| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Kann mit keinem browser googlemail öffnen - 404 Not FoundWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.05.2011, 14:39
| #1 |
 |  Kann mit keinem browser googlemail öffnen - 404 Not Found Hallo zusammen, ich kann unabhängig vom verwendeten Browser (firefox, opera, explorer) googlemail nicht laden. Die Fehlermeldung ist die Folgende: 404 Not Found The requested URL /mail/ was not found on this server. Apache/2.2.12 (Ubuntu) Server at mail.google.com Port 80 Scheint mir ein Virus/Malware-Problem zu sein, denn das Problem persistiert auch nach dem Löschen von Cache & Cookies aller Browser, und nach dem Scannen mit den gängigen Programmen. Demnach liste ich hier die Funde auf. Gescannt ist das System einmal mit Avira Antivir und einmal mit Spybot Search & Destroy. Antivir Detections (=> Gelöscht/Quarantäne) TR/Crypt.XPACK.Gen Trojan TR/Crypt.ZPACK.Gen Trojan TR/Crypt.XPACK.Gen Trojan JAVA/MundGura.D Java virus JAVA/Exdoer.BE.2 Java virus JAVA/Rast.A Java virus ADSPY/AdSpy.Gen2 adware or spyware TR/Vilsel.ayjv Trojan Spybot Detections: 04.05.2011 22:44:22 - found: Fraud.HDDDefragmenter Link 04.05.2011 22:44:22 - found: Fraud.HDDDefragmenter Link 04.05.2011 22:46:59 - found: Microsoft.WindowsSecurityCenter.AntiVirusOverride Settings 04.05.2011 22:58:40 - found: DoubleClick Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:40 - found: Tradedoubler Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:40 - found: Tradedoubler Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:40 - found: Tradedoubler Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:40 - found: MediaPlex Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:40 - found: MediaPlex Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:40 - found: MediaPlex Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:41 - found: FastClick Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:41 - found: FastClick Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:41 - found: Statcounter Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:41 - found: MediaPlex Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:41 - found: MediaPlex Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:41 - found: MediaPlex Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:41 - found: MediaPlex Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:41 - found: WebTrends live Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:41 - found: FastClick Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:41 - found: Adviva Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:41 - found: DoubleClick Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:41 - found: MediaPlex Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:41 - found: MediaPlex Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:41 - found: MediaPlex Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:41 - found: Statcounter Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:41 - found: Tradedoubler Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:41 - found: Tradedoubler Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:41 - found: HitsLink Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:41 - found: FastClick Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:41 - found: FastClick Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:41 - found: Tradedoubler Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:41 - found: Zedo Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:41 - found: Zedo Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:41 - found: Zedo Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:41 - found: Zedo Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:41 - found: Zedo Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:41 - found: Zedo Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:41 - found: Zedo Tracking cookie (Firefox: *** (default)) 04.05.2011 22:58:41 - found: DoubleClick Tracking cookie (Chrome: Chrome) 04.05.2011 22:58:41 - found: MediaPlex Tracking cookie (Chrome: Chrome) 04.05.2011 22:58:41 - found: MediaPlex Tracking cookie (Chrome: Chrome) 04.05.2011 22:58:41 - found: MediaPlex Tracking cookie (Chrome: Chrome) Hier folgt nur der LOG-File:OTL Logfile: Code:
ATTFilter OTL logfile created on: 5.5.2011 13:23:28 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\***\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 0000041A | Country: *** | Language: HRV | Date Format: d.M.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): c:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232,88 Gb Total Space | 151,08 Gb Free Space | 64,88% Space Free | Partition Type: NTFS Computer Name: R2D2 | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Documents and Settings\***\Local Settings\Temp\{29A1889A-AC4C-461A-B5AB-1D459ECA1EBF}\{061A431C-86E7-4DB4-92B8-36DE783865CF}\STK2135\Win2KXP\stk2135bsrv.exe () PRC - C:\WINDOWS\system32\acs.exe (Atheros) PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation) PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (XYNTService) -- C:\Documents and Settings\***\Local Settings\Temp\{29A1889A-AC4C-461A-B5AB-1D459ECA1EBF}\{061A431C-86E7-4DB4-92B8-36DE783865CF}\STK2135\Win2KXP\stk2135bsrv.exe () SRV - (acs) -- C:\WINDOWS\system32\acs.exe (Atheros) SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation) SRV - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys () DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (vpnva) -- C:\WINDOWS\system32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.) DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (DCamUSBGene) -- C:\WINDOWS\system32\drivers\USBSTK.sys () DRV - (CnxtHdAudService) -- C:\WINDOWS\system32\drivers\CHDAU32.sys (Conexant Systems Inc.) DRV - (IntcHdmiAddService) Intel(R) -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.hr/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010.12.25 00:16:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010.12.25 00:16:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.04 22:46:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.04 22:46:32 | 000,000,000 | ---D | M] [2010.06.01 18:18:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\***\Application Data\Mozilla\Extensions [2011.05.05 12:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\wd2x791w.default\extensions [2010.07.25 20:31:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\wd2x791w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.10 23:29:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\wd2x791w.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} [2011.05.05 12:53:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.02.18 14:02:07 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.05.05 12:25:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2010.12.25 00:16:29 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO [2010.12.25 00:16:29 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA [2010.07.07 11:40:31 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.06.29 06:01:22 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll O1 HOSTS File: ([2011.01.07 11:34:20 | 000,000,984 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 213.175.216.204 google.com www.google.com O1 - Hosts: 213.175.216.205 mail.google.com O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [mscj2] File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\***\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\***\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.05.20 21:57:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{8999d418-6756-11df-87cf-001fe2e62a20}\Shell - "" = AutoRun O33 - MountPoints2\{8999d418-6756-11df-87cf-001fe2e62a20}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{8999d418-6756-11df-87cf-001fe2e62a20}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{a9e3bd4c-6463-11df-87c4-0016ead7c7d4}\Shell - "" = AutoRun O33 - MountPoints2\{a9e3bd4c-6463-11df-87c4-0016ead7c7d4}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a9e3bd4c-6463-11df-87c4-0016ead7c7d4}\Shell\AutoRun\command - "" = E:\autorun.exe O33 - MountPoints2\{b444c885-682f-11df-87d1-001fe2e62a20}\Shell - "" = AutoRun O33 - MountPoints2\{b444c885-682f-11df-87d1-001fe2e62a20}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b444c885-682f-11df-87d1-001fe2e62a20}\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\{b444c886-682f-11df-87d1-001fe2e62a20}\Shell - "" = AutoRun O33 - MountPoints2\{b444c886-682f-11df-87d1-001fe2e62a20}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b444c886-682f-11df-87d1-001fe2e62a20}\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\{c3f7577f-2332-11e0-890d-001fe2e62a20}\Shell - "" = AutoRun O33 - MountPoints2\{c3f7577f-2332-11e0-890d-001fe2e62a20}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c3f7577f-2332-11e0-890d-001fe2e62a20}\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\{f83ba03f-828c-11df-8819-001fe2e62a20}\Shell - "" = AutoRun O33 - MountPoints2\{f83ba03f-828c-11df-8819-001fe2e62a20}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f83ba03f-828c-11df-8819-001fe2e62a20}\Shell\AutoRun\command - "" = E:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.05 13:21:53 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\***\Desktop\OTL.exe [2011.05.05 12:26:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011.05.05 12:25:48 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011.05.05 12:25:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011.05.05 12:25:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2011.05.05 08:07:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs [2011.05.04 23:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0 [2011.05.04 22:38:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2011.05.04 22:13:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Local Settings\Application Data\Opera [2011.05.04 22:13:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Application Data\Opera [2011.05.04 22:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\Opera [2011.05.04 22:04:17 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2011.05.04 21:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy [2011.05.04 21:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011.05.04 21:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2011.05.04 21:41:52 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2011.05.04 21:41:38 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2011.05.04 21:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft [2011.05.04 21:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2011.05.04 20:26:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Application Data\Avira [2011.05.04 20:21:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira [2011.05.04 20:20:48 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2011.05.04 20:20:40 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2011.05.04 20:20:40 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2011.05.04 20:20:40 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2011.05.04 20:20:39 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2011.05.04 20:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2011.05.04 