| |
| |||||||
Log-Analyse und Auswertung: Viren, Malware, Spyware, bitte um Hilfe!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
23.12.2010, 13:59
| #16 |
 |  Viren, Malware, Spyware, bitte um Hilfe! ok. fertig. hier: Combofix Logfile: Code:
ATTFilter ComboFix 10-12-22.05 - tita 23.12.2010 13:53:18.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.43.1033.18.2038.1659 [GMT 1:00]
ausgeführt von:: e:\documents and settings\tita\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
e:\documents and settings\tita\Application Data\completescan
e:\documents and settings\tita\Application Data\desktop.ini
e:\documents and settings\tita\Application Data\install
e:\documents and settings\tita\Application Data\xssend2
e:\windows\Tasks\At1.job
e:\windows\Tasks\At10.job
e:\windows\Tasks\At11.job
e:\windows\Tasks\At12.job
e:\windows\Tasks\At13.job
e:\windows\Tasks\At14.job
e:\windows\Tasks\At15.job
e:\windows\Tasks\At16.job
e:\windows\Tasks\At17.job
e:\windows\Tasks\At18.job
e:\windows\Tasks\At19.job
e:\windows\Tasks\At2.job
e:\windows\Tasks\At20.job
e:\windows\Tasks\At21.job
e:\windows\Tasks\At22.job
e:\windows\Tasks\At23.job
e:\windows\Tasks\At24.job
e:\windows\Tasks\At3.job
e:\windows\Tasks\At4.job
e:\windows\Tasks\At5.job
e:\windows\Tasks\At6.job
e:\windows\Tasks\At7.job
e:\windows\Tasks\At8.job
e:\windows\Tasks\At9.job
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((( Dateien erstellt von 2010-11-23 bis 2010-12-23 ))))))))))))))))))))))))))))))
.
2010-12-22 23:09 . 2010-12-22 23:09 20480 ----a-w- e:\windows\system32\drivers\ndisrd.sys
2010-12-22 23:06 . 2010-12-23 11:13 -------- d-----w- e:\documents and settings\tita\Application Data\zfeukcliqtpgjnqsixwle3bpj13mqvi2
2010-12-22 20:12 . 2010-12-22 20:12 -------- d-----w- e:\documents and settings\tita\Local Settings\Application Data\softonic-de3
2010-12-22 19:07 . 2010-12-22 19:07 -------- d-----w- e:\documents and settings\Administrator
2010-12-22 15:11 . 2010-12-22 15:11 -------- d-----w- e:\documents and settings\tita\Application Data\Malwarebytes
2010-12-22 15:11 . 2010-11-29 16:42 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-12-22 15:11 . 2010-12-22 15:11 -------- d-----w- e:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-22 15:11 . 2010-12-23 11:10 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2010-12-22 15:11 . 2010-11-29 16:42 20952 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-12-21 17:23 . 2010-12-21 17:23 -------- d-----w- e:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-12-21 12:12 . 2010-12-21 12:12 -------- d-----w- e:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-12-19 23:20 . 2010-12-22 18:41 -------- d-----w- E:\CBSSC
2010-12-15 23:43 . 2010-12-15 23:43 -------- d-----w- e:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-12-15 23:39 . 2010-12-23 00:16 -------- d-----w- e:\documents and settings\tita\Application Data\skypePM
2010-12-15 23:38 . 2010-12-22 20:02 -------- d-----w- e:\documents and settings\tita\Local Settings\Application Data\Temp
2010-12-15 23:38 . 2010-12-15 23:38 -------- d-----w- e:\program files\Common Files\Skype
2010-12-15 23:38 . 2010-12-15 23:38 -------- d-----r- e:\program files\Skype
2010-12-15 23:38 . 2010-12-23 00:48 -------- d-----w- e:\documents and settings\tita\Application Data\Skype
2010-12-15 23:38 . 2010-12-15 23:38 -------- d-----w- e:\documents and settings\All Users\Application Data\Skype
2010-12-12 15:46 . 2010-12-22 18:41 -------- d-----w- E:\2010-12-12
2010-12-11 18:15 . 2010-12-11 18:16 -------- d-----w- e:\program files\Glary Utilities
2010-12-11 14:13 . 2010-12-11 14:13 -------- d-----w- E:\2010-12-11
2010-12-04 19:40 . 2010-12-04 20:51 -------- d-----w- E:\Juliette
2010-12-03 12:41 . 2010-12-03 12:50 -------- d-----w- E:\Rudolf Geburtstag
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-23 09:20 . 2009-12-23 23:23 81920 ----a-w- e:\windows\DUMP2b94.tmp
2010-12-23 09:19 . 2009-12-23 23:23 81920 ----a-w- e:\windows\DUMP2c20.tmp
2010-12-23 09:17 . 2009-12-23 23:23 81920 ----a-w- e:\windows\DUMP2d4a.tmp
2010-12-23 09:15 . 2009-12-23 23:23 81920 ----a-w- e:\windows\DUMP2bf2.tmp
2010-12-23 09:14 . 2009-12-23 23:23 81920 ----a-w- e:\windows\DUMP2d49.tmp
2010-12-23 09:13 . 2009-12-23 23:23 81920 ----a-w- e:\windows\DUMP399e.tmp
2010-11-06 13:33 . 2009-12-23 23:47 56816 ----a-w- e:\windows\system32\drivers\avgntflt.sys
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="e:\windows\system32\igfxtray.exe" [2008-09-16 150040]
"HotKeysCmds"="e:\windows\system32\hkcmd.exe" [2008-09-16 178712]
"Persistence"="e:\windows\system32\igfxpers.exe" [2008-09-16 150040]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"avgnt"="e:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes' Anti-Malware (reboot)"="e:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"LanguageShortcut"="e:\program files\CyberLink\PowerDVD\Language\Language.exe"
"RemoteControl"="e:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Alcmtr"=ALCMTR.EXE
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\WINDOWS\\system32\\ftp.exe"=
"e:\\Documents and Settings\\tita\\My Documents\\Downloads\\Wuala.exe"=
"e:\\Program Files\\Telekom Austria\\Breitband-Internet-Installation\\fixnet installer\\Installer.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Program Files\\Messenger\\msmsgs.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\Avira\AntiVir Desktop\sched.exe [06.11.2010 12:40 108289]
S0 ontqqpom;ontqqpom;e:\windows\system32\drivers\ugyq.sys --> e:\windows\system32\drivers\ugyq.sys [?]
S2 gupdate;Google Update Service (gupdate);e:\program files\Google\Update\GoogleUpdate.exe [16.12.2010 00:38 136176]
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);e:\windows\system32\drivers\alcan5ln.sys [24.12.2009 22:04 26960]
S4 NAUpdate;@e:\program files\Nero\Update\NASvc.exe,-200;e:\program files\Nero\Update\NASvc.exe [04.05.2010 11:07 503080]
.
Inhalt des "geplante Tasks" Ordners
2010-12-23 e:\windows\Tasks\GlaryInitialize.job
- e:\program files\Glary Utilities\initialize.exe [2010-12-11 09:47]
2010-12-23 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- e:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 23:38]
2010-12-23 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- e:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 23:38]
2010-12-23 e:\windows\Tasks\User_Feed_Synchronization-{7460C1EE-B832-4063-9D58-F5E19FC48A80}.job
- e:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - e:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - e:\documents and settings\tita\Application Data\Mozilla\Firefox\Profiles\p1pswelb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2431245&SearchSource=13
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - e:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: softonic-de3 Community Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - %profile%\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
FF - Ext: Java Quick Starter: jqs@sun.com - e:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-RealAudio Player 5.0 - e:\windows\RAUNINST.exe Software\Progressive Networks\RealAudio Player\5.0
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-12-23 13:57
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Zeit der Fertigstellung: 2010-12-23 13:58:16
ComboFix-quarantined-files.txt 2010-12-23 12:58
Vor Suchlauf: 170.029.191.168 bytes free
Nach Suchlauf: 170.470.846.464 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 7C140FE520727C87B7DF1F5007899E50
|
|
23.12.2010, 14:07
| #17 |
| /// Malware-holic   | Viren, Malware, Spyware, bitte um Hilfe! kannst du jetzt otl.txt reinkopieren?
