[2010.04.22 06:22:13 | 000,079,360 | ---- | M] () -- C:\Documents and Settings\Australia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.22 05:03:44 | 007,440,588 | -H-- | M] () -- C:\Documents and Settings\Australia\Local Settings\Application Data\IconCache.db
[2010.04.22 02:59:39 | 000,142,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2010.04.22 02:29:34 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Australia\Desktop\HijackThis.lnk
[2010.04.22 00:30:48 | 000,014,461 | ---- | M] () -- C:\Documents and Settings\Australia\My Documents\copyright.jpg
[2010.04.21 04:28:25 | 001,116,321 | ---- | M] () -- C:\Documents and Settings\Australia\Desktop\unsa zweitwagen ;p.JPG
[2010.04.15 00:04:43 | 000,525,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.15 00:04:43 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.15 00:04:43 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.14 06:15:42 | 005,142,468 | ---- | M] () -- C:\Documents and Settings\Australia\Desktop\Berlin september 2009 018.jpg
[2010.04.14 06:15:28 | 000,428,714 | ---- | M] () -- C:\Documents and Settings\Australia\Desktop\unter den linden.jpg
[2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.03.30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== LOP Check ==========

[2009.08.04 00:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010.04.16 00:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010.02.15 00:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010.04.23 19:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2009.02.19 23:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wireless LAN Card
[2009.08.04 00:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Australia\Application Data\ACD Systems
[2010.04.23 20:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Australia\Application Data\Azureus
[2010.03.30 09:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Australia\Application Data\Facebook
[2010.01.08 17:09:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Australia\Application Data\ICQ
[2009.08.14 08:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Australia\Application Data\SharePod
[2010.04.23 21:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Australia\Application Data\Spyware Terminator
[2009.08.19 09:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Australia\Application Data\Template

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008.04.14 22:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 22:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.04.14 22:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 22:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2008.04.14 18:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 18:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 22:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.14 22:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 22:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: FTDISK.SYS >
[2008.04.14 22:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) MD5=6AC26732762483366C3969C9E4D2259D -- C:\WINDOWS\system32\drivers\ftdisk.sys

< MD5 for: NDIS.SYS >
[2008.04.14 22:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 22:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 22:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 22:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 22:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 22:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.08.04 00:23:53 | 000,639,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2009.02.03 20:00:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.02.03 20:00:02 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.02.03 20:00:02 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< End of report >


Alt 26.04.2010, 00:33   #6
trojaja
 
'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti - Standard

'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti



.................................

Alt 26.04.2010, 00:35   #7
trojaja
 
'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti - Standard

'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti



** (gehört noch in die Extras.txt)

Error - 08.04.2010 07:06:04 | Computer Name = ANDREW | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.



krieg das 'from' nicht hin, es klappt nicht wenn ich die internetadresse da stehen lasse, auch mit *

Geändert von trojaja (26.04.2010 um 01:08 Uhr)

Alt 26.04.2010, 00:43   #8
trojaja
 
'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti - Standard

'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti



Extras.txt
Zitat:
OTL Extras logfile created on: 24.04.2010 02:26:39 - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Australia\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 82,82 Gb Total Space | 0,82 Gb Free Space | 0,99% Space Free | Partition Type: NTFS
Drive D: | 61,29 Gb Total Space | 18,73 Gb Free Space | 30,56% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANDREW
Current User Name: Australia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 2.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee Pro\2.0\ACDSeeQVPro2.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Documents and Settings\Australia\Local Settings\Temp\WZSE0.TMP\UpgradeWizard\upgradeST.exe" = C:\Documents and Settings\Australia\Local Settings\Temp\WZSE0.TMP\UpgradeWizard\upgradeST.exe:*:Enabled:SpeedTouch Upgrade Wizard -- File not found
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\DOCUME~1\AUSTRA~1\LOCALS~1\Temp\IXP000.TMP\crypted.exe" = C:\DOCUME~1\AUSTRA~1\LOCALS~1\Temp\IXP000.TMP\crypted.exe:*:Enabled:Windows Messanger -- ()
"C:\DOCUME~1\AUSTRA~1\LOCALS~1\Temp\winlogon.exe" = C:\DOCUME~1\AUSTRA~1\LOCALS~1\Temp\winlogon.exe:*:Enabled:Windows Messanger -- File not found
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" = C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator -- (Crawler.com)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 17
"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}" = ACDSee Pro 2
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6E4DAE31-7CF3-441A-B6E5-B014D63C80CD}" = Eee Instant Key
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"8461-7759-5462-8226" = Vuze
"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azureus" = Azureus
"CCleaner" = CCleaner
"Eee Storage" = Eee Storage
"Elantech" = ETDWare PS/2-x86 7.0.4.3 WHQL
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"IsoBuster_is1" = IsoBuster 1.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SecureW2 EAP Suite" = SecureW2 EAP Suite 2.0.2 for Windows
"Spyware Terminator_is1" = Spyware Terminator
"Uninstall_is1" = Uninstall 1.0.0.1
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"VLC media player" = VLC media player 1.0.1
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Winexit_is1" = Winexit 3.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03.04.2010 11:46:05 | Computer Name = ANDREW | Source = Google Update | ID = 20
Description =