20:20:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira [2011.05.03 20:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011 [2011.05.03 20:54:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Application Data\1561484 [2011.04.13 09:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\My Documents\DW1 [9 C:\Documents and Settings\***\Desktop\*.tmp files -> C:\Documents and Settings\***\Desktop\*.tmp -> ] [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Documents and Settings\***\My Documents\*.tmp files -> C:\Documents and Settings\***\My Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.05 13:21:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\***\Desktop\OTL.exe [2011.05.05 12:50:19 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2011.05.05 12:49:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.05.05 12:34:00 | 000,001,024 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1993962763-839522115-1003UA.job [2011.05.05 08:34:00 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1993962763-839522115-1003Core.job [2011.05.04 22:13:00 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk [2011.05.04 22:06:36 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\***\Desktop\Shortcut to IEXPLORE.lnk [2011.05.04 22:04:16 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2011.05.04 22:04:14 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe [2011.05.04 21:42:06 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2011.05.04 20:21:11 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk [2011.05.04 18:32:45 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011.05.04 18:32:44 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\***\Desktop\Google Chrome.lnk [2011.05.03 20:55:14 | 000,001,932 | ---- | M] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus_AntiSpyware_2011.lnk [2011.05.02 16:29:35 | 000,000,476 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for ***.job [2011.04.29 21:57:42 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\***\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.29 12:12:00 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2011.04.27 21:30:31 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.04.27 21:30:31 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.04.26 12:05:43 | 000,084,355 | ---- | M] () -- C:\Documents and Settings\***\Desktop\plakat.pdf [2011.04.26 08:30:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.04.21 08:38:46 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2011.04.20 10:19:43 | 000,714,426 | ---- | M] () -- C:\Documents and Settings\***\Desktop\rjesenja.pdf [2011.04.19 12:08:54 | 000,211,820 | ---- | M] () -- C:\Documents and Settings\***\My Documents\Elektricna ograda.pdf [2011.04.14 12:05:39 | 000,714,426 | ---- | M] () -- C:\Documents and Settings\*** \My Documents\rjesenja.pdf [9 C:\Documents and Settings\***\Desktop\*.tmp files -> C:\Documents and Settings\***\Desktop\*.tmp -> ] [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Documents and Settings\***\My Documents\*.tmp files -> C:\Documents and Settings\***\My Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.05 12:09:06 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2011.05.04 22:13:00 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk [2011.05.04 22:13:00 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk [2011.05.04 22:06:36 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\***\Desktop\Shortcut to IEXPLORE.lnk [2011.05.04 21:42:13 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2011.05.04 21:42:06 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2011.05.04 20:21:11 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk [2011.05.03 20:55:13 | 000,001,932 | ---- | C] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus_AntiSpyware_2011.lnk [2011.04.26 12:05:43 | 000,084,355 | ---- | C] () -- C:\Documents and Settings\***\Desktop\plakat.pdf [2011.04.20 10:19:43 | 000,714,426 | ---- | C] () -- C:\Documents and Settings\***\Desktop\rjesenja.pdf [2011.04.19 12:08:54 | 000,211,820 | ---- | C] () -- C:\Documents and Settings\***\My Documents\Elektricna ograda.pdf [2011.04.14 12:05:39 | 000,714,426 | ---- | C] () -- C:\Documents and Settings\***\My Documents\rjesenja.pdf [2011.01.27 10:59:28 | 020,268,251 | ---- | C] () -- C:\Program Files\vlc-1.1.6-win32.exe [2011.01.07 10:52:44 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2011.01.07 10:52:35 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2011.01.07 10:52:34 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2011.01.07 10:52:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2011.01.07 10:52:30 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2011.01.07 10:52:03 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2011.01.07 10:52:01 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2011.01.07 10:51:38 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2011.01.07 10:51:23 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2011.01.05 16:40:25 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat [2011.01.04 22:12:24 | 000,000,218 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2010.12.20 22:46:56 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010.09.10 13:49:13 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5y.DLL [2010.06.01 18:16:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010.05.22 09:27:57 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\*** \Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.21 01:21:23 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2010.05.21 00:57:27 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll [2010.05.21 00:57:26 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll [2010.05.21 00:57:26 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll [2010.05.21 00:51:58 | 001,991,464 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin [2010.05.21 00:51:52 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4953.dll [2010.05.21 00:51:51 | 000,432,400 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin [2010.05.21 00:42:07 | 000,086,016 | ---- | C] () -- C:\WINDOWS\stk2135bsrv.exe [2010.05.21 00:41:44 | 000,522,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBSTK1.sys [2010.05.21 00:41:44 | 000,299,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBSTK0.sys [2010.05.21 00:41:44 | 000,173,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBSTK.sys [2010.05.21 00:41:44 | 000,145,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBSTK2.sys [2010.05.21 00:41:44 | 000,025,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBSTK3.sys [2010.05.21 00:41:43 | 000,055,824 | ---- | C] () -- C:\WINDOWS\CamUnist.exe [2010.05.20 22:02:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010.05.20 21:53:59 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010.05.20 14:43:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010.05.20 14:41:46 | 000,283,720 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009.02.09 18:48:24 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2008.03.07 17:43:56 | 000,084,734 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4 [2008.03.07 14:47:30 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml [2002.12.31 14:00:00 | 000,435,828 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2002.12.31 14:00:00 | 000,068,558 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2002.12.31 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [2000.10.26 03:15:00 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll < End of report > Besten Dank für jegliche Hilfe! |
|
05.05.2011, 15:39
| #2 |
| /// Malware-holic   | Kann mit keinem browser googlemail öffnen - 404 Not Found hallo,
__________________öffne avira, poste die ganzen fundmeldungen. falls es ein avira scan war, schaue unter avira, reports. falls es guard funde waren, avira, ereignisse.
__________________ |
|
05.05.2011, 20:15
| #3 |
| | Kann mit keinem browser googlemail öffnen - 404 Not Found Hi,
__________________hier die Avira Reports, beginnend mit dem Ältesten: 1. Start of the scan: 4. May 2011 20:28 Starting search for hidden objects. An ARK library instance is already running. The scan of running processes will be started Scan process 'msdtc.exe' - '49' Module(s) have been scanned Scan process 'dllhost.exe' - '58' Module(s) have been scanned Scan process 'dllhost.exe' - '51' Module(s) have been scanned Scan process 'vssvc.exe' - '44' Module(s) have been scanned Scan process 'avscan.exe' - '69' Module(s) have been scanned Scan process 'wuauclt.exe' - '40' Module(s) have been scanned Scan process 'update.exe' - '60' Module(s) have been scanned Scan process 'alg.exe' - '41' Module(s) have been scanned Scan process 'skypePM.exe' - '57' Module(s) have been scanned Scan process 'wmiprvse.exe' - '50' Module(s) have been scanned Scan process 'avscan.exe' - '72' Module(s) have been scanned Scan process 'ctfmon.exe' - '33' Module(s) have been scanned Scan process 'BTSTAC~1.EXE' - '58' Module(s) have been scanned Scan process 'mscj2.exe' - '55' Module(s) have been scanned Module is infected -> <C:\Documents and Settings\***\Application Data\1561484\mscj2.exe> [DETECTION] Is the TR/Vilsel.ayjv Trojan [NOTE] Process 'mscj2.exe' was terminated [WARNING] An error has occurred and the file was not deleted. ErrorID: 26004 [WARNING] The source file could not be found. [NOTE] Attempting to perform action using the ARK library. [WARNING] The file could not be copied to quarantine! [WARNING] An exception has been identified! Scan process 'BTTray.exe' - '54' Module(s) have been scanned Scan process 'avcenter.exe' - '67' Module(s) have been scanned Scan process 'Skype.exe' - '125' Module(s) have been scanned Scan process 'ctfmon.exe' - '33' Module(s) have been scanned Scan process 'avgnt.exe' - '61' Module(s) have been scanned Scan process 'MobileConnect.exe' - '119' Module(s) have been scanned Scan process 'igfxsrvc.exe' - '27' Module(s) have been scanned Scan process 'igfxpers.exe' - '29' Module(s) have been scanned Scan process 'hkcmd.exe' - '32' Module(s) have been scanned Scan process 'DDmService.exe' - '34' Module(s) have been scanned Scan process 'DivXUpdate.exe' - '56' Module(s) have been scanned Scan process 'jusched.exe' - '25' Module(s) have been scanned Scan process 'winampa.exe' - '25' Module(s) have been scanned Scan process 'GrooveMonitor.exe' - '38' Module(s) have been scanned Scan process 'Reader_sl.exe' - '24' Module(s) have been scanned Scan process 'wmiprvse.exe' - '57' Module(s) have been scanned Scan process 'avshadow.exe' - '33' Module(s) have been scanned Scan process 'wuauclt.exe' - '46' Module(s) have been scanned Scan process 'Explorer.EXE' - '105' Module(s) have been scanned Scan process 'btwdins.exe' - '24' Module(s) have been scanned Scan process 'stk2135bsrv.exe' - '20' Module(s) have been scanned Scan process 'VMCService.exe' - '61' Module(s) have been scanned Scan process 'svchost.exe' - '46' Module(s) have been scanned Scan process 'RegSrvc.exe' - '33' Module(s) have been scanned Scan process 'jqs.exe' - '39' Module(s) have been scanned Scan process 'EvtEng.exe' - '85' Module(s) have been scanned Scan process 'avguard.exe' - '61' Module(s) have been scanned Scan process 'acs.exe' - '54' Module(s) have been scanned Scan process 'svchost.exe' - '38' Module(s) have been scanned Scan process 'sched.exe' - '43' Module(s) have been scanned Scan process 'spoolsv.exe' - '69' Module(s) have been scanned Scan process 'vpnagent.exe' - '69' Module(s) have been scanned Scan process 'svchost.exe' - '44' Module(s) have been scanned Scan process 'svchost.exe' - '40' Module(s) have been scanned Scan process 'S24EvMon.exe' - '79' Module(s) have been scanned Scan process 'svchost.exe' - '162' Module(s) have been scanned Scan process 'svchost.exe' - '45' Module(s) have been scanned Scan process 'svchost.exe' - '53' Module(s) have been scanned Scan process 'lsass.exe' - '63' Module(s) have been scanned Scan process 'savedump.exe' - '34' Module(s) have been scanned Scan process 'services.exe' - '37' Module(s) have been scanned Scan process 'winlogon.exe' - '66' Module(s) have been scanned Scan process 'csrss.exe' - '11' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '301' files ). End of the scan: 4. May 2011 20:31 Used time: 02:57 Minute(s) The scan has been canceled! 