__________________
__________________ |
|
23.12.2010, 14:14
| #18 |
| | Viren, Malware, Spyware, bitte um Hilfe! Ich glaube ja. Die alte File ist aber zu gross scheinbar. weiss nicht warum. Hab einen neuen Scan durchgeführt:
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.12.2010 14:10:52 - Run 2
OTL by OldTimer - Version 3.2.18.0 Folder = E:\Documents and Settings\tita\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Austria | Language: DEA | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 97,65 Gb Total Space | 97,18 Gb Free Space | 99,51% Space Free | Partition Type: NTFS
Drive E: | 200,43 Gb Total Space | 158,80 Gb Free Space | 79,23% Space Free | Partition Type: NTFS
Computer Name: EUGEN | User Name: tita | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - E:\Documents and Settings\tita\My Documents\Downloads\OTL(2).exe (OldTimer Tools)
PRC - E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - E:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - E:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - E:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - E:\Documents and Settings\tita\My Documents\Downloads\OTL(2).exe (OldTimer Tools)
MOD - E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (wuauserv) -- C:\WINDOWS\system32\wuauserv.dll File not found
SRV - (AppMgmt) -- E:\WINDOWS\System32\appmgmts.dll File not found
SRV - (NAUpdate) -- E:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (AntiVirService) -- E:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- E:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
========== Driver Services (SafeList) ==========
DRV - (ontqqpom) -- E:\WINDOWS\System32\drivers\ugyq.sys File not found
DRV - (catchme) -- E:\DOCUME~1\tita\LOCALS~1\Temp\catchme.sys File not found
DRV - (avgntflt) -- E:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- E:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- E:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- E:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (RTLE8023xp) -- E:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- E:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (ialm) -- E:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (hwdatacard) -- E:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (usbaudio) USB Audio Driver (WDM) -- E:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- E:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (alcan5ln) Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS) -- E:\WINDOWS\system32\drivers\alcan5ln.sys (Alcatel Bell)
DRV - (alcan5wn) Alcatel SpeedTouch(tm) USB ADSL PPPoA Networking Driver (NDIS) -- E:\WINDOWS\system32\drivers\alcan5wn.sys (Alcatel Bell)
DRV - (alcaudsl) -- E:\WINDOWS\system32\drivers\alcaudsl.sys (Alcatel Bell)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1078081533-573735546-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1078081533-573735546-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
IE - HKU\S-1-5-21-1078081533-573735546-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at,de-DE;q=0.5
IE - HKU\S-1-5-21-1078081533-573735546-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 22 5B 7A 59 69 78 CB 01 [binary data]
IE - HKU\S-1-5-21-1078081533-573735546-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1078081533-573735546-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1078081533-573735546-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2431245&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2010.12.17 10:17:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2010.12.17 10:17:13 | 000,000,000 | ---D | M]
[2009.12.24 10:36:54 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tita\Application Data\Mozilla\Extensions
[2010.12.22 21:10:12 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tita\Application Data\Mozilla\Firefox\Profiles\p1pswelb.default\extensions
[2010.12.18 14:35:22 | 000,000,000 | ---D | M] (Flashblock) -- E:\Documents and Settings\tita\Application Data\Mozilla\Firefox\Profiles\p1pswelb.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010.12.22 21:02:59 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- E:\Documents and Settings\tita\Application Data\Mozilla\Firefox\Profiles\p1pswelb.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.12.22 21:02:58 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tita\Application Data\Mozilla\Firefox\Profiles\p1pswelb.default\extensions\engine@conduit.com
[2010.12.08 15:47:52 | 000,000,927 | ---- | M] () -- E:\Documents and Settings\tita\Application Data\Mozilla\Firefox\Profiles\p1pswelb.default\searchplugins\conduit.xml
[2010.12.22 21:10:12 | 000,000,000 | ---D | M] -- E:\Program Files\Mozilla Firefox\extensions
[2010.12.16 00:38:44 | 000,000,000 | ---D | M] (Skype extension) -- E:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.11.06 14:47:48 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.12.11 19:22:16 | 000,001,392 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.12.11 19:22:16 | 000,002,344 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.12.11 19:22:16 | 000,006,805 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.11 19:22:16 | 000,001,178 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.12.11 19:22:16 | 000,000,801 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2010.12.23 13:57:19 | 000,000,027 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avgnt] E:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-573735546-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1078081533-573735546-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1078081533-573735546-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1078081533-573735546-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - E:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261613625083 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - E:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: E:\Documents and Settings\tita\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: E:\Documents and Settings\tita\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.23 23:39:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - E:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - C:\WINDOWS\system32\wuauserv.dll File not found
SafeBootMin: AppMgmt - E:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: AppMgmt - E:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - E:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} - RealPlayer by Progressive Networks
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - E:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - E:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "E:\WINDOWS\system32\rundll32.exe" "E:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.iac2 - E:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - E:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - E:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - E:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - E:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - E:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - E:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - E:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - E:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 30 Days ==========
[2010.12.23 13:58:18 | 000,000,000 | ---D | C] -- E:\WINDOWS\temp
[2010.12.23 13:48:48 | 000,212,480 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWXCACLS.exe
[2010.12.23 13:48:48 | 000,161,792 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWREG.exe
[2010.12.23 13:48:48 | 000,136,704 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWSC.exe
[2010.12.23 13:48:48 | 000,031,232 | ---- | C] (NirSoft) -- E:\WINDOWS\NIRCMD.exe
[2010.12.23 13:47:27 | 000,000,000 | ---D | C] -- E:\WINDOWS\ERDNT
[2010.12.23 13:46:18 | 000,000,000 | ---D | C] -- E:\Qoobox
[2010.12.23 00:09:03 | 000,020,480 | ---- | C] (NT Kernel Resources) -- E:\WINDOWS\System32\drivers\ndisrd.sys
[2010.12.23 00:06:54 | 000,000,000 | ---D | C] -- E:\Documents and Settings\tita\Application Data\zfeukcliqtpgjnqsixwle3bpj13mqvi2
[2010.12.22 21:12:48 | 000,000,000 | ---D | C] -- E:\Documents and Settings\tita\Local Settings\Application Data\softonic-de3