Error - 05.04.2010 09:46:06 | Computer Name = ANDREW | Source = Google Update | ID = 20
Description =

Error - 05.04.2010 10:46:05 | Computer Name = ANDREW | Source = Google Update | ID = 20
Description =

Error - 05.04.2010 11:46:05 | Computer Name = ANDREW | Source = Google Update | ID = 20
Description =

Error - 08.04.2010 07:05:48 | Computer Name = ANDREW | Source = ESENT | ID = 490
Description = svchost (1176) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

**

Error - 08.04.2010 18:46:05 | Computer Name = ANDREW | Source = Google Update | ID = 20
Description =

Error - 08.04.2010 19:46:05 | Computer Name = ANDREW | Source = Google Update | ID = 20
Description =

Error - 08.04.2010 20:46:05 | Computer Name = ANDREW | Source = Google Update | ID = 20
Description =

Error - 10.04.2010 14:46:16 | Computer Name = ANDREW | Source = Google Update | ID = 20
Description =

[ OSession Events ]
Error - 23.03.2010 09:48:32 | Computer Name = ANDREW | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2260
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 23.04.2010 03:23:06 | Computer Name = ANDREW | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 23.04.2010 05:11:36 | Computer Name = ANDREW | Source = PlugPlayManager | ID = 12
Description = The device 'Atheros AR5007EG Wireless Network Adapter' (PCI\VEN_168C&DEV_001C&SUBSYS_10261A3B&REV_01\4&37028e5f&0&00E3)
disappeared from the system without first being prepared for removal.

Error - 23.04.2010 05:55:18 | Computer Name = ANDREW | Source = PlugPlayManager | ID = 12
Description = The device 'Atheros AR5007EG Wireless Network Adapter' (PCI\VEN_168C&DEV_001C&SUBSYS_10261A3B&REV_01\4&37028e5f&0&00E3)
disappeared from the system without first being prepared for removal.

Error - 23.04.2010 06:19:52 | Computer Name = ANDREW | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 23.04.2010 06:19:52 | Computer Name = ANDREW | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 23.04.2010 10:46:58 | Computer Name = ANDREW | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 23.04.2010 10:46:58 | Computer Name = ANDREW | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 23.04.2010 11:09:16 | Computer Name = ANDREW | Source = PlugPlayManager | ID = 12
Description = The device 'Atheros AR5007EG Wireless Network Adapter' (PCI\VEN_168C&DEV_001C&SUBSYS_10261A3B&REV_01\4&37028e5f&0&00E3)
disappeared from the system without first being prepared for removal.

Error - 23.04.2010 12:14:39 | Computer Name = ANDREW | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 23.04.2010 12:14:39 | Computer Name = ANDREW | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.