0 Scanned directories 3306 Files were scanned 1 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 3305 Files not concerned 0 Archives were scanned 2. Start of the scan: 4. May 2011 20:28 The scan of running processes will be started Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'skypePM.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'BTSTAC~1.EXE' - '1' Module(s) have been scanned Scan process 'mscj2.exe' - '1' Module(s) have been scanned Module is infected -> <C:\Documents and Settings\***\Application Data\1561484\mscj2.exe> [DETECTION] Is the TR/Vilsel.ayjv Trojan Scan process 'BTTray.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'Skype.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'MobileConnect.exe' - '1' Module(s) have been scanned Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned Scan process 'igfxpers.exe' - '1' Module(s) have been scanned Scan process 'hkcmd.exe' - '1' Module(s) have been scanned Scan process 'DDmService.exe' - '1' Module(s) have been scanned Scan process 'DivXUpdate.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'winampa.exe' - '1' Module(s) have been scanned Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned Scan process 'Reader_sl.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'avshadow.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'Explorer.EXE' - '1' Module(s) have been scanned Scan process 'btwdins.exe' - '1' Module(s) have been scanned Scan process 'stk2135bsrv.exe' - '1' Module(s) have been scanned Scan process 'VMCService.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'EvtEng.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'acs.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'vpnagent.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'savedump.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned Starting the file scan: Begin scan in 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe' The registration entry <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr> was removed successfully. The registration entry <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr> was removed successfully. C:\Documents and Settings\***\Application Data\1561484\mscj2.exe [DETECTION] Is the TR/Vilsel.ayjv Trojan [NOTE] The file was moved to the quarantine directory under the name '54d91f51.qua'. The repair notes were written to the file 'C:\avrescue\rescue.avp'. End of the scan: 4. May 2011 20:36 Used time: 01:59 Minute(s) The scan has been done completely. 0 Scanned directories 52 Files were scanned 2 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 1 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 50 Files not concerned 0 Archives were scanned 0 Warnings 1 Notes The scan results will be transferred to the Guard. 3. Start of the scan: 4. May 2011 21:02 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'plugin-container.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'msdtc.exe' - '1' Module(s) have been scanned Scan process 'dllhost.exe' - '1' Module(s) have been scanned Scan process 'dllhost.exe' - '1' Module(s) have been scanned Scan process 'vssvc.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'skypePM.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'BTSTAC~1.EXE' - '1' Module(s) have been scanned Scan process 'BTTray.exe' - '1' Module(s) have been scanned Scan process 'Skype.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'MobileConnect.exe' - '1' Module(s) have been scanned Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned Scan process 'igfxpers.exe' - '1' Module(s) have been scanned Scan process 'hkcmd.exe' - '1' Module(s) have been scanned Scan process 'DDmService.exe' - '1' Module(s) have been scanned Scan process 'DivXUpdate.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'winampa.exe' - '1' Module(s) have been scanned Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned Scan process 'btwdins.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'Explorer.EXE' - '1' Module(s) have been scanned Scan process 'avshadow.exe' - '1' Module(s) have been scanned Scan process 'stk2135bsrv.exe' - '1' Module(s) have been scanned Scan process 'VMCService.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'EvtEng.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'acs.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'vpnagent.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned Starting the file scan: Begin scan in 'C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\securityhelper.exe' C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\securityhelper.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '4caf0243.qua'. End of the scan: 4. May 2011 21:02 Used time: 00:13 Minute(s) The scan has been done completely. 0 Scanned directories 56 Files were scanned 1 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 1 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 55 Files not concerned 0 Archives were scanned 0 Warnings 1 Notes The scan results will be transferred to the Guard. 4. Start of the scan: 4. May 2011 21:39 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'plugin-container.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'msdtc.exe' - '1' Module(s) have been scanned Scan process 'dllhost.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'skypePM.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'BTSTAC~1.EXE' - '1' Module(s) have been scanned Scan process 'BTTray.exe' - '1' Module(s) have been scanned Scan process 'Skype.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'MobileConnect.exe' - '1' Module(s) have been scanned Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned Scan process 'igfxpers.exe' - '1' Module(s) have been scanned Scan process 'hkcmd.exe' - '1' Module(s) have been scanned Scan process 'DDmService.exe' - '1' Module(s) have been scanned Scan process 'DivXUpdate.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'winampa.exe' - '1' Module(s) have been scanned Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned Scan process 'btwdins.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'Explorer.EXE' - '1' Module(s) have been scanned Scan process 'avshadow.exe' - '1' Module(s) have been scanned Scan process 'stk2135bsrv.exe' - '1' Module(s) have been scanned Scan process 'VMCService.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'EvtEng.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'acs.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'vpnagent.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned Starting the file scan: Begin scan in 'C:\Documents and Settings\***\My Documents\Downloads\Setup.exe' C:\Documents and Settings\***\My Documents\Downloads\Setup.exe [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen2 adware or spyware [NOTE] The file was moved to the quarantine directory under the name '4cbe0a83.qua'. End of the scan: 4. May 2011 21:39 Used time: 00:11 Minute(s) The scan has been done completely. 0 Scanned directories 53 Files were scanned 1 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 1 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 52 Files not concerned 0 Archives were scanned 0 Warnings 1 Notes The scan results will be transferred to the Guard. 5. Start of the scan: 4. May 2011 20:40 Starting search for hidden objects. The scan of running processes will be started Scan process 'plugin-container.exe' - '65' Module(s) have been scanned Scan process 'firefox.exe' - '128' Module(s) have been scanned Scan process 'msdtc.exe' - '49' Module(s) have been scanned Scan process 'dllhost.exe' - '66' Module(s) have been scanned Scan process 'dllhost.exe' - '54' Module(s) have been scanned Scan process 'vssvc.exe' - '54' Module(s) have been scanned Scan process 'avscan.exe' - '78' Module(s) have been scanned Scan process 'alg.exe' - '41' Module(s) have been scanned Scan process 'wuauclt.exe' - '40' Module(s) have been scanned Scan process 'skypePM.exe' - '57' Module(s) have been scanned Scan process 'wmiprvse.exe' - '49' Module(s) have been scanned Scan process 'BTSTAC~1.EXE' - '58' Module(s) have been scanned Scan process 'BTTray.exe' - '54' Module(s) have been scanned Scan process 'Skype.exe' - '125' Module(s) have been scanned Scan process 'ctfmon.exe' - '33' Module(s) have been scanned Scan process 'avgnt.exe' - '53' Module(s) have been scanned Scan process 'MobileConnect.exe' - '119' Module(s) have been scanned Scan process 'igfxsrvc.exe' - '27' Module(s) have been scanned Scan process 'igfxpers.exe' - '29' Module(s) have been scanned Scan process 'hkcmd.exe' - '32' Module(s) have been scanned Scan process 'DDmService.exe' - '34' Module(s) have been scanned Scan process 'DivXUpdate.exe' - '52' Module(s) have been scanned Scan process 'jusched.exe' - '25' Module(s) have been scanned Scan process 'winampa.exe' - '25' Module(s) have been scanned Scan process 'GrooveMonitor.exe' - '38' Module(s) have been scanned Scan process 'btwdins.exe' - '24' Module(s) have been scanned Scan process 'wmiprvse.exe' - '53' Module(s) have been scanned Scan process 'Explorer.EXE' - '88' Module(s) have been scanned Scan process 'avshadow.exe' - '33' Module(s) have been scanned Scan process 'stk2135bsrv.exe' - '20' Module(s) have been scanned Scan process 'VMCService.exe' - '61' Module(s) have been scanned Scan process 'svchost.exe' - '45' Module(s) have been scanned Scan process 'RegSrvc.exe' - '33' Module(s) have been scanned Scan process 'jqs.exe' - '39' Module(s) have been scanned Scan process 'EvtEng.exe' - '85' Module(s) have been scanned Scan process 'avguard.exe' - '60' Module(s) have been scanned Scan process 'acs.exe' - '54' Module(s) have been scanned Scan process 'svchost.exe' - '38' Module(s) have been scanned Scan process 'sched.exe' - '43' Module(s) have been scanned Scan process 'spoolsv.exe' - '69' Module(s) have been scanned Scan process 'vpnagent.exe' - '69' Module(s) have been scanned Scan process 'svchost.exe' - '44' Module(s) have been scanned Scan process 'svchost.exe' - '40' Module(s) have been scanned Scan process 'S24EvMon.exe' - '79' Module(s) have been scanned Scan process 'svchost.exe' - '159' Module(s) have been scanned Scan process 'svchost.exe' - '45' Module(s) have been scanned Scan process 'svchost.exe' - '53' Module(s) have been scanned Scan process 'lsass.exe' - '63' Module(s) have been scanned Scan process 'services.exe' - '37' Module(s) have been scanned Scan process 'winlogon.exe' - '66' Module(s) have been scanned Scan process 'csrss.exe' - '11' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Starting to scan executable files (registry). C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\AntiVirus AntiSpyware.