[2010.12.22 16:11:12 | 000,000,000 | ---D | C] -- E:\Documents and Settings\tita\Application Data\Malwarebytes
[2010.12.22 16:11:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.12.22 16:11:08 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.12.22 16:11:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2010.12.22 16:11:04 | 000,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
[2010.12.21 18:23:04 | 000,000,000 | ---D | C] -- E:\Documents and Settings\LocalService\Application Data\Sun
[2010.12.21 18:23:04 | 000,000,000 | ---D | C] -- E:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010.12.21 13:12:52 | 000,000,000 | ---D | C] -- E:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010.12.20 00:20:14 | 000,000,000 | ---D | C] -- E:\CBSSC
[2010.12.16 10:37:39 | 000,000,000 | ---D | C] -- E:\Documents and Settings\NetworkService\Application Data\Sun
[2010.12.16 00:43:00 | 000,000,000 | ---D | C] -- E:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010.12.16 00:39:16 | 000,000,000 | ---D | C] -- E:\Documents and Settings\tita\Application Data\skypePM
[2010.12.16 00:38:59 | 000,000,000 | ---D | C] -- E:\Documents and Settings\tita\Local Settings\Application Data\Temp
[2010.12.16 00:38:25 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Skype
[2010.12.16 00:38:24 | 000,000,000 | R--D | C] -- E:\Program Files\Skype
[2010.12.16 00:38:23 | 000,000,000 | ---D | C] -- E:\Documents and Settings\tita\Application Data\Skype
[2010.12.16 00:38:18 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Skype
[2010.12.12 16:46:39 | 000,000,000 | ---D | C] -- E:\2010-12-12
[2010.12.11 19:15:56 | 000,000,000 | ---D | C] -- E:\Program Files\Glary Utilities
[2010.12.11 15:13:05 | 000,000,000 | ---D | C] -- E:\2010-12-11
[2010.12.04 20:40:20 | 000,000,000 | ---D | C] -- E:\Juliette
[2010.12.03 13:41:28 | 000,000,000 | ---D | C] -- E:\Rudolf Geburtstag
[2010.12.03 13:30:21 | 000,000,000 | ---D | C] -- E:\Documents and Settings\tita\My Documents\D
[10 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[1 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.12.23 14:03:19 | 000,731,136 | ---- | M] () -- E:\Documents and Settings\tita\Desktop\avenger.exe
[2010.12.23 13:57:19 | 000,000,027 | ---- | M] () -- E:\WINDOWS\System32\drivers\etc\hosts
[2010.12.23 13:52:34 | 000,000,310 | ---- | M] () -- E:\WINDOWS\tasks\GlaryInitialize.job
[2010.12.23 13:52:32 | 000,013,646 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2010.12.23 13:52:32 | 000,000,878 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.23 13:52:30 | 2137,313,280 | -HS- | M] () -- E:\hiberfil.sys
[2010.12.23 13:52:30 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2010.12.23 13:48:00 | 000,000,882 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.23 13:47:59 | 003,996,812 | R--- | M] () -- E:\Documents and Settings\tita\Desktop\ComboFix.exe
[2010.12.23 13:14:06 | 000,054,865 | ---- | M] () -- E:\Documents and Settings\tita\My Documents\OTL logfile created on.docx
[2010.12.23 13:13:56 | 000,002,533 | ---- | M] () -- E:\Documents and Settings\tita\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2010.12.23 13:07:19 | 000,000,664 | ---- | M] () -- E:\WINDOWS\System32\d3d9caps.dat
[2010.12.23 11:53:06 | 000,000,420 | -H-- | M] () -- E:\WINDOWS\tasks\User_Feed_Synchronization-{7460C1EE-B832-4063-9D58-F5E19FC48A80}.job
[2010.12.23 00:50:12 | 000,018,816 | ---- | M] () -- E:\Documents and Settings\tita\My Documents\MaMusi.docx
[2010.12.23 00:09:03 | 000,020,480 | ---- | M] (NT Kernel Resources) -- E:\WINDOWS\System32\drivers\ndisrd.sys
[2010.12.22 20:44:01 | 000,013,646 | ---- | M] () -- E:\WINDOWS\System32\wpa.bak
[2010.12.22 20:43:58 | 000,005,208 | ---- | M] () -- E:\WINDOWS\System32\pid.PNF
[2010.12.22 20:24:17 | 000,314,644 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat
[2010.12.22 20:24:17 | 000,040,972 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat
[2010.12.22 16:20:39 | 000,010,492 | ---- | M] () -- E:\Documents and Settings\tita\My Documents\phi.docx
[2010.12.22 16:11:09 | 000,000,784 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.22 01:48:30 | 000,010,892 | ---- | M] () -- E:\Documents and Settings\tita\My Documents\This book will change your life.docx
[2010.12.16 00:41:17 | 000,001,813 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010.12.16 00:41:17 | 000,001,791 | ---- | M] () -- E:\Documents and Settings\tita\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010.12.16 00:39:18 | 000,000,056 | -H-- | M] () -- E:\WINDOWS\System32\ezsidmv.dat
[2010.12.16 00:38:25 | 000,001,880 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010.12.13 08:10:12 | 000,002,515 | ---- | M] () -- E:\Documents and Settings\tita\Desktop\Microsoft Word 2007.lnk
[2010.12.13 07:50:10 | 000,002,533 | ---- | M] () -- E:\Documents and Settings\tita\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2007.lnk
[2010.12.12 16:40:50 | 003,267,894 | ---- | M] () -- E:\WINDOWS\ACD Wallpaper.bmp
[2010.12.11 23:58:33 | 004,471,803 | ---- | M] () -- E:\Documents and Settings\tita\My Documents\CBSSC - Notfallflyer A6.pdf
[2010.12.11 09:50:01 | 000,014,739 | ---- | M] () -- E:\WINDOWS\System32\12543.js
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2010.11.24 20:50:02 | 000,007,500 | ---- | M] () -- E:\WINDOWS\System32\123.js
[10 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[1 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.12.23 14:03:39 | 000,731,136 | ---- | C] () -- E:\Documents and Settings\tita\Desktop\avenger.exe
[2010.12.23 13:48:48 | 000,256,512 | ---- | C] () -- E:\WINDOWS\PEV.exe
[2010.12.23 13:48:48 | 000,098,816 | ---- | C] () -- E:\WINDOWS\sed.exe
[2010.12.23 13:48:48 | 000,089,088 | ---- | C] () -- E:\WINDOWS\MBR.exe
[2010.12.23 13:48:48 | 000,080,412 | ---- | C] () -- E:\WINDOWS\grep.exe
[2010.12.23 13:48:48 | 000,068,096 | ---- | C] () -- E:\WINDOWS\zip.exe
[2010.12.23 13:41:59 | 003,996,812 | R--- | C] () -- E:\Documents and Settings\tita\Desktop\ComboFix.exe
[2010.12.23 13:14:05 | 000,054,865 | ---- | C] () -- E:\Documents and Settings\tita\My Documents\OTL logfile created on.docx
[2010.12.23 00:50:12 | 000,018,816 | ---- | C] () -- E:\Documents and Settings\tita\My Documents\MaMusi.docx
[2010.12.22 20:44:02 | 000,013,646 | ---- | C] () -- E:\WINDOWS\System32\wpa.bak
[2010.12.22 20:43:57 | 000,005,208 | ---- | C] () -- E:\WINDOWS\System32\pid.PNF
[2010.12.22 20:09:08 | 2137,313,280 | -HS- | C] () -- E:\hiberfil.sys
[2010.12.22 16:20:38 | 000,010,492 | ---- | C] () -- E:\Documents and Settings\tita\My Documents\phi.docx
[2010.12.22 16:11:09 | 000,000,784 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.22 01:48:30 | 000,010,892 | ---- | C] () -- E:\Documents and Settings\tita\My Documents\This book will change your life.docx
[2010.12.16 00:41:17 | 000,001,813 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010.12.16 00:41:17 | 000,001,791 | ---- | C] () -- E:\Documents and Settings\tita\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010.12.16 00:39:18 | 000,000,056 | -H-- | C] () -- E:\WINDOWS\System32\ezsidmv.dat
[2010.12.16 00:38:52 | 000,000,882 | ---- | C] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.16 00:38:51 | 000,000,878 | ---- | C] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.16 00:38:25 | 000,001,880 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010.12.11 23:58:33 | 004,471,803 | ---- | C] () -- E:\Documents and Settings\tita\My Documents\CBSSC - Notfallflyer A6.pdf
[2010.12.11 19:16:01 | 000,000,310 | ---- | C] () -- E:\WINDOWS\tasks\GlaryInitialize.job
[2010.12.11 17:13:38 | 003,267,894 | ---- | C] () -- E:\WINDOWS\ACD Wallpaper.bmp
[2010.12.09 10:50:01 | 000,014,739 | ---- | C] () -- E:\WINDOWS\System32\12543.js
[2010.11.23 21:50:00 | 000,007,500 | ---- | C] () -- E:\WINDOWS\System32\123.js
[2010.11.04 18:58:13 | 000,000,006 | ---- | C] () -- E:\Documents and Settings\tita\Application Data\start
[2010.09.24 17:39:33 | 000,000,000 | ---- | C] () -- E:\WINDOWS\rasexit.INI
[2010.09.24 17:39:33 | 000,000,000 | ---- | C] () -- E:\WINDOWS\netscape.INI
[2010.09.07 13:10:37 | 000,021,504 | ---- | C] () -- E:\WINDOWS\System32\SWFF3250.DLL
[2010.09.07 13:10:37 | 000,004,501 | ---- | C] () -- E:\WINDOWS\System32\PNDX5016.DLL