< End of report >

Geändert von trojaja (26.04.2010 um 00:51 Uhr)

Alt 26.04.2010, 09:24   #9
trojaja
 
'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti - Standard

'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti



so und hier noch Gmer

Zitat:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-04-26 17:08:01
Windows 5.1.2600 Service Pack 3
Running: GMER.rootkit.exe; Driver: C:\DOCUME~1\AUSTRA~1\LOCALS~1\Temp\uwtdrpob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose [0xA138788E]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0xA13870EC]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0xA1386DCE]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0xA1388938]
SSDT A1A94434 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0xA1386ED8]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0xA1386FC2]
SSDT sptd.sys ZwEnumerateKey [0xB9ED684C]
SSDT sptd.sys ZwEnumerateValueKey [0xB9ED6BEC]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0xA1387BBC]
SSDT A1A94452 ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0xA13873F4]
SSDT sptd.sys ZwOpenKey [0xB9ED1090]
SSDT A1A94420 ZwOpenProcess
SSDT A1A94425 ZwOpenThread
SSDT sptd.sys ZwQueryKey [0xB9ED6CC4]
SSDT sptd.sys ZwQueryValueKey [0xB9ED6B44]
SSDT A1A9445C ZwReplaceKey
SSDT A1A94457 ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0xA1387526]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0xA1386BFC]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0xA1387B04]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0xA138770C]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload B84EA8AC 5 Bytes JMP 8A16C960
? System32\Drivers\ar7mhhv3.SYS The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[928] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006D000A
.text C:\WINDOWS\System32\svchost.exe[928] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 006E000A
.text C:\WINDOWS\System32\svchost.exe[928] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006C000C
.text C:\WINDOWS\System32\svchost.exe[928] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0674000A
.text C:\WINDOWS\System32\svchost.exe[928] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0673000A
.text C:\WINDOWS\Explorer.EXE[1488] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[1488] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\Explorer.EXE[1488] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9ED1ABA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9ED1C00] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9ED1B82] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9ED272E] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9ED2604] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EE4B9A] sptd.sys

---- Devices - GMER 1.0.15 ----

Device 8A38F1D8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device 85B9D1D8
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device \Driver\00000092 \Device\00000043 sptd.sys
Device \Driver\usbehci \Device\USBPDO-0 8A2177B8
Device \Driver\usbuhci \Device\USBPDO-1 8A1701D8
Device \Driver\usbuhci \Device\USBPDO-2 8A1701D8
Device \Driver\usbuhci \Device\USBPDO-3 8A1701D8
Device \Driver\usbuhci \Device\USBPDO-4 8A1701D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A4011D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A4011D8
Device \Driver\Cdrom \Device\CdRom0 8A33B980
Device \Driver\usbstor \Device\00000072 85BD4980
Device \Driver\usbstor \Device\00000073 85BD4980
Device \Driver\atapi \Device\Ide\IdePort0 [B9E4BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9E4BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A4011D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A4011D8
Device \Driver\NetBT \Device\NetBt_Wins_Export 89AD01D8
Device \Driver\NetBT \Device\NetbiosSmb 89AD01D8
Device \Driver\usbuhci \Device\USBFDO-0 8A1701D8
Device \Driver\usbuhci \Device\USBFDO-1 8A1701D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89FF3980
Device \Driver\usbuhci \Device\USBFDO-2 8A1701D8
Device 89FF3980
Device \Driver\usbuhci \Device\USBFDO-3 8A1701D8
Device \Driver\usbehci \Device\USBFDO-4 8A2177B8
Device \Driver\Ftdisk \Device\FtControl 8A4011D8
Device \Driver\ar7mhhv3 \Device\Scsi\ar7mhhv31 8A0CA1D8
Device \Driver\ar7mhhv3 \Device\Scsi\ar7mhhv31Port2Path0Target0Lun0 8A0CA1D8

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 8A183980
Device -> \Driver\atapi \Device\Harddisk0\DR0 8A272AC8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 575998886
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1875039953
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x89 0xF8 0x82 0xA0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0F 0x0B 0xC7 0xFB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x45 0xB0 0x0F 0x71 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x89 0xF8 0x82 0xA0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0F 0x0B 0xC7 0xFB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x45 0xB0 0x0F 0x71 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Alt 26.04.2010, 14:44   #10
trojaja
 
'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti - Standard

'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti



hab gerade nochmal avira antivir durchlaufen lassen, 9 funde. alles entfernt aber der virus oder die viren treiben wieter ihr unwesen...

hier der report:

Zitat:

Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Montag, 26. April 2010 21:21

Es wird nach 2035268 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows XP
Windowsversion : (Service Pack 3) [5.1.2600]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ANDREW