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan The registry was scanned ( '410' files ). Starting the file scan: Begin scan in 'C:\' C:\Documents and Settings\***\Application Data\1561484\bbzzkzz18.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\AntiVirus AntiSpyware.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\securityhelper.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\securitymanager.exe [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\6.0\24\604aca18-27d5d440 [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the JAVA/MundGura.D Java virus --> google/stomp.class [DETECTION] Contains recognition pattern of the JAVA/MundGura.D Java virus C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\6.0\54\385f7636-4bd16492 [DETECTION] Contains recognition pattern of the JAVA/Exdoer.BE.2 Java virus C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\6.0\54\61b14836-197a8946 [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the JAVA/Rast.A Java virus --> folder/Ump_45.class [DETECTION] Contains recognition pattern of the JAVA/Rast.A Java virus C:\Documents and Settings\***\My Documents\Downloads\Setup.exe [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen2 adware or spyware C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP94\A0108165.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan Beginning disinfection: C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP94\A0108165.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '47291d54.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Documents and Settings\***\My Documents\Downloads\Setup.exe [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen2 adware or spyware [WARNING] The file could not be copied to the quarantine directory. [WARNING] The source file could not be found. [NOTE] The file was deleted! C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\6.0\54\61b14836-197a8946 [DETECTION] Contains recognition pattern of the JAVA/Rast.A Java virus [NOTE] A backup was created as '5c6f32f5.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\6.0\54\385f7636-4bd16492 [DETECTION] Contains recognition pattern of the JAVA/Exdoer.BE.2 Java virus [NOTE] A backup was created as '0de56814.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\6.0\24\604aca18-27d5d440 [DETECTION] Contains recognition pattern of the JAVA/MundGura.D Java virus [NOTE] A backup was created as '6bd127de.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\securitymanager.exe [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan [NOTE] A backup was created as '2d840abd.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\securityhelper.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [WARNING] The file could not be copied to the quarantine directory. [WARNING] The source file could not be found. [NOTE] The file was deleted! C:\Documents and Settings\***\Application Data\1561484\bbzzkzz18.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '528038d2.qua' ( QUARANTINE ) [NOTE] The file was deleted! The registration entry <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr> was removed successfully. C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\AntiVirus AntiSpyware.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The registration entry <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiVirus_AntiSpyware_2011> was removed successfully. [NOTE] A backup was created as '1e361483.qua' ( QUARANTINE ) [NOTE] The file was deleted! End of the scan: 4. May 2011 22:39 Used time: 1:56:02 Hour(s) The scan has been done completely. 7994 Scanned directories 879467 Files were scanned 10 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 9 files were deleted 0 Viruses and unwanted programs were repaired 7 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 879457 Files not concerned 11185 Archives were scanned 2 Warnings 9 Notes 381721 Objects were scanned with rootkit scan 0 Hidden objects were found 6. Start of the scan: 5. May 2011 08:38 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'jucheck.exe' - '1' Module(s) have been scanned Scan process 'plugin-container.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'AAWTray.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'unsecapp.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'BTSTAC~1.EXE' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'btwdins.exe' - '1' Module(s) have been scanned Scan process 'stk2135bsrv.exe' - '1' Module(s) have been scanned Scan process 'VMCService.exe' - '1' Module(s) have been scanned Scan process 'avshadow.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'EvtEng.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'acs.exe' - '1' Module(s) have been scanned Scan process 'BTTray.exe' - '1' Module(s) have been scanned Scan process 'Skype.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'MobileConnect.exe' - '1' Module(s) have been scanned Scan process 'igfxpers.exe' - '1' Module(s) have been scanned Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned Scan process 'hkcmd.exe' - '1' Module(s) have been scanned Scan process 'DDmService.exe' - '1' Module(s) have been scanned Scan process 'DivXUpdate.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'winampa.exe' - '1' Module(s) have been scanned Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned Scan process 'Explorer.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'AAWService.exe' - '1' Module(s) have been scanned Scan process 'vpnagent.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned Starting the file scan: Begin scan in 'C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108176.exe' C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108176.exe [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '4fa6e771.qua'. End of the scan: 5. May 2011 08:38 Used time: 00:08 Minute(s) The scan has been done completely. 0 Scanned directories 52 Files were scanned 1 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 1 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 51 Files not concerned 0 Archives were scanned 0 Warnings 1 Notes The scan results will be transferred to the Guard. 7. Start of the scan: 5. May 2011 11:40 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned Scan process 'Adobe_Updater.exe' - '1' Module(s) have been scanned Scan process 'Ad-Aware.exe' - '1' Module(s) have been scanned Scan process 'jucheck.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'AAWTray.exe' - '1' Module(s) have been scanned Scan process 'skypePM.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'unsecapp.exe' - '1' Module(s) have been scanned Scan process 'BTSTAC~1.EXE' - '1' Module(s) have been scanned Scan process 'BTTray.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'Skype.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned Scan process 'MobileConnect.exe' - '1' Module(s) have been scanned Scan process 'igfxpers.exe' - '1' Module(s) have been scanned Scan process 'hkcmd.exe' - '1' Module(s) have been scanned Scan process 'btwdins.exe' - '1' Module(s) have been scanned Scan process 'DivXUpdate.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'winampa.exe' - '1' Module(s) have been scanned Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned Scan process 'stk2135bsrv.exe' - '1' Module(s) have been scanned Scan process 'Explorer.EXE' - '1' Module(s) have been scanned Scan process 'VMCService.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'avshadow.exe' - '1' Module(s) have been scanned Scan process 'EvtEng.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'acs.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'AAWService.exe' - '1' Module(s) have been scanned Scan process 'vpnagent.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned Starting the file scan: Begin scan in 'C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108177.exe' C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108177.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '4fa6d1d0.qua'. Begin scan in 'C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108178.exe' C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108178.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '5731fe77.qua'. End of the scan: 5. May 2011 11:40 Used time: 00:16 Minute(s) The scan has been done completely. 0 Scanned directories 54 Files were scanned 2 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 2 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 52 Files not concerned 0 Archives were scanned 0 Warnings 2 Notes The scan results will be transferred to the Guard. Hier die Avira Ereignisse, wieder beginnend mit dem Ältesten: Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access Virus or unwanted program 'TR/Vilsel.ayjv [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe. Action performed: Deny access The file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe' contained a virus or unwanted program 'TR/Vilsel.ayjv' [trojan] Action(s) taken: The registration entry <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mscj2> could not be removed. An error has occurred and the file was not deleted. ErrorID: 26003. The file could not be deleted! Attempting to perform action using the ARK library. The file was moved to the quarantine directory under the name '54d91f51.qua'. The registration entry <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mscj2> could not be removed. Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\securityhelper.exe. Action performed: Deny access Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]' detected in file 'C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\securityhelper.exe. Action performed: Deny access The file 'C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\securityhelper.exe' contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan] Action(s) taken: The file was moved to the quarantine directory under the name '4caf0243.qua'. Virus or unwanted program 'ADSPY/AdSpy.Gen2 [adware]' detected in file 'C:\Documents and Settings\***\My Documents\Downloads\Setup.exe. Action performed: Deny access The file 'C:\Documents and Settings\***\My Documents\Downloads\Setup.exe' contained a virus or unwanted program 'ADSPY/AdSpy.Gen2' [adware] Action(s) taken: The file was moved to the quarantine directory under the name '4cbe0a83.qua'. The file 'C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP94\A0108165.exe' contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan] Action(s) taken: A backup was created as '47291d54.qua' ( QUARANTINE ). The file was deleted! The file 'C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\6.0\54\385f7636-4bd16492' contained a virus or unwanted program 'JAVA/Exdoer.BE.2' [virus] Action(s) taken: A backup was created as '0de56814.qua' ( QUARANTINE ). The file was deleted! The file 'C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\6.0\24\604aca18-27d5d440' contained a virus or unwanted program 'JAVA/MundGura.D' [virus] Action(s) taken: A backup was created as '6bd127de.qua' ( QUARANTINE ). The file was deleted! The file 'C:\Documents and Settings\***\My Documents\Downloads\Setup.exe' contained a virus or unwanted program 'ADSPY/AdSpy.Gen2' [adware] Action(s) taken: The file could not be copied to the quarantine directory. The source file could not be found. The file was deleted! The file 'C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\6.0\54\61b14836-197a8946' contained a virus or unwanted program 'JAVA/Rast.A' [virus] Action(s) taken: A backup was created as '5c6f32f5.qua' ( QUARANTINE ). The file was deleted! The file 'C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\securityhelper.exe' contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan] Action(s) taken: The file could not be copied to the quarantine directory. The source file could not be found. The file was deleted! The file 'C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\securitymanager.exe' contained a virus or unwanted program 'TR/Crypt.ZPACK.Gen' [trojan] Action(s) taken: A backup was created as '2d840abd.qua' ( QUARANTINE ). The file was deleted! The file 'C:\Documents and Settings\***\Application Data\1561484\bbzzkzz18.exe' contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan] Action(s) taken: A backup was created as '528038d2.qua' ( QUARANTINE ). The file was deleted! The file 'C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\AntiVirus AntiSpyware.exe' contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan] Action(s) taken: The registration entry <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiVirus_AntiSpyware_2011> was removed successfully. A backup was created as '1e361483.qua' ( QUARANTINE ). The file was deleted! Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]' detected in file 'C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108176.exe. Action performed: Deny access The file 'C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108176.exe' contained a virus or unwanted program 'TR/Crypt.ZPACK.Gen' [trojan] Action(s) taken: The file was moved to the quarantine directory under the name '4fa6e771.qua'. Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]' detected in file 'C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108177.exe. Action performed: Deny access Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]' detected in file 'C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108178.exe. Action performed: Deny access The file 'C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108177.exe' contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan] Action(s) taken: The file was moved to the quarantine directory under the name '4fa6d1d0.qua'. The file 'C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108178.exe' contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan] Action(s) taken: The file was moved to the quarantine directory under the name '5731fe77.qua'. |
|
05.05.2011, 20:26
| #4 |
| /// Malware-holic | Kann mit keinem browser googlemail öffnen - 404 Not Found warum ist avira bei dir auf englisch :-) Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.05.2011, 21:07
| #5 |
| | Kann mit keinem browser googlemail öffnen - 404 Not Found Is doch klar mann, weil ich hier voll cool rüberkommen will  Vielen Dank schon mal für Deine Hilfe! Hier also der OTL-File:OTL Logfile: Code:
ATTFilter OTL logfile created on: 5.5.2011 21:51:25 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\***\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 0000041A | Country: *** | Language: HRV | Date Format: d.M.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): c:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232,88 Gb Total Space | 151,01 Gb Free Space | 64,85% Space Free | Partition Type: NTFS Computer Name: R2D2 | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Documents and Settings\***\Local Settings\Temp\{29A1889A-AC4C-461A-B5AB-1D459ECA1EBF}\{061A431C-86E7-4DB4-92B8-36DE783865CF}\STK2135\Win2KXP\stk2135bsrv.exe () PRC - C:\WINDOWS\system32\acs.exe (Atheros) PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation) PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.) MOD - C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll () MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (XYNTService) -- C:\Documents and Settings\***\Local Settings\Temp\{29A1889A-AC4C-461A-B5AB-1D459ECA1EBF}\{061A431C-86E7-4DB4-92B8-36DE783865CF}\STK2135\Win2KXP\stk2135bsrv.exe () SRV - (acs) -- C:\WINDOWS\system32\acs.exe (Atheros) SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation) SRV - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys () DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (vpnva) -- C:\WINDOWS\system32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.) DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (DCamUSBGene) -- C:\WINDOWS\system32\drivers\USBSTK.sys () DRV - (CnxtHdAudService) -- C:\WINDOWS\system32\drivers\CHDAU32.sys (Conexant Systems Inc.) DRV - (IntcHdmiAddService) Intel(R) -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-117609710-1993962763-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.hr/ IE - HKU\S-1-5-21-117609710-1993962763-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010.12.25 00:16:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010.12.25 00:16:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.04 22:46:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.04 22:46:32 | 000,000,000 | ---D | M] [2010.06.01 18:18:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\***\Application Data\Mozilla\Extensions [2011.05.05 20:52:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\wd2x791w.default\extensions [2010.07.25 20:31:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\wd2x791w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.10 23:29:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\wd2x791w.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} [2011.05.05 20:52:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.02.18 14:02:07 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.05.05 12:25:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2010.12.25 00:16:29 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO [2010.12.25 00:16:29 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA [2010.07.07 11:40:31 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.06.29 06:01:22 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll O1 HOSTS File: ([2011.01.07 11:34:20 | 000,000,984 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 213.175.216.204 google.com www.google.com O1 - Hosts: 213.175.216.205 mail.google.com O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKU\S-1-5-21-117609710-1993962763-839522115-1003\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-21-117609710-1993962763-839522115-1003..\Run: [mscj2] File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-117609710-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\***\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\***\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.05.20 21:57:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{8999d418-6756-11df-87cf-001fe2e62a20}\Shell - "" = AutoRun O33 - MountPoints2\{8999d418-6756-11df-87cf-001fe2e62a20}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{8999d418-6756-11df-87cf-001fe2e62a20}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{a9e3bd4c-6463-11df-87c4-0016ead7c7d4}\Shell - "" = AutoRun O33 - MountPoints2\{a9e3bd4c-6463-11df-87c4-0016ead7c7d4}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a9e3bd4c-6463-11df-87c4-0016ead7c7d4}\Shell\AutoRun\command - "" = E:\autorun.exe O33 - MountPoints2\{b444c885-682f-11df-87d1-001fe2e62a20}\Shell - "" = AutoRun O33 - MountPoints2\{b444c885-682f-11df-87d1-001fe2e62a20}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b444c885-682f-11df-87d1-001fe2e62a20}\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\{b444c886-682f-11df-87d1-001fe2e62a20}\Shell - "" = AutoRun O33 - MountPoints2\{b444c886-682f-11df-87d1-001fe2e62a20}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b444c886-682f-11df-87d1-001fe2e62a20}\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\{c3f7577f-2332-11e0-890d-001fe2e62a20}\Shell - "" = AutoRun O33 - MountPoints2\{c3f7577f-2332-11e0-890d-001fe2e62a20}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c3f7577f-2332-11e0-890d-001fe2e62a20}\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\{f83ba03f-828c-11df-8819-001fe2e62a20}\Shell - "" = AutoRun O33 - MountPoints2\{f83ba03f-828c-11df-8819-001fe2e62a20}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f83ba03f-828c-11df-8819-001fe2e62a20}\Shell\AutoRun\command - "" = E:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: vsmon - Service SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {1FD8ED71-1A9E-7373-8EFE-92642CA9E2B9} - NetShow ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {8AC7ABE3-B60B-71F8-3FB6-750453DEBBB4} - Internet Explorer ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {9E2041D7-C2AF-D758-DC55-A11CB6AFA7D0} - Themes Setup ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player 9 ActiveX ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point (55182706186649600) ========== Files/Folders - Created Within 30 Days ========== [2011.05.05 13:21:53 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\***\Desktop\OTL.exe [2011.05.05 12:26:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011.05.05 12:25:48 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011.05.05 12:25:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011.05.05 12:25:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2011.05.05 08:07:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs [2011.05.04 23:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0 [2011.05.04 22:38:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2011.05.04 22:13:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Local Settings\Application Data\Opera [2011.05.04 22:13:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Application Data\Opera [2011.05.04 22:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\Opera [2011.05.04 22:04:17 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2011.05.04 21:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy [2011.05.04 21:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011.05.04 21:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2011.05.04 21:41:52 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2011.05.04 21:41:38 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2011.05.04 21:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft [2011.05.04 21:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2011.05.04 20:26:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Application Data\Avira [2011.05.04 20:21:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira [2011.05.04 20:20:48 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2011.05.04 