[2010.09.07 13:10:22 | 000,000,033 | ---- | C] () -- E:\WINDOWS\Nscal.ini
[2009.12.24 23:06:06 | 000,000,600 | ---- | C] () -- E:\Documents and Settings\tita\Application Data\winscp.rnd
[2009.12.24 21:32:53 | 000,005,600 | ---- | C] () -- E:\WINDOWS\System32\stci.dll
[2009.12.24 00:41:42 | 000,147,456 | R--- | C] () -- E:\WINDOWS\System32\igfxCoIn_v4990.dll
[2009.12.24 00:29:04 | 000,004,161 | ---- | C] () -- E:\WINDOWS\ODBCINST.INI
[2009.12.24 00:27:12 | 000,007,168 | ---- | C] () -- E:\Documents and Settings\tita\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.01.30 09:00:00 | 000,106,496 | ---- | C] () -- E:\WINDOWS\System32\VSHP1018.DLL
========== LOP Check ==========
[2010.09.24 16:58:14 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\m2backup
[2010.09.24 16:58:31 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\mquadr.at
[2010.09.24 16:57:48 | 000,000,000 | -H-D | M] -- E:\Documents and Settings\All Users\Application Data\{7FDC9DDA-8828-4A49-A615-2E0A4EE0F0E2}
[2009.12.30 18:52:35 | 000,000,000 | -H-D | M] -- E:\Documents and Settings\All Users\Application Data\{D692DF95-0D76-4FE0-9096-9B56DEAE4205}
[2009.12.30 18:52:39 | 000,000,000 | -H-D | M] -- E:\Documents and Settings\All Users\Application Data\{DEC678D1-B2BE-43DD-B123-21503011D8C9}
[2009.12.24 23:37:59 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tita\Application Data\FileZilla
[2009.12.24 16:43:55 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tita\Application Data\GlarySoft
[2010.09.24 16:58:14 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tita\Application Data\mquadr.at
[2009.12.24 00:50:47 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tita\Application Data\Program Files
[2010.12.23 12:13:52 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tita\Application Data\zfeukcliqtpgjnqsixwle3bpj13mqvi2
[2010.12.23 13:52:34 | 000,000,310 | ---- | M] () -- E:\WINDOWS\Tasks\GlaryInitialize.job
[2010.12.23 11:53:06 | 000,000,420 | -H-- | M] () -- E:\WINDOWS\Tasks\User_Feed_Synchronization-{7460C1EE-B832-4063-9D58-F5E19FC48A80}.job
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
[2009.12.24 15:50:33 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Adobe
[2010.11.06 12:40:56 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Avira
[2009.12.24 00:30:02 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\CyberLink
[2010.09.24 16:58:14 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\m2backup
[2010.12.22 16:11:08 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.10.30 17:38:39 | 000,000,000 | --SD | M] -- E:\Documents and Settings\All Users\Application Data\Microsoft
[2010.11.10 10:55:43 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010.09.24 16:58:31 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\mquadr.at
[2010.10.30 17:42:49 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Nero
[2010.12.16 00:38:23 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Skype
[2010.11.06 14:48:34 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Sun
[2010.09.24 17:32:54 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010.09.24 16:57:48 | 000,000,000 | -H-D | M] -- E:\Documents and Settings\All Users\Application Data\{7FDC9DDA-8828-4A49-A615-2E0A4EE0F0E2}
[2009.12.30 18:52:35 | 000,000,000 | -H-D | M] -- E:\Documents and Settings\All Users\Application Data\{D692DF95-0D76-4FE0-9096-9B56DEAE4205}
[2009.12.30 18:52:39 | 000,000,000 | -H-D | M] -- E:\Documents and Settings\All Users\Application Data\{DEC678D1-B2BE-43DD-B123-21503011D8C9}
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009.03.01 12:04:34 | 002,345,224 | ---- | M] (Telekom Austria TA AG ) -- E:\Documents and Settings\All Users\Application Data\{7FDC9DDA-8828-4A49-A615-2E0A4EE0F0E2}\Setup.exe
[2008.05.13 09:35:47 | 001,985,888 | ---- | M] (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, Mail: office@mquadr.at) -- E:\Documents and Settings\All Users\Application Data\{7FDC9DDA-8828-4A49-A615-2E0A4EE0F0E2}\offline\24B9E332\B3D627F3\aonftp.exe
[2009.11.11 15:26:08 | 002,797,080 | ---- | M] (Telekom Austria TA AG ) -- E:\Documents and Settings\All Users\Application Data\{D692DF95-0D76-4FE0-9096-9B56DEAE4205}\Breitband-Internet-Installation.exe
[2009.02.26 15:34:56 | 002,345,752 | ---- | M] (Telekom Austria TA AG ) -- E:\Documents and Settings\All Users\Application Data\{DEC678D1-B2BE-43DD-B123-21503011D8C9}\Setup.exe
[2009.02.11 14:49:13 | 004,124,016 | ---- | M] (mquadr.at software engineering und consulting GmbH) -- E:\Documents and Settings\All Users\Application Data\{DEC678D1-B2BE-43DD-B123-21503011D8C9}\offline\94EFC3DD\8E60DABD\aonUpdate.exe
[2010.09.21 19:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- E:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AcrobatUpdater.exe
[2010.09.21 19:37:40 | 000,932,288 | ---- | M] (Adobe Systems Incorporated) -- E:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AdobeARM.exe
[2010.09.21 19:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- E:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\ReaderUpdater.exe
< %APPDATA%\*. >
[2010.11.11 10:40:35 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tita\Application Data\Adobe
[2009.12.24 00:30:08 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tita\Application Data\CyberLink
[2009.12.24 23:37:59 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tita\Application Data\FileZilla
[2009.12.24 16:43:55 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tita\Application Data\GlarySoft
[2009.12.23 23:43:27 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tita\Application Data\Identities
[2009.12.24 11:04:03 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tita\Application Data\Macromedia
[2010.12.22 16:11:12 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tita\Application Data\Malwarebytes
[2010.12.20 00:35:25 | 000,000,000 | --SD | M] -- E:\Documents and Settings\tita\Application Data\Microsoft
[2009.12.24 10:36:54 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tita\Application Data\Mozilla
[2010.09.24 16:58:14 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tita\Application Data\mquadr.at
[2010.10.30 17:44:36 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tita\Application Data\Nero
[2009.12.24 00:50:47 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tita\Application Data\Program Files
[2010.12.23 01:48:20 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tita\Application Data\Skype
[2010.12.23 01:16:51 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tita\Application Data\skypePM
[2009.12.24 23:22:42 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tita\Application Data\Sun
[2010.10.10 13:52:59 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tita\Application Data\vlc
[2009.12.24 02:32:05 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tita\Application Data\Winamp
[2009.12.24 21:33:14 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tita\Application Data\WinRAR
[2010.12.23 12:13:52 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tita\Application Data\zfeukcliqtpgjnqsixwle3bpj13mqvi2
< %APPDATA%\*.exe /s >
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2004.08.04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.12.24 01:57:25 | 023,852,652 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009.12.24 01:57:25 | 023,852,652 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- E:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- E:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- E:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004.08.04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.12.24 01:57:25 | 023,852,652 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009.12.24 01:57:25 | 023,852,652 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- E:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- E:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- E:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008.04.14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- E:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- E:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- E:\WINDOWS\system32\eventlog.dll
[2004.08.04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- E:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- E:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- E:\WINDOWS\explorer.exe