Versionsinformationen:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:50:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/20/2010 09:09:24
AVSCAN.DLL : 10.0.3.0 56168 Bytes 4/20/2010 09:09:24
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 08:32:59
LUKERES.DLL : 10.0.0.0 13672 Bytes 1/14/2010 01:59:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 23:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 09:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 07:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 06:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 01:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 17:21:20
VBASE006.VDF : 7.10.6.83 2048 Bytes 4/15/2010 17:21:20
VBASE007.VDF : 7.10.6.84 2048 Bytes 4/15/2010 17:21:21
VBASE008.VDF : 7.10.6.85 2048 Bytes 4/15/2010 17:21:21
VBASE009.VDF : 7.10.6.86 2048 Bytes 4/15/2010 17:21:21
VBASE010.VDF : 7.10.6.87 2048 Bytes 4/15/2010 17:21:21
VBASE011.VDF : 7.10.6.88 2048 Bytes 4/15/2010 17:21:21
VBASE012.VDF : 7.10.6.89 2048 Bytes 4/15/2010 17:21:21
VBASE013.VDF : 7.10.6.90 2048 Bytes 4/15/2010 17:21:21
VBASE014.VDF : 7.10.6.123 126464 Bytes 4/19/2010 09:09:24
VBASE015.VDF : 7.10.6.152 123392 Bytes 4/21/2010 14:05:16
VBASE016.VDF : 7.10.6.178 122880 Bytes 4/22/2010 14:05:17
VBASE017.VDF : 7.10.6.179 2048 Bytes 4/22/2010 14:05:17
VBASE018.VDF : 7.10.6.180 2048 Bytes 4/22/2010 14:05:17
VBASE019.VDF : 7.10.6.181 2048 Bytes 4/22/2010 14:05:17
VBASE020.VDF : 7.10.6.182 2048 Bytes 4/22/2010 14:05:17
VBASE021.VDF : 7.10.6.183 2048 Bytes 4/22/2010 14:05:17
VBASE022.VDF : 7.10.6.184 2048 Bytes 4/22/2010 14:05:18
VBASE023.VDF : 7.10.6.185 2048 Bytes 4/22/2010 14:05:18
VBASE024.VDF : 7.10.6.186 2048 Bytes 4/22/2010 14:05:18
VBASE025.VDF : 7.10.6.187 2048 Bytes 4/22/2010 14:05:18
VBASE026.VDF : 7.10.6.188 2048 Bytes 4/22/2010 14:05:18
VBASE027.VDF : 7.10.6.189 2048 Bytes 4/22/2010 14:05:18
VBASE028.VDF : 7.10.6.190 2048 Bytes 4/22/2010 14:05:18
VBASE029.VDF : 7.10.6.191 2048 Bytes 4/22/2010 14:05:18
VBASE030.VDF : 7.10.6.192 2048 Bytes 4/22/2010 14:05:18
VBASE031.VDF : 7.10.6.196 40960 Bytes 4/23/2010 14:05:19
Engineversion : 8.2.1.220
AEVDF.DLL : 8.1.1.3 106868 Bytes 2/13/2010 02:16:21
AESCRIPT.DLL : 8.1.3.26 1286521 Bytes 4/17/2010 17:21:51
AESCN.DLL : 8.1.5.0 127347 Bytes 2/25/2010 08:38:41
AESBX.DLL : 8.1.2.1 254323 Bytes 3/17/2010 01:09:47
AERDL.DLL : 8.1.4.6 541043 Bytes 4/17/2010 17:21:48
AEPACK.DLL : 8.2.1.1 426358 Bytes 3/28/2010 21:29:41
AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/17/2010 01:09:46
AEHEUR.DLL : 8.1.1.24 2613623 Bytes 4/17/2010 17:21:44
AEHELP.DLL : 8.1.11.3 242039 Bytes 4/2/2010 14:07:41
AEGEN.DLL : 8.1.3.7 373106 Bytes 4/17/2010 17:21:30
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/9/2009 23:04:22
AECORE.DLL : 8.1.13.1 188790 Bytes 4/2/2010 14:07:39
AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2009 02:15:06
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 01:59:10
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 01:59:07
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 06:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/20/2010 09:09:24
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/20/2010 09:09:24
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/20/2010 09:09:24
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/25/2010 23:53:25
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 02:57:53
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 05:38:54
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 04:40:55
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 03:10:08
RCTEXT.DLL : 10.0.53.0 98152 Bytes 4/20/2010 09:09:24