20:20:40 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2011.05.04 20:20:40 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2011.05.04 20:20:40 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2011.05.04 20:20:39 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2011.05.04 20:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2011.05.04 20:20:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira [2011.05.03 20:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011 [2011.05.03 20:54:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Application Data\1561484 [2011.04.13 09:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\My Documents\DW1 [9 C:\Documents and Settings\***\Desktop\*.tmp files -> C:\Documents and Settings\***\Desktop\*.tmp -> ] [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Documents and Settings\***\My Documents\*.tmp files -> C:\Documents and Settings\***\My Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.05 21:46:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\***\Desktop\OTL.exe [2011.05.05 21:43:15 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2011.05.05 21:42:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.05.05 15:34:00 | 000,001,024 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1993962763-839522115-1003UA.job [2011.05.05 14:09:39 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2011.05.05 08:34:00 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1993962763-839522115-1003Core.job [2011.05.04 22:13:00 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk [2011.05.04 22:06:36 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\***\Desktop\Shortcut to IEXPLORE.lnk [2011.05.04 22:04:16 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2011.05.04 22:04:14 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe [2011.05.04 21:42:06 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2011.05.04 20:21:11 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk [2011.05.04 18:32:45 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011.05.04 18:32:44 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\***\Desktop\Google Chrome.lnk [2011.05.03 20:55:14 | 000,001,932 | ---- | M] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus_AntiSpyware_2011.lnk [2011.05.02 16:29:35 | 000,000,476 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for ***.job [2011.04.29 21:57:42 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\***\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.29 12:12:00 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2011.04.27 21:30:31 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.04.27 21:30:31 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.04.26 12:05:43 | 000,084,355 | ---- | M] () -- C:\Documents and Settings\***\Desktop\plakat.pdf [2011.04.26 08:30:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.04.20 10:19:43 | 000,714,426 | ---- | M] () -- C:\Documents and Settings\***\Desktop\rjesenja.pdf [2011.04.19 12:08:54 | 000,211,820 | ---- | M] () -- C:\Documents and Settings\***\My Documents\Elektricna ograda.pdf [2011.04.14 12:05:39 | 000,714,426 | ---- | M] () -- C:\Documents and Settings\***\My Documents\rjesenja.pdf [9 C:\Documents and Settings\***\Desktop\*.tmp files -> C:\Documents and Settings\***\Desktop\*.tmp -> ] [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Documents and Settings\***\My Documents\*.tmp files -> C:\Documents and Settings\***\My Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.05 12:09:06 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2011.05.04 22:13:00 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk [2011.05.04 22:13:00 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk [2011.05.04 22:06:36 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\***\Desktop\Shortcut to IEXPLORE.lnk [2011.05.04 21:42:13 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2011.05.04 21:42:06 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2011.05.04 20:21:11 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk [2011.05.03 20:55:13 | 000,001,932 | ---- | C] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus_AntiSpyware_2011.lnk [2011.04.26 12:05:43 | 000,084,355 | ---- | C] () -- C:\Documents and Settings\***\Desktop\plakat.pdf [2011.04.20 10:19:43 | 000,714,426 | ---- | C] () -- C:\Documents and Settings\***\Desktop\rjesenja.pdf [2011.04.19 12:08:54 | 000,211,820 | ---- | C] () -- C:\Documents and Settings\***\My Documents\Elektricna ograda.pdf [2011.04.14 12:05:39 | 000,714,426 | ---- | C] () -- C:\Documents and Settings\***\My Documents\rjesenja.pdf [2011.01.27 10:59:28 | 020,268,251 | ---- | C] () -- C:\Program Files\vlc-1.1.6-win32.exe [2011.01.07 10:52:44 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2011.01.07 10:52:35 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2011.01.07 10:52:34 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2011.01.07 10:52:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2011.01.07 10:52:30 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2011.01.07 10:52:03 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2011.01.07 10:52:01 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2011.01.07 10:51:38 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2011.01.07 10:51:23 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2011.01.05 16:40:25 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat [2011.01.04 22:12:24 | 000,000,218 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2010.12.20 22:46:56 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010.09.10 13:49:13 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5y.DLL [2010.06.01 18:16:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010.05.22 09:27:57 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\***\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.21 01:21:23 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2010.05.21 00:57:27 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll [2010.05.21 00:57:26 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll [2010.05.21 00:57:26 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll [2010.05.21 00:51:58 | 001,991,464 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin [2010.05.21 00:51:52 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4953.dll [2010.05.21 00:51:51 | 000,432,400 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin [2010.05.21 00:42:07 | 000,086,016 | ---- | C] () -- C:\WINDOWS\stk2135bsrv.exe [2010.05.21 00:41:44 | 000,522,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBSTK1.sys [2010.05.21 00:41:44 | 000,299,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBSTK0.sys [2010.05.21 00:41:44 | 000,173,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBSTK.sys [2010.05.21 00:41:44 | 000,145,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBSTK2.sys [2010.05.21 00:41:44 | 000,025,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBSTK3.sys [2010.05.21 00:41:43 | 000,055,824 | ---- | C] () -- C:\WINDOWS\CamUnist.exe [2010.05.20 22:02:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010.05.20 21:53:59 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010.05.20 14:43:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010.05.20 14:41:46 | 000,283,720 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009.02.09 18:48:24 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2008.03.07 17:43:56 | 000,084,734 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4 [2008.03.07 14:47:30 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml [2002.12.31 14:00:00 | 000,435,828 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2002.12.31 14:00:00 | 000,068,558 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2002.12.31 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [2000.10.26 03:15:00 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll ========== LOP Check ========== [2010.05.22 09:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus [2010.08.24 15:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco [2010.05.21 01:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MapInfo [2010.12.11 13:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel [2011.01.14 11:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone [2010.12.05 10:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone(2) [2010.06.17 12:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Azureus [2011.02.04 23:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\CheckPoint [2010.05.26 02:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Vodafone [2010.10.08 13:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\XSManager [2010.05.24 19:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Vodafone [2010.05.21 02:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\XSManager [2011.05.04 22:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\1561484 [2011.05.04 22:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011 [2011.04.18 13:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Azureus [2010.12.22 16:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\BESTplayer [2011.01.05 16:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\CheckPoint [2010.12.12 16:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Eclipse [2010.12.25 00:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Local [2010.10.04 17:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\MapInfo [2011.05.04 22:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Opera [2010.12.23 14:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Raptr [2011.01.05 13:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Tific [2010.05.24 19:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Vodafone [2010.10.08 13:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\XSManager(2) [2010.10.10 09:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\XSManager(3) [2011.05.05 21:43:15 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > [2010.05.21 01:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe [2010.05.21 00:57:28 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data\Atheros [2011.05.04 20:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira [2010.05.22 09:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus [2010.08.24 15:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco [2010.12.25 00:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivX [2010.05.21 01:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet [2010.12.25 11:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google [2010.05.24 19:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield [2010.05.21 01:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel [2011.05.04 21:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2010.05.21 01:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MapInfo [2010.12.23 14:54:58 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2011.04.18 08:56:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help [2011.05.04 20:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton [2011.01.07 11:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller [2010.12.11 13:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel [2010.12.24 10:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype [2011.05.04 21:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2010.07.07 11:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun [2010.07.26 22:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec [2011.01.14 11:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone [2010.12.05 10:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone(2) < %ALLUSERSPROFILE%\Application Data\*.exe /s > [2010.12.25 00:15:32 | 000,056,969 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe [2010.12.25 00:15:36 | 000,057,591 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe [2010.12.25 00:15:43 | 000,054,128 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Converter\Uninstaller.exe [2010.12.25 00:15:44 | 000,054,153 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe [2010.12.25 00:15:46 | 000,056,458 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe [2010.12.25 00:16:32 | 000,064,957 | ---- | M] (DivX, LLC) -- C:\Documents and Settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe [2010.12.25 00:15:45 | 000,054,174 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe [2010.12.25 00:15:46 | 000,057,532 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe [2010.12.25 00:15:47 | 000,054,166 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe [2010.12.25 00:15:47 | 000,057,054 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe [2010.12.25 00:15:37 | 000,054,101 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe [2010.12.25 00:15:30 | 000,052,963 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe [2010.12.25 00:15:31 | 000,062,952 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\OVSHelper\Uninstaller.exe [2010.12.25 00:16:28 | 000,057,736 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Player\Uninstaller.exe [2010.12.25 00:15:36 | 000,054,073 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe [2010.12.25 00:13:21 | 000,903,520 | ---- | M] (DivX, LLC) -- C:\Documents and Settings\All Users\Application Data\DivX\Setup\DivXSetup.exe [2010.12.25 00:15:41 | 000,054,644 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe [2010.12.25 00:15:53 | 000,084,038 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe [2010.12.25 00:16:28 | 000,061,792 | ---- | M] (DivX, LLC) -- C:\Documents and Settings\All Users\Application Data\DivX\Update\Uninstaller.exe [2010.12.25 00:16:32 | 000,066,282 | ---- | M] (DivX, LLC) -- C:\Documents and Settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe [2011.05.02 17:14:04 | 002,146,496 | ---- | M] (Lavasoft Limited) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe [2011.05.02 17:14:11 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe [2011.05.02 17:14:06 | 001,896,192 | ---- | M] (Lavasoft Limited) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe [2011.05.02 17:14:10 | 001,744,312 | ---- | M] (Lavasoft Limited ) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe [2011.05.04 22:04:11 | 001,252,520 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe [2011.05.04 22:04:11 | 000,658,688 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe [2011.05.04 22:04:14 | 000,016,432 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe [2011.05.04 22:04:15 | 001,159,232 | ---- | M] (Lavasoft Limited) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe < %APPDATA%\*. > [2011.05.04 22:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\1561484 [2010.05.21 01:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Adobe [2011.05.04 22:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011 [2011.05.04 20:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Avira [2011.04.18 13:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Azureus [2010.12.22 16:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\BESTplayer [2011.01.05 16:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\CheckPoint [2010.12.25 18:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\DivX [2011.01.19 18:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\dvdcss [2010.12.12 16:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Eclipse [2010.05.20 22:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Identities [2010.05.21 00:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\InstallShield [2010.05.21 01:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Intel [2010.12.25 00:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Local [2010.05.21 17:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Macromedia [2010.10.04 17:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\MapInfo [2011.02.15 22:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Media Player Classic [2011.01.08 18:41:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\***\Application Data\Microsoft [2010.06.01 18:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Mozilla [2011.05.04 22:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Opera [2010.12.23 14:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Raptr [2011.05.05 21:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Skype [2011.05.05 21:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\skypePM [2010.07.07 11:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Sun [2011.01.05 13:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Tific [2011.02.14 00:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\vlc [2010.05.24 19:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Vodafone [2010.07.02 23:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Winamp [2010.10.08 13:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\XSManager(2) [2010.10.10 09:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\XSManager(3) < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys [2006.11.20 12:57:37 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys [2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll [2004.08.04 03:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2004.08.04 03:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: EXPLORER.EXE > [2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe [2006.11.20 12:48:45 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=42D32722B805D7DF42D30487A0BCBD78 -- C:\WINDOWS\explorer.exe [2006.11.20 12:48:45 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=42D32722B805D7DF42D30487A0BCBD78 -- C:\WINDOWS\system32\dllcache\explorer.exe < MD5 for: IASTOR.SYS > [2010.06.29 00:15:22 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\NLDRV\001\iastor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll [2009.02.06 20:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009.02.06 20:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll [2009.02.06 20:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtUninstallKB975467$\netlogon.dll [2009.02.06 20:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2009.02.06 20:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 03:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll < MD5 for: SCECLI.DLL > [2004.08.04 03:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll [2004.08.04 03:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll [2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll < MD5 for: USER32.DLL > [2006.11.20 12:50:12 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\system32\dllcache\user32.dll [2006.11.20 12:50:12 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\system32\user32.dll [2008.04.14 02:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\user32.dll < MD5 for: USERINIT.EXE > [2004.08.04 03:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe [2004.08.04 03:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe [2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 03:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe [2004.08.04 03:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe [2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe < MD5 for: WS2IFSL.SYS > [2001.08.23 16:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2001.08.23 16:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2011.01.07 12:00:34 | 000,249,856 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2011.01.07 10:54:31 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav [2011.01.07 12:00:34 | 028,049,408 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2011.01.07 12:00:34 | 008,388,608 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2010.04.16 17:20:18 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll [2010.04.16 17:20:18 | 000,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll [2010.04.16 17:20:18 | 000,251,904 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll [6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > Hier der Extras.Txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 5.5.2011 21:51:25 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\***\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000041A | Country: *** | Language: HRV | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 151,01 Gb Free Space | 64,85% Space Free | Partition Type: NTFS
Computer Name: R2D2 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-117609710-1993962763-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{061A431C-86E7-4DB4-92B8-36DE783865CF}" = Integrated Camera
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.0.2827
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{2ACF3993-A0E7-4374-B926-68EA1FAE8A88}" = MapInfo Professional 10.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{79F86C69-2B17-4368-9234-472A23639E16}" = Ad-Aware
"{835A6F5F-BC13-48DF-BEBE-8D80B419D145}" = Cisco AnyConnect VPN Client
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}" = Intel(R) PROSet/Wireless WiFi Software
"{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}" = Vodafone Mobile Connect Lite Huawei
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CANONBJ_Deinstall_CNMCP5y.DLL" = Canon PIXMA iP1500
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"jose-chess" = jose
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.10.2092" = Opera 11.10
"PowerISO" = PowerISO
"ProInst" = Intel PROSet Wireless
"VLC media player" = VLC media player 1.1.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Winmail Reader_is1" = Winmail Reader 1.1.12
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-117609710-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AntiVirus_AntiSpyware_2011" = AntiVirus_AntiSpyware_2011
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3.5.2011 14:30:38 | Computer Name = R2D2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved
Error - 3.5.2011 15:20:00 | Computer Name = R2D2 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4095, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x0000100b.
Error - 3.5.2011 15:22:33 | Computer Name = R2D2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4095, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 3.5.2011 15:22:55 | Computer Name = R2D2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4095, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 4.5.2011 12:26:54 | Computer Name = R2D2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module flash10e.ocx, version 10.0.45.2, fault address 0x000474bc.