[2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- E:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.04 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- E:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: NETLOGON.DLL >
[2008.04.14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- E:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- E:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- E:\WINDOWS\system32\netlogon.dll
[2009.02.06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- E:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- E:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004.08.04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- E:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004.08.04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- E:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- E:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- E:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- E:\WINDOWS\system32\scecli.dll
< MD5 for: USER32.DLL >
[2008.04.14 01:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- E:\WINDOWS\ERDNT\cache\user32.dll
[2008.04.14 01:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- E:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 01:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- E:\WINDOWS\system32\user32.dll
[2004.08.04 13:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- E:\WINDOWS\$NtServicePackUninstall$\user32.dll
< MD5 for: USERINIT.EXE >
[2004.08.04 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- E:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008.04.14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- E:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- E:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- E:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.04 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- E:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- E:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- E:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- E:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- E:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- E:\WINDOWS\system32\drivers\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2009.12.24 00:27:41 | 000,094,208 | ---- | M] () -- E:\WINDOWS\system32\config\default.sav
[2009.12.24 00:27:41 | 000,634,880 | ---- | M] () -- E:\WINDOWS\system32\config\software.sav
[2009.12.24 00:27:41 | 000,897,024 | ---- | M] () -- E:\WINDOWS\system32\config\system.sav
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[1 E:\WINDOWS\system32\*.tmp files -> E:\WINDOWS\system32\*.tmp -> ]
< End of report >
|
|
23.12.2010, 14:15
| #19 |
| | Viren, Malware, Spyware, bitte um Hilfe! OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.12.2010 14:10:52 - Run 2
OTL by OldTimer - Version 3.2.18.0 Folder = E:\Documents and Settings\tita\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Austria | Language: DEA | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 97,65 Gb Total Space | 97,18 Gb Free Space | 99,51% Space Free | Partition Type: NTFS
Drive E: | 200,43 Gb Total Space | 158,80 Gb Free Space | 79,23% Space Free | Partition Type: NTFS
Computer Name: EUGEN | User Name: tita | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- E:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-1078081533-573735546-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
https [open] -- "E:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [print] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\WINDOWS\system32\ftp.exe" = E:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"E:\Documents and Settings\tita\My Documents\Downloads\Wuala.exe" = E:\Documents and Settings\tita\My Documents\Downloads\Wuala.exe:*:Enabled:Wuala -- (Wuala)
"E:\Program Files\Telekom Austria\Breitband-Internet-Installation\fixnet installer\Installer.exe" = E:\Program Files\Telekom Austria\Breitband-Internet-Installation\fixnet installer\Installer.exe:*:Enabled:Highspeed-Internet-Installation -- (mquadr.at software engineering & consulting GmbH - Web: hxxp://www.mquadr.at - Mail: office@mquadr.at)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 22
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4767A89A-F6A5-41B1-903C-734483739882}" = Highspeed-Internet-Installation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6B7FB3C4-E71B-478D-9E15-5AE97EAD67B8}" = aonFTP
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_EXCEL_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOK_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_WORD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_EXCEL_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOK_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_EXCEL_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOK_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_EXCEL_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOK_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_EXCEL_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOK_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_EXCEL_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOK_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"aonFTP" = aonFTP
"aonUpdate" = aonUpdate
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"EXCEL" = Microsoft Office Excel 2007
"Glary Utilities_is1" = Glary Utilities 2.30.0.1066
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Highspeed-Internet-Installation" = Highspeed-Internet-Installation
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.16)" = Mozilla Firefox (3.5.16)
"OUTLOOK" = Microsoft Office Outlook 2007
"Picasa 3" = Picasa 3
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WORD" = Microsoft Office Word 2007
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.12.2010 09:15:34 | Computer Name = EUGEN | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.
Error - 11.12.2010 12:34:41 | Computer Name = EUGEN | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.
Error - 11.12.2010 13:42:29 | Computer Name = EUGEN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally
Error - 11.12.2010 13:42:29 | Computer Name = EUGEN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 12.12.2010 10:34:53 | Computer Name = EUGEN | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.
Error - 12.12.2010 11:49:58 | Computer Name = EUGEN | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 12.12.2010 11:50:03 | Computer Name = EUGEN | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.
Error - 12.12.2010 11:51:36 | Computer Name = EUGEN | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.
Error - 12.12.2010 11:51:39 | Computer Name = EUGEN | Source = Application Error | ID = 1001
Description = Fault bucket 1271752061.
Error - 12.12.2010 12:55:36 | Computer Name = EUGEN | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.
[ System Events ]
Error - 22.12.2010 16:12:58 | Computer Name = EUGEN | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 22.12.2010 16:12:58 | Computer Name = EUGEN | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 22.12.2010 16:12:58 | Computer Name = EUGEN | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 22.12.2010 16:12:58 | Computer Name = EUGEN | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 22.12.2010 16:12:58 | Computer Name = EUGEN | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 22.12.2010 16:12:58 | Computer Name = EUGEN | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 23.12.2010 05:22:26 | Computer Name = EUGEN | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.1 for the Network Card with network address
0025220A798E has been denied by the DHCP server 10.0.0.138 (The DHCP Server sent
a DHCPNACK message).
Error - 23.12.2010 05:24:32 | Computer Name = EUGEN | Source = Service Control Manager | ID = 7022
Description = The Automatic Updates service hung on starting.
Error - 23.12.2010 08:52:42 | Computer Name = EUGEN | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126
Error - 23.12.2010 08:52:51 | Computer Name = EUGEN | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.