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: c:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel

Beginn des Suchlaufs: Montag, 26. April 2010 21:21

Der Suchlauf nach versteckten Objekten wird begonnen.
c:\windows\system32\ntmsdata\ntmsjrnl
c:\WINDOWS\system32\NtmsData
[HINWEIS] Die Datei ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
c:\windows\system32\ctfmon.exe
c:\WINDOWS\system32\ctfmon.exe
[HINWEIS] Der Prozess ist nicht sichtbar.
c:\program files\eeepc\acpi\asacpisvr.exe
c:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
[HINWEIS] Der Prozess ist nicht sichtbar.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'rsmsink.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'logon.scr' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskmgr.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'msdtc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'dllhost.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'dllhost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'alg.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'Winexit.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'SuperHybridEngine.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxext.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'ctfmon.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'SpywareTerminatorShield.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'GrooveMonitor.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'Acrotray.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsEPCMon.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsAcpiSvr.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsTray.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDCtrl.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'RTHDCPL.EXE' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'sp_rsser.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPZipm12.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'jqs.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '181' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '191' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '403' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Documents and Settings\Australia\Local Settings\Temp\IXP001.TMP\crypted.exe
[FUND] Ist das Trojanische Pferd TR/Agent.311296
C:\Documents and Settings\Australia\Local Settings\Temp\IXP002.TMP\crypted.exe
[FUND] Ist das Trojanische Pferd TR/Agent.311296
C:\Documents and Settings\Australia\Local Settings\Temp\IXP003.TMP\crypted.exe
[FUND] Ist das Trojanische Pferd TR/Agent.311296
C:\Documents and Settings\Australia\Local Settings\Temp\IXP004.TMP\crypted.exe
[FUND] Ist das Trojanische Pferd TR/Agent.311296
C:\Documents and Settings\Australia\Local Settings\Temp\IXP005.TMP\crypted.exe
[FUND] Ist das Trojanische Pferd TR/Agent.311296
C:\Documents and Settings\Australia\Local Settings\Temp\IXP006.TMP\crypted.exe
[FUND] Ist das Trojanische Pferd TR/Agent.311296
C:\Documents and Settings\Australia\Local Settings\Temp\IXP007.TMP\crypted.exe
[FUND] Ist das Trojanische Pferd TR/Agent.311296
C:\Documents and Settings\Australia\Local Settings\Temp\IXP008.TMP\crypted.exe
[FUND] Ist das Trojanische Pferd TR/Agent.311296
C:\WINDOWS\Temp\nkwt.tmp\svchost.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen
Beginne mit der Suche in 'D:\'

Beginne mit der Desinfektion:
C:\WINDOWS\Temp\nkwt.tmp\svchost.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '46fe2e00.qua' verschoben!
C:\Documents and Settings\Australia\Local Settings\Temp\IXP008.TMP\crypted.exe
[FUND] Ist das Trojanische Pferd TR/Agent.311296
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5e1f01a3.qua' verschoben!
C:\Documents and Settings\Australia\Local Settings\Temp\IXP007.TMP\crypted.exe
[FUND] Ist das Trojanische Pferd TR/Agent.311296
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0c405b4b.qua' verschoben!
C:\Documents and Settings\Australia\Local Settings\Temp\IXP006.TMP\crypted.exe
[FUND] Ist das Trojanische Pferd TR/Agent.311296
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '6a771489.qua' verschoben!
C:\Documents and Settings\Australia\Local Settings\Temp\IXP005.TMP\crypted.exe
[FUND] Ist das Trojanische Pferd TR/Agent.311296
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '2ff339b7.qua' verschoben!
C:\Documents and Settings\Australia\Local Settings\Temp\IXP004.TMP\crypted.exe
[FUND] Ist das Trojanische Pferd TR/Agent.311296
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50e80bd6.qua' verschoben!
C:\Documents and Settings\Australia\Local Settings\Temp\IXP003.TMP\crypted.exe
[FUND] Ist das Trojanische Pferd TR/Agent.311296
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1c50279c.qua' verschoben!
C:\Documents and Settings\Australia\Local Settings\Temp\IXP002.TMP\crypted.exe
[FUND] Ist das Trojanische Pferd TR/Agent.311296
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '604867cc.qua' verschoben!
C:\Documents and Settings\Australia\Local Settings\Temp\IXP001.TMP\crypted.exe
[FUND] Ist das Trojanische Pferd TR/Agent.311296
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4d124881.qua' verschoben!