Error - 4.5.2011 14:32:00 | Computer Name = R2D2 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 12.0.6545.5000, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 4.5.2011 14:32:07 | Computer Name = R2D2 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 12.0.6545.5000, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 5.5.2011 6:27:28 | Computer Name = R2D2 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2894, faulting
module shell32.dll, version 6.0.2900.3402, fault address 0x0002b166.
Error - 5.5.2011 6:27:36 | Computer Name = R2D2 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
Error - 5.5.2011 8:09:02 | Computer Name = R2D2 | Source = Application Hang | ID = 1002
Description = Hanging application Skype.exe, version 5.1.0.112, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ Application Events ]
Error - 3.5.2011 14:30:38 | Computer Name = R2D2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved
Error - 3.5.2011 15:20:00 | Computer Name = R2D2 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4095, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x0000100b.
Error - 3.5.2011 15:22:33 | Computer Name = R2D2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4095, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 3.5.2011 15:22:55 | Computer Name = R2D2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4095, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 4.5.2011 12:26:54 | Computer Name = R2D2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module flash10e.ocx, version 10.0.45.2, fault address 0x000474bc.
Error - 4.5.2011 14:32:00 | Computer Name = R2D2 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 12.0.6545.5000, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 4.5.2011 14:32:07 | Computer Name = R2D2 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 12.0.6545.5000, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 5.5.2011 6:27:28 | Computer Name = R2D2 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2894, faulting
module shell32.dll, version 6.0.2900.3402, fault address 0x0002b166.
Error - 5.5.2011 6:27:36 | Computer Name = R2D2 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
Error - 5.5.2011 8:09:02 | Computer Name = R2D2 | Source = Application Hang | ID = 1002
Description = Hanging application Skype.exe, version 5.1.0.112, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 5.5.2011 3:35:57 | Computer Name = R2D2 | Source = Windows Update Agent | ID = 20
Description =
Error - 5.5.2011 3:41:32 | Computer Name = R2D2 | Source = Windows Update Agent | ID = 20
Description =
Error - 5.5.2011 6:15:46 | Computer Name = R2D2 | Source = Windows Update Agent | ID = 20
Description =
Error - 5.5.2011 6:21:48 | Computer Name = R2D2 | Source = Windows Update Agent | ID = 20
Description =
Error - 5.5.2011 6:38:37 | Computer Name = R2D2 | Source = Windows Update Agent | ID = 20
Description =
Error - 5.5.2011 6:44:16 | Computer Name = R2D2 | Source = Windows Update Agent | ID = 20
Description =
Error - 5.5.2011 10:03:26 | Computer Name = R2D2 | Source = Windows Update Agent | ID = 20
Description =
Error - 5.5.2011 10:08:49 | Computer Name = R2D2 | Source = Windows Update Agent | ID = 20
Description =
Error - 5.5.2011 15:25:16 | Computer Name = R2D2 | Source = Windows Update Agent | ID = 20
Description =
Error - 5.5.2011 15:30:49 | Computer Name = R2D2 | Source = Windows Update Agent | ID = 20
Description =
< End of report >
|
|
06.05.2011, 11:34
| #6 |
| /// Malware-holic | Kann mit keinem browser googlemail öffnen - 404 Not Found • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL :Files :Commands [purity] [EMPTYFLASH] [resethosts] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
__________________ --> Kann mit keinem browser googlemail öffnen - 404 Not Found |
|
06.05.2011, 12:05
| #7 |
| | Kann mit keinem browser googlemail öffnen - 404 Not Found Hi markusg, super!!! Jetzt geht's! Du kennst Dich wirklich aus. Würd' mich jetzt nur noch kurz interessieren, woran's letztendlich lag.. Virus? Wenn ja, was hat der verändert? |
|
06.05.2011, 14:38
| #8 |
| /// Malware-holic | Kann mit keinem browser googlemail öffnen - 404 Not Found ja ich weis, aber wo ist das log? es war eine enderung in der hosts datei. wir müssen noch weiter prüfen ob wir den schuldigen finden
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.05.2011, 20:22
| #9 |
| | Kann mit keinem browser googlemail öffnen - 404 Not Found Hier ist sie: All processes killed ========== OTL ========== ========== FILES ========== ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: *** ->Flash cache emptied: 5067 bytes User: Default User User: LocalService User: NetworkService User: *** ->Flash cache emptied: 5846 bytes Total Flash Files Cleaned = 0,00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: *** ->Temp folder emptied: 10970598 bytes ->Temporary Internet Files folder emptied: 17149911 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 87848287 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 2976168 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 1985912 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: *** ->Temp folder emptied: 24335334 bytes ->Temporary Internet Files folder emptied: 36590765 bytes ->Java cache emptied: 758087 bytes ->FireFox cache emptied: 139459304 bytes ->Google Chrome cache emptied: 392714701 bytes ->Opera cache emptied: 468450 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2142714 bytes %systemroot%\System32 .tmp files removed: 348689 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1093817 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 64721900 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 747,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 05062011_125417 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
07.05.2011, 15:58
| #10 |
| /// Malware-holic | Kann mit keinem browser googlemail öffnen - 404 Not Found bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.05.2011, 20:02
| #11 |
| | Kann mit keinem browser googlemail öffnen - 404 Not Found Hier ist der combofix log: Combofix Logfile: Code:
ATTFilter ComboFix 11-05-06.05 - *** 07.05.2011 20:43:26.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2013.1409 [GMT 2:00]
Running from: c:\documents and settings\***\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\***\Application Data\Local
c:\documents and settings\***\Application Data\Local\Temp\DDM\Settings\.ddr
c:\documents and settings\***\Application Data\Local\Temp\DDM\Settings\0.ddi
c:\documents and settings\***\Application Data\Local\Temp\DDM\Settings\settings.ddi
c:\documents and settings\***\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\windows\system\WINSPOOL.DRV
.
.
((((((((((((((((((((((((( Files Created from 2011-04-07 to 2011-05-07 )))))))))))))))))))))))))))))))
.
.
2011-05-06 19:34 . 2011-05-06 19:34 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-06 19:34 . 2011-05-06 19:34 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-06 19:34 . 2011-05-06 19:34 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-06 19:34 . 2011-05-06 19:34 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-06 19:34 . 2011-05-06 19:34 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-06 19:34 . 2011-05-06 19:34 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-06 19:34 . 2011-05-06 19:34 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-06 19:34 . 2011-05-06 19:34 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-06 10:54 . 2011-05-06 10:54 -------- d-----w- C:\_OTL
2011-05-05 21:09 . 2011-05-05 21:09 -------- d-----w- c:\documents and settings\***\Application Data\SUPERAntiSpyware.com
2011-05-05 21:09 . 2011-05-05 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-05-05 21:09 . 2011-05-06 11:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-05 10:26 . 2011-05-05 10:26 -------- d-----w- c:\program files\Common Files\Java
2011-05-05 06:07 . 2011-05-05 06:07 -------- d-----w- c:\windows\Internet Logs
2011-05-04 21:04 . 2011-05-04 21:04 -------- d-----w- c:\program files\MSXML 6.0
2011-05-04 20:13 . 2011-05-04 20:13 -------- d-----w- c:\documents and settings\***\Local Settings\Application Data\Opera
2011-05-04 20:12 . 2011-05-04 20:13 -------- d-----w- c:\program files\Opera
2011-05-04 20:04 . 2011-05-04 20:04 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-04 19:44 . 2011-05-04 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-05-04 19:44 . 2011-05-04 19:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-04 19:41 . 2011-05-07 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-05-04 19:41 . 2011-05-04 19:41 -------- d-----w- c:\program files\Lavasoft
2011-05-04 18:26 . 2011-05-04 18:26 -------- d-----w- c:\documents and settings\***\Application Data\Avira
2011-05-04 18:20 . 2011-04-01 15:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-04 18:20 . 2011-04-01 15:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-04 18:20 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-05-04 18:20 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-05-04 18:20 . 2011-05-04 18:20 -------- d-----w- c:\program files\Avira
2011-05-04 18:20 . 2011-05-04 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-05-03 18:55 . 2011-05-04 20:39 -------- d-----w- c:\documents and settings\***\Application Data\AntiVirus_AntiSpyware_2011
2011-05-03 18:54 . 2011-05-04 20:39 -------- d-----w- c:\documents and settings\***\Application Data\1561484
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-27 09:06 . 2011-01-27 08:59 20268251 ----a-w- c:\program files\vlc-1.1.6-win32.exe
2011-05-06 19:34 . 