< End of report >
|
|
23.12.2010, 14:20
| #20 |
| /// Malware-holic | Viren, Malware, Spyware, bitte um Hilfe! für zu großes gibts ne ganz neue erfindung, nennt sich aufteilen :-) • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL [2010.12.23 00:06:54 | 000,000,000 | ---D | C] -- E:\Documents and Settings\tita\Application Data\zfeukcliqtpgjnqsixwle3bpj13mqvi2 :Files :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.12.2010, 14:24
| #21 |
| | Viren, Malware, Spyware, bitte um Hilfe! ich wollt dich jetzt nicht zumüllen mit einer riesen Datei. Aber stimmt ich hätts auch einfach aufteilen können, sorry  ok. gemacht was du gesagt hast: All processes killed ========== OTL ========== E:\Documents and Settings\tita\Application Data\zfeukcliqtpgjnqsixwle3bpj13mqvi2 folder moved successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYFLASH] User: Administrator User: All Users User: Default User User: LocalService ->Flash cache emptied: 2169 bytes User: NetworkService ->Flash cache emptied: 2455 bytes User: tita ->Flash cache emptied: 28375 bytes Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 1589315 bytes ->Java cache emptied: 6098 bytes ->Flash cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Java cache emptied: 580 bytes ->Flash cache emptied: 0 bytes User: tita ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 5978573 bytes ->Java cache emptied: 14399756 bytes ->FireFox cache emptied: 100623916 bytes ->Google Chrome cache emptied: 7409737 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2653803 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 127,00 mb OTL by OldTimer - Version 3.2.18.0 log created on 12232010_142101 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
23.12.2010, 14:30
| #22 |
| /// Malware-holic | Viren, Malware, Spyware, bitte um Hilfe! jetzt sei so gut, update malwarebytes, mache nen komplett scan und poste das ergebniss.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.12.2010, 15:20
| #23 |
| | Viren, Malware, Spyware, bitte um Hilfe! ok. hier ist er. sorry für die verspätung. scheint nichts mehr zu finden. aber antivir findet noch was. poste ich auch gleich Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5383 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 23.12.2010 14:56:47 mbam-log-2010-12-23 (14-56-47).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Durchsuchte Objekte: 186360 Laufzeit: 19 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
23.12.2010, 15:25
| #24 |
| | Viren, Malware, Spyware, bitte um Hilfe! Avira AntiVir Personal Report file date: Thursday, December 23, 2010 14:57 Scanning for 2290532 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : EUGEN Version information: BUILD.DAT : 9.0.0.429 21701 Bytes 06.10.2010 10:04:00 AVSCAN.EXE : 9.0.3.10 466689 Bytes 13.10.2009 10:26:33 AVSCAN.DLL : 9.0.3.0 40705 Bytes 27.02.2009 09:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 20.02.2009 10:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 27.02.2009 09:58:52 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 06:35:52 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 11:27:27 VBASE002.VDF : 7.11.0.1 2048 Bytes 14.12.2010 11:27:27 VBASE003.VDF : 7.11.0.2 2048 Bytes 14.12.2010 11:27:27 VBASE004.VDF : 7.11.0.3 2048 Bytes 14.12.2010 11:27:27 VBASE005.VDF : 7.11.0.4 2048 Bytes 14.12.2010 11:27:27 VBASE006.VDF : 7.11.0.5 2048 Bytes 14.12.2010 11:27:27 VBASE007.VDF : 7.11.0.6 2048 Bytes 14.12.2010 11:27:27 VBASE008.VDF : 7.11.0.7 2048 Bytes 14.12.2010 11:27:27 VBASE009.VDF : 7.11.0.8 2048 Bytes 14.12.2010 11:27:27 VBASE010.VDF : 7.11.0.9 2048 Bytes 14.12.2010 11:27:28 VBASE011.VDF : 7.11.0.10 2048 Bytes 14.12.2010 11:27:28 VBASE012.VDF : 7.11.0.11 2048 Bytes 14.12.2010 11:27:28 VBASE013.VDF : 7.11.0.52 128000 Bytes 16.12.2010 23:28:28 VBASE014.VDF : 7.11.0.91 226816 Bytes 20.12.2010 11:26:32 VBASE015.VDF : 7.11.0.122 136192 Bytes 21.12.2010 13:26:24 VBASE016.VDF : 7.11.0.123 2048 Bytes 21.12.2010 13:26:24 VBASE017.VDF : 7.11.0.124 2048 Bytes 21.12.2010 13:26:24 VBASE018.VDF : 7.11.0.125 2048 Bytes 21.12.2010 13:26:24 VBASE019.VDF : 7.11.0.126 2048 Bytes 21.12.2010 13:26:24 VBASE020.VDF : 7.11.0.127 2048 Bytes 21.12.2010 13:26:24 VBASE021.VDF : 7.11.0.128 2048 Bytes 21.12.2010 13:26:24 VBASE022.VDF : 7.11.0.129 2048 Bytes 21.12.2010 13:26:25 VBASE023.VDF : 7.11.0.130 2048 Bytes 21.12.2010 13:26:25 VBASE024.VDF : 7.11.0.131 2048 Bytes 21.12.2010 13:26:25 VBASE025.VDF : 7.11.0.132 2048 Bytes 21.12.2010 13:26:25 VBASE026.VDF : 7.11.0.133 2048 Bytes 21.12.2010 13:26:25 VBASE027.VDF : 7.11.0.134 2048 Bytes 21.12.2010 13:26:25 VBASE028.VDF : 7.11.0.135 2048 Bytes 21.12.2010 13:26:25 VBASE029.VDF : 7.11.0.136 2048 Bytes 21.12.2010 13:26:25 VBASE030.VDF : 7.11.0.137 2048 Bytes 21.12.2010 13:26:25 VBASE031.VDF : 7.11.0.149 89600 Bytes 23.12.2010 13:26:24 Engineversion : 8.2.4.126 AEVDF.DLL : 8.1.2.1 106868 Bytes 06.11.2010 13:33:01 AESCRIPT.DLL : 8.1.3.48 1286524 Bytes 03.12.2010 12:17:36 AESCN.DLL : 8.1.7.2 127349 Bytes 23.11.2010 20:14:38 AESBX.DLL : 8.1.3.2 254324 Bytes 23.11.2010 20:14:40 AERDL.DLL : 8.1.9.2 635252 Bytes 06.11.2010 13:33:01 AEPACK.DLL : 8.2.4.5 512375 Bytes 16.12.2010 23:28:37 AEOFFICE.DLL : 8.1.1.10 201084 Bytes 23.11.2010 20:14:37 AEHEUR.DLL : 8.1.2.57 3142008 Bytes 16.12.2010 23:28:36 AEHELP.DLL : 8.1.16.0 246136 Bytes 03.12.2010 12:17:27 AEGEN.DLL : 8.1.5.0 397685 Bytes 03.12.2010 12:17:26 AEEMU.DLL : 8.1.3.0 393589 Bytes 23.11.2010 20:14:29 AECORE.DLL : 8.1.19.0 196984 Bytes 03.12.2010 12:17:25 AEBB.DLL : 8.1.1.0 53618 Bytes 06.11.2010 13:33:01 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 07:47:59 AVPREF.DLL : 9.0.3.0 44289 Bytes 26.08.2009 14:14:02 AVREP.DLL : 8.0.0.7 159784 Bytes 06.11.2010 13:33:01 AVREG.DLL : 9.0.0.0 36609 Bytes 05.12.2008 09:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 24.03.2009 14:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.01.2009 09:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.01.2009 14:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02.02.2009 07:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 05.12.2008 09:32:10 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15.05.2009 14:39:58 RCTEXT.DLL : 9.0.73.0 86785 Bytes 13.10.2009 11:25:47 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: e:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, E:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: Thursday, December 23, 2010 14:57 Starting search for hidden objects. '47956' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'notepad.exe' - '1' Module(s) have been scanned Scan process 'mbam.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'RichVideo.exe' - '1' Module(s) have been scanned Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned Scan process 'igfxpers.exe' - '1' Module(s) have been scanned Scan process 'hkcmd.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 27 processes with 27 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'E:\' [INFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '53' files ). Starting the file scan: Begin scan in 'C:\' Begin scan in 'E:\' E:\hiberfil.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. E:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. E:\Documents and Settings\tita\desktop\D\Musik\Flash Professional\Adobe CS4\payloads\AdobeAUM6.0All\AdobeAUM6.0All1.cab [0] Archive type: CAB (Microsoft) --> _2_db33955fdd1ba0ba02c707aef8ed9197 [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed E:\Qoobox\Quarantine\MBR_HardDisk0.mbr [DETECTION] Contains code of the BOO/Alureon.A boot sector virus Beginning disinfection: E:\Qoobox\Quarantine\MBR_HardDisk0.mbr [DETECTION] Contains code of the BOO/Alureon.A boot sector virus [NOTE] The file was moved to '4d655c2a.qua'! End of the scan: Thursday, December 23, 2010 15:25 Used time: 27:59 Minute(s) The scan has been done completely. 4783 Scanned directories 298674 Files were scanned 1 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 1 Files were moved to quarantine 0 Files were renamed 2 Files cannot be scanned 298671 Files not concerned 2554 Archives were scanned 4 Warnings 3 Notes 47956 Objects were scanned with rootkit scan 0 Hidden objects were found |