Ende des Suchlaufs: Montag, 26. April 2010 22:42
Benötigte Zeit: 1:20:50 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

6271 Verzeichnisse wurden überprüft
356298 Dateien wurden geprüft
9 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
9 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
356289 Dateien ohne Befall
10405 Archive wurden durchsucht
0 Warnungen
9 Hinweise
409650 Objekte wurden beim Rootkitscan durchsucht
4 Versteckte Objekte wurden gefunden

Alt 26.04.2010, 20:28   #11
Sion
 
'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti - Standard

'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti



Ja, du hast da einen Rootkit, einen neuen dazu.

Mal sehen, ob Combofix irgendwas ausrichten kann:

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Den Leitfaden genau beachten und befolgen, ComboFix versteht kein Spaß.
Poste anschließend das ComboFix-Log.

Alt 26.04.2010, 22:00   #12
trojaja
 
'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti - Standard

'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti



soooo und da is es auch schon

Zitat:
ComboFix 10-04-26.02 - Australia 27.04.2010 5:48.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1521 [GMT 10:00]
Running from: c:\documents and settings\Australia\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-3781670050-231601534-3841403575-1003
c:\windows\system32\Thumbs.db

Infected copy of c:\windows\system32\drivers\ftdisk.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-03-26 to 2010-04-26 )))))))))))))))))))))))))))))))
.

2010-04-23 16:25 . 2010-04-23 16:25 -------- d-----w- C:\_OTL
2010-04-23 11:17 . 2010-04-23 11:19 -------- d-----w- C:\rsit
2010-04-22 13:23 . 2010-04-22 13:23 -------- d-----w- c:\documents and settings\Australia\Application Data\Malwarebytes
2010-04-22 13:23 . 2010-03-29 14:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-22 13:23 . 2010-04-22 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-22 13:23 . 2010-03-29 14:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-22 13:23 . 2010-04-22 13:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-22 13:02 . 2010-04-22 13:02 -------- d-----w- c:\program files\CCleaner
2010-04-21 16:59 . 2010-04-21 16:59 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2010-04-21 16:59 . 2010-04-21 16:59 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2010-04-21 16:59 . 2010-04-21 16:59 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-04-21 16:59 . 2010-04-26 13:10 -------- d-----w- c:\documents and settings\Australia\Application Data\Spyware Terminator
2010-04-21 16:59 . 2010-04-26 19:47 -------- d-----w- c:\program files\Spyware Terminator
2010-04-21 16:59 . 2010-04-26 19:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-04-21 16:29 . 2010-04-21 16:29 -------- d-----w- c:\program files\Trend Micro
2010-04-20 20:28 . 2010-04-20 20:28 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-15 17:20 . 2010-04-15 17:20 6123008 ----a-w- c:\documents and settings\Australia\Application Data\Azureus\plugins\azemp\vuzeplayer.exe
2010-04-15 14:32 . 2010-04-15 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2010-04-09 21:00 . 2010-04-09 21:00 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-04-09 21:00 . 2010-04-09 21:00 -------- d-----w- c:\program files\DivX
2010-03-30 13:18 . 2010-03-30 13:18 -------- d-----w- c:\temp\HP All-in-One Series Web Release
2010-03-30 13:18 . 2010-03-30 13:18 -------- d-----w- C:\temp
2010-03-29 23:36 . 2010-03-29 23:36 50354 ----a-w- c:\documents and settings\Australia\Application Data\Facebook\uninstall.exe
2010-03-29 23:35 . 2010-03-29 23:36 -------- d-----w- c:\documents and settings\Australia\Application Data\Facebook
2010-03-28 21:31 . 2010-04-26 12:34 -------- d-----w- c:\windows\system32\NtmsData
2010-03-28 21:28 . 2010-03-28 21:28 -------- d-----w- c:\documents and settings\Australia\Application Data\Avira
2010-03-28 21:27 . 2010-02-28 23:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-28 21:27 . 2009-05-11 01:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-28 21:27 . 2009-05-11 01:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-28 21:27 . 2010-03-28 21:27 -------- d-----w- c:\program files\Avira
2010-03-28 21:27 . 2010-03-28 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-26 19:01 . 2009-08-01 13:08 -------- d-----w- c:\documents and settings\Australia\Application Data\Skype
2010-04-26 16:12 . 2009-08-02 13:24 -------- d-----w- c:\documents and settings\Australia\Application Data\skypePM
2010-04-23 10:50 . 2009-09-10 06:49 -------- d-----w- c:\documents and settings\Australia\Application Data\Azureus
2010-04-23 09:30 . 2009-08-05 13:41 -------- d-----w- c:\documents and settings\Australia\Application Data\vlc
2010-04-15 21:28 . 2009-08-03 15:01 -------- d-----w- c:\program files\Winamp
2010-04-15 14:32 . 2009-09-10 06:43 -------- d-----w- c:\program files\Azureus
2010-03-28 19:41 . 2009-08-13 04:40 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-03-23 15:25 . 2010-03-23 13:24 -------- d-----w- c:\documents and settings\Australia\Application Data\HP
2010-03-23 15:24 . 2010-03-23 13:27 -------- d-----w- c:\program files\HP
2010-03-23 15:23 . 2010-03-23 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-03-22 10:35 . 2010-03-22 10:35 -------- d-----w- c:\program files\Audible
2010-03-15 05:58 . 2009-08-07 04:18 -------- d-----w- c:\documents and settings\Australia\Application Data\AdobeUM
2010-03-12 09:12 . 2009-02-19 12:32 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-10 10:01 . 2009-08-03 00:24 -------- d-----w- c:\program files\3 MobileBroadband
2010-03-10 06:15 . 2009-02-03 16:54 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\documents and settings\Australia\Application Data\Facebook\axfbootloader.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Australia\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-02-25 06:24 . 2009-02-03 16:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2009-02-03 16:54 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2008-04-14 00:54 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2008-04-14 00:01 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 03:24 . 2009-10-12 00:27 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-12 10:03 . 2010-03-12 08:48 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2009-02-03 16:53 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2009-02-03 16:54 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2008-05-07 08:34 . 2009-02-19 12:33 15523560 ----a-w- c:\program files\U1 Setup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2008-07-25 01:16 282112 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2008-07-25 01:16 282112 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-18 16855040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-01-23 416768]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-12-04 114688]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-12-18 622592]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-22 483328]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2010-04-21 2176512]

c:\documents and settings\Australia\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2009-8-4 25214]
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-2-19 376832]
Winexit.lnk - c:\program files\Winexit\Winexit.exe [2003-8-28 664064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-11 03:51 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2008-12-03 03:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [22.04.2010 02:59 142592]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [29.03.2010 07:27 135336]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [19.02.2009 22:28 933504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04.08.2009 00:23 639224]
.
Contents of the 'Scheduled Tasks' folder

2010-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3749761151-401764716-3361445173-1006Core.job
- c:\documents and settings\Australia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-10 07:22]

2010-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3749761151-401764716-3361445173-1006UA.job
- c:\documents and settings\Australia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-10 07:22]
.
.
------- Supplementary Scan -------
.
IE: Save YouTube Video as MP3
FF - ProfilePath - c:\documents and settings\Australia\Application Data\Mozilla\Firefox\Profiles\68ovyzbr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.focus.de/
FF - plugin: c:\documents and settings\Australia\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Australia\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2010-04-27 05:57:19
ComboFix-quarantined-files.txt 2010-04-26 19:57

Pre-Run: 698.155.008 bytes free
Post-Run: 1.045.020.672 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 85BA61D2F579D547343F46EE700560BB

Alt 26.04.2010, 22:49   #13
Sion
 
'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti - Standard

'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti



Schön, Kitty hat was erwischt.

1.http://www.trojaner-board.de/51187-a...i-malware.html (Quick Scan)
Denk daran die evt. Funde zu entfernen (s. Anleitung).
Log posten.