|
23.12.2010, 15:38
| #25 |
| /// Malware-holic | Viren, Malware, Spyware, bitte um Hilfe! das is ok. das hatten wir gelöscht. ist in nem quarantäne ordner avira http://www.trojaner-board.de/54192-a...tellungen.html avira 10 so instalieren bzw. dann konfigurieren. wenn du die konfiguration übernommen hast, update das programm. klicke dann auf "lokaler schutz" "lokale laufwerke" eventuelle funde in quarantäne, log posten. bitte auch unter verwaltung, planer, scan auftrag, darauf achten, das dieser über lokale laufwerke läuft! sonst werden die einstellungen nicht gültig. den update auftrag auf 1x pro tag einstellen. und "nachhohlen falls zeit überschritten" auswählen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.12.2010, 16:35
| #26 |
| | Viren, Malware, Spyware, bitte um Hilfe! Avira AntiVir Personal Erstellungsdatum der Reportdatei: Donnerstag, 23. Dezember 2010 16:07 Es wird nach 3140431 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - FREE Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows XP Windowsversion : (Service Pack 3) [5.1.2600] Boot Modus : Normal gebootet Benutzername : tita Computername : EUGEN Versionsinformationen: BUILD.DAT : 10.0.0.609 31824 Bytes 13.12.2010 09:29:00 AVSCAN.EXE : 10.0.3.5 435368 Bytes 13.12.2010 07:39:20 AVSCAN.DLL : 10.0.3.0 56168 Bytes 13.12.2010 07:39:37 LUKE.DLL : 10.0.3.2 104296 Bytes 13.12.2010 07:39:26 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 06:35:52 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 18:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 16:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 15:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 10:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 07:39:29 VBASE006.VDF : 7.10.7.218 2294784 Bytes 02.06.2010 07:39:30 VBASE007.VDF : 7.10.9.165 4840960 Bytes 23.07.2010 07:39:32 VBASE008.VDF : 7.10.11.133 3454464 Bytes 13.09.2010 07:39:34 VBASE009.VDF : 7.10.13.80 2265600 Bytes 02.11.2010 07:39:35 VBASE010.VDF : 7.10.13.81 2048 Bytes 02.11.2010 07:39:35 VBASE011.VDF : 7.10.13.82 2048 Bytes 02.11.2010 07:39:35 VBASE012.VDF : 7.10.13.83 2048 Bytes 02.11.2010 07:39:35 VBASE013.VDF : 7.10.13.116 147968 Bytes 04.11.2010 07:39:35 VBASE014.VDF : 7.10.13.147 146944 Bytes 07.11.2010 07:39:35 VBASE015.VDF : 7.10.13.180 123904 Bytes 09.11.2010 07:39:35 VBASE016.VDF : 7.10.13.211 122368 Bytes 11.11.2010 07:39:35 VBASE017.VDF : 7.10.13.243 147456 Bytes 15.11.2010 07:39:36 VBASE018.VDF : 7.10.14.15 142848 Bytes 17.11.2010 07:39:36 VBASE019.VDF : 7.10.14.41 134144 Bytes 19.11.2010 07:39:36 VBASE020.VDF : 7.10.14.63 128000 Bytes 22.11.2010 07:39:36 VBASE021.VDF : 7.10.14.87 143872 Bytes 24.11.2010 07:39:36 VBASE022.VDF : 7.10.14.116 140800 Bytes 26.11.2010 07:39:36 VBASE023.VDF : 7.10.14.147 150528 Bytes 30.11.2010 07:39:36 VBASE024.VDF : 7.10.14.175 126464 Bytes 03.12.2010 07:39:36 VBASE025.VDF : 7.10.14.203 120320 Bytes 07.12.2010 07:39:36 VBASE026.VDF : 7.10.14.230 137216 Bytes 09.12.2010 07:39:37 VBASE027.VDF : 7.10.14.231 2048 Bytes 09.12.2010 07:39:37 VBASE028.VDF : 7.10.14.232 2048 Bytes 09.12.2010 07:39:37 VBASE029.VDF : 7.10.14.233 2048 Bytes 09.12.2010 07:39:37 VBASE030.VDF : 7.10.14.234 2048 Bytes 09.12.2010 07:39:37 VBASE031.VDF : 7.10.15.0 100352 Bytes 12.12.2010 17:37:11 Engineversion : 8.2.4.122 AEVDF.DLL : 8.1.2.1 106868 Bytes 06.11.2010 13:33:01 AESCRIPT.DLL : 8.1.3.48 1286524 Bytes 03.12.2010 12:17:36 AESCN.DLL : 8.1.7.2 127349 Bytes 23.11.2010 20:14:38 AESBX.DLL : 8.1.3.2 254324 Bytes 23.11.2010 20:14:40 AERDL.DLL : 8.1.9.2 635252 Bytes 06.11.2010 13:33:01 AEPACK.DLL : 8.2.4.1 512375 Bytes 13.12.2010 07:39:15 AEOFFICE.DLL : 8.1.1.10 201084 Bytes 23.11.2010 20:14:37 AEHEUR.DLL : 8.1.2.54 3113335 Bytes 13.12.2010 07:39:15 AEHELP.DLL : 8.1.16.0 246136 Bytes 03.12.2010 12:17:27 AEGEN.DLL : 8.1.5.0 397685 Bytes 03.12.2010 12:17:26 AEEMU.DLL : 8.1.3.0 393589 Bytes 23.11.2010 20:14:29 AECORE.DLL : 8.1.19.0 196984 Bytes 03.12.2010 12:17:25 AEBB.DLL : 8.1.1.0 53618 Bytes 06.11.2010 13:33:01 AVWINLL.DLL : 10.0.0.0 19304 Bytes 13.12.2010 07:39:20 AVPREF.DLL : 10.0.0.0 44904 Bytes 13.12.2010 07:39:19 AVREP.DLL : 10.0.0.8 62209 Bytes 17.06.2010 13:26:53 AVREG.DLL : 10.0.3.2 53096 Bytes 13.12.2010 07:39:19 AVSCPLR.DLL : 10.0.3.2 84328 Bytes 13.12.2010 07:39:20 AVARKT.DLL : 10.0.22.6 231784 Bytes 13.12.2010 07:39:17 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 13.12.2010 07:39:18 SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 13:27:02 AVSMTP.DLL : 10.0.0.17 63848 Bytes 13.12.2010 07:39:20 NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 13:27:01 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08 RCTEXT.DLL : 10.0.58.0 98152 Bytes 13.12.2010 07:39:38 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Lokale Laufwerke Konfigurationsdatei...................: e:\program files\avira\antivir desktop\alldrives.avp Protokollierung.......................: niedrig Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, E:, D:, Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Intelligente Dateiauswahl Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: mittel Beginn des Suchlaufs: Donnerstag, 23. Dezember 2010 16:07 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'alg.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'RichVideo.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'RTHDCPL.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxsrvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxpers.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'hkcmd.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'E:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '357' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' Beginne mit der Suche in 'E:\' Beginne mit der Suche in 'D:\' Der zu durchsuchende Pfad D:\ konnte nicht geöffnet werden! Systemfehler [21]: The device is not ready. Ende des Suchlaufs: Donnerstag, 23. Dezember 2010 16:35 Benötigte Zeit: 27:49 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 4781 Verzeichnisse wurden überprüft 299733 Dateien wurden geprüft 0 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 299733 Dateien ohne Befall 2603 Archive wurden durchsucht 0 Warnungen 0 Hinweise |
|
23.12.2010, 16:59
| #27 |
| /// Malware-holic | Viren, Malware, Spyware, bitte um Hilfe! du hast nicht richtig gelesen. 1. konfiguration übernehmen. 2. updaten. 3. über lokale laufwerke scannen, bei lokaler schutz. 3. sind deine eltern engländer oder warum instaliert ihr avira nicht auf deutsch?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.12.2010, 17:54
| #28 |
| | Viren, Malware, Spyware, bitte um Hilfe! hm. ist es jetzt richtig? avira ist eigentlich auf deutsch bei uns. aber windows ist auf englisch. mein bruder hats installiert. keine ahung, das ist überhaupt ein komisch aufgesetzter computer hier. laufwerk c heist laufwerk e. und so weiter. aber egal. hoffe der eintrag passt jetzt so. wenn nicht, dann hab ich nicht richtig verstanden was du gemeint hast. Avira AntiVir Personal Erstellungsdatum der Reportdatei: Donnerstag, 23. Dezember 2010 17:15 Es wird nach 2291731 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - FREE Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows XP Windowsversion : (Service Pack 3) [5.1.2600] Boot Modus : Normal gebootet Benutzername : tita Computername : EUGEN Versionsinformationen: BUILD.DAT : 10.0.0.609 31824 Bytes 13.12.2010 09:29:00 AVSCAN.EXE : 10.0.3.5 435368 Bytes 13.12.2010 07:39:20 AVSCAN.DLL : 10.0.3.0 56168 Bytes 13.12.2010 07:39:37 LUKE.DLL : 10.0.3.2 104296 Bytes 13.12.2010 07:39:26 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 06:35:52 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 16:12:50 VBASE002.VDF : 7.11.0.1 2048 Bytes 14.12.2010 16:12:50 VBASE003.VDF : 7.11.0.2 2048 Bytes 14.12.2010 16:12:50 VBASE004.VDF : 7.11.0.3 2048 Bytes 14.12.2010 16:12:50 VBASE005.VDF : 7.11.0.4 2048 Bytes 14.12.2010 16:12:50 VBASE006.VDF : 7.11.0.5 2048 Bytes 14.12.2010 16:12:50 VBASE007.VDF : 7.11.0.6 2048 Bytes 14.12.2010 16:12:50 VBASE008.VDF : 7.11.0.7 2048 Bytes 14.12.2010 16:12:50 VBASE009.VDF : 7.11.0.8 2048 Bytes 14.12.2010 16:12:50 VBASE010.VDF : 7.11.0.9 2048 Bytes 14.12.2010 16:12:50 VBASE011.VDF : 7.11.0.10 2048 Bytes 14.12.2010 16:12:50 VBASE012.VDF : 7.11.0.11 2048 Bytes 14.12.2010 16:12:50 VBASE013.VDF : 7.11.0.52 128000 Bytes 16.12.2010 16:12:51 VBASE014.VDF : 7.11.0.91 226816 Bytes 20.12.2010 16:12:52 VBASE015.VDF : 7.11.0.122 136192 Bytes 21.12.2010 16:12:53 VBASE016.VDF : 7.11.0.123 2048 Bytes 21.12.2010 16:12:53 VBASE017.VDF : 7.11.0.124 2048 Bytes 21.12.2010 16:12:53 VBASE018.VDF : 7.11.0.125 2048 Bytes 21.12.2010 16:12:53 VBASE019.VDF : 7.11.0.126 2048 Bytes 21.12.2010 16:12:53 VBASE020.VDF : 7.11.0.127 2048 Bytes 21.12.2010 16:12:53 VBASE021.VDF : 7.11.0.128 2048 Bytes 21.12.2010 16:12:53 VBASE022.VDF : 7.11.0.129 2048 Bytes 21.12.2010 16:12:53 VBASE023.VDF : 7.11.0.130 2048 Bytes 21.12.2010 16:12:53 VBASE024.VDF : 7.11.0.131 2048 Bytes 21.12.2010 16:12:53 VBASE025.VDF : 7.11.0.132 2048 Bytes 21.12.2010 16:12:53 VBASE026.VDF : 7.11.0.133 2048 Bytes 21.12.2010 16:12:53 VBASE027.VDF : 7.11.0.134 2048 Bytes 21.12.2010 16:12:53 VBASE028.VDF : 7.11.0.135 2048 Bytes 21.12.2010 16:12:53 VBASE029.VDF : 7.11.0.136 2048 Bytes 21.12.2010 16:12:53 VBASE030.VDF : 7.11.0.137 2048 Bytes 21.12.2010 16:12:53 VBASE031.VDF : 7.11.0.151 105472 Bytes 23.12.2010 16:12:54 Engineversion : 8.2.4.126 AEVDF.DLL : 8.1.2.1 106868 Bytes 06.11.2010 13:33:01 AESCRIPT.DLL : 8.1.3.48 1286524 Bytes 03.12.2010 12:17:36 AESCN.DLL : 8.1.7.2 127349 Bytes 23.11.2010 20:14:38 AESBX.DLL : 8.1.3.2 254324 Bytes 23.11.2010 20:14:40 AERDL.DLL : 8.1.9.2 635252 Bytes 06.11.2010 13:33:01 AEPACK.DLL : 8.2.4.5 512375 Bytes 23.12.2010 16:13:02 AEOFFICE.DLL : 8.1.1.10 201084 Bytes 23.11.2010 20:14:37 AEHEUR.DLL : 8.1.2.57 3142008 Bytes 23.12.2010 16:13:01 AEHELP.DLL : 8.1.16.0 246136 Bytes 03.12.2010 12:17:27 AEGEN.DLL : 8.1.5.0 397685 Bytes 03.12.2010 12:17:26 AEEMU.DLL : 8.1.3.0 393589 Bytes 23.11.2010 20:14:29 AECORE.DLL : 8.1.19.0 196984 Bytes 03.12.2010 12:17:25 AEBB.DLL : 8.1.1.0 53618 Bytes 06.11.2010 13:33:01 AVWINLL.DLL : 10.0.0.0 19304 Bytes 13.12.2010 07:39:20 AVPREF.DLL : 10.0.0.0 44904 Bytes 13.12.2010 07:39:19 AVREP.DLL : 10.0.0.8 62209 Bytes 17.06.2010 13:26:53 AVREG.DLL : 10.0.3.2 53096 Bytes 13.12.2010 07:39:19 AVSCPLR.DLL : 10.0.3.2 84328 Bytes 13.12.2010 07:39:20 AVARKT.DLL : 10.0.22.6 231784 Bytes 13.12.2010 07:39:17 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 13.12.2010 07:39:18 SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 13:27:02 AVSMTP.DLL : 10.0.0.17 63848 Bytes 13.12.2010 07:39:20 NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 13:27:01 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08 RCTEXT.DLL : 10.0.58.0 98152 Bytes 13.12.2010 07:39:38 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Lokale Laufwerke Konfigurationsdatei...................: e:\program files\avira\antivir desktop\alldrives.avp Protokollierung.......................: niedrig Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, E:, D:, Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Intelligente Dateiauswahl Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: mittel Beginn des Suchlaufs: Donnerstag, 23. Dezember 2010 17:15 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'rsmsink.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'dllhost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'vssvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'msdtc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'dllhost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'alg.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'RichVideo.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'RTHDCPL.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxsrvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxpers.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'hkcmd.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'E:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '358' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' Beginne mit der Suche in 'E:\' Beginne mit der Suche in 'D:\' Der zu durchsuchende Pfad D:\ konnte nicht geöffnet werden! Systemfehler [21]: The device is not ready. Ende des Suchlaufs: Donnerstag, 23. Dezember 2010 17:43 Benötigte Zeit: 27:51 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 4787 Verzeichnisse wurden überprüft 299823 Dateien wurden geprüft 0 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 299823 Dateien ohne Befall 2606 Archive wurden durchsucht 0 Warnungen 0 Hinweise |
|
23.12.2010, 17:55
| #29 |
| | Viren, Malware, Spyware, bitte um Hilfe! warum der este eintrag auf englisch ist weiss ich auch nicht. komisch. hab nichts verändert. |
|
23.12.2010, 18:00
| #30 |
| /// Malware-holic | Viren, Malware, Spyware, bitte um Hilfe! nein, ich hab ja extra geschrieben, heuristik auf hoch, ist ja auch so in der verlinkten anleitung.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Viren, Malware, Spyware, bitte um Hilfe! |
| anhang, antivir, befallen, compu, computer, fehler, fehlgeschlagen, file, firefox.exe, hijack, hijackthis, immer wieder, java/rowindal.a, kommt immer wieder, logfiles, malwarebytes, mehreren, moved, nicht mehr, nt.dll, poste, posten, sched.exe, skype.exe, verbindung, viren, windows system |