2. Poste ein frisches Gmer-Log.

3. Lade die Datei
Zitat:
c:\program files\Winexit\Winexit.exe
bei VirusTotal hoch und poste den Link zum Ergebnis der Auswertung.

Alt 26.04.2010, 23:01   #14
trojaja
 
'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti - Standard

'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti



Kitty is die beste!!! *freu*

Zitat:
Zitat von Sion Beitrag anzeigen

3. Lade die Datei

bei VirusTotal hoch und poste den Link zum Ergebnis der Auswertung.
hxxp://www.virustotal.com/de/analisis/b49686767962dbb7945f89755089bf6173844f48143ef8072d63d4ef7ae5ceef-1272315476

(mit winexit stelle ich mir manchmal ne art sleeptimer damit rechner nich ganze nach läuft )

Alt 26.04.2010, 23:03   #15
trojaja
 
'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti - Standard

'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti



Zitat:
Zitat von Sion Beitrag anzeigen
1.http://www.trojaner-board.de/51187-a...i-malware.html (Quick Scan)
Denk daran die evt. Funde zu entfernen (s. Anleitung).
Log posten.
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4040

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

27.04.2010 07:02:15
mbam-log-2010-04-27 (07-02-15).txt

Scan type: Quick scan
Objects scanned: 103045
Time elapsed: 6 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Antwort

Themen zu 'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti
aktiv, anfang, anleitung, anti-malware, antivir, applaus, browser, detected, explorer, firewall, firewall inaktiv, hijack, hijackthis, infected, internetseite, leerer ordner, min, nicht gefunden, nicht mehr, ordner, problem, seite, seiten, temp, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.xpack.gen2, virus, win, windows, öffnen



Ähnliche Themen: 'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti


  1. Win 7 64BIT TR/Crypt.XPACK.Gen2' [trojan]
    Log-Analyse und Auswertung - 22.01.2014 (7)
  2. TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden
    Log-Analyse und Auswertung - 31.10.2012 (51)
  3. TR/Crypt.XPACK.Gen2 von Antivir gefunden
    Log-Analyse und Auswertung - 29.10.2012 (3)
  4. AntiVir hat folgede Viren gefunden: TR/Crypt.ZPACK.Gen2' & 'TR/Crypt.XPACK.Gen5' [trojan
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (33)
  5. TR/Crypt.XPACK.Gen2 Trojaner gefunden
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  6. TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 04.12.2011 (1)
  7. TR/Crypt.XPACK.Gen und TR/Crypt.ZPACK.Gen2 gefunden PC extrem langsam
    Log-Analyse und Auswertung - 19.10.2011 (8)
  8. 'TR/Crypt.XPACK.Gen2' [trojan] von Avira Antivir gefunden, taucht nach entfernen wieder auf
    Log-Analyse und Auswertung - 29.09.2011 (21)
  9. TR/Crypt.XPACK.Gen2 auf meinem PC gefunden
    Plagegeister aller Art und deren Bekämpfung - 13.07.2011 (17)
  10. TR/Crypt.XPACK.Gen3 - nach formatierung von C: TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (9)
  11. Trojaner TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.09.2010 (17)
  12. TR/Crypt.XPACK.Gen2 gefunden - was nun?
    Plagegeister aller Art und deren Bekämpfung - 28.08.2010 (16)
  13. Trojaner TR/Crypt.XPACK.Gen2 gefunden. Was nun?
    Plagegeister aller Art und deren Bekämpfung - 25.08.2010 (1)
  14. Trojaner Gefunden - TR/Crypt.XPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 18.08.2010 (1)
  15. TR/Crypt.XPACK.Gen2 gefunden in Datei
    Plagegeister aller Art und deren Bekämpfung - 28.07.2010 (16)
  16. TR/Crypt.XPACK.Gen2 und TR/Agent.193536 gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.06.2010 (5)
  17. TR/Crypt.XPACK.Gen2' [trojan].
    Plagegeister aller Art und deren Bekämpfung - 18.05.2010 (16)

Zum Thema 'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti - Hallo zusammen! Hab mir seit paar tagen was eingefangen. Mit antivir und HijackThis komme ich nicht weiter und bitte euch um eure hilfe. würde nur sehr sehr ungern WIN runterschmeissen... - 'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti...
Archiv
Du betrachtest: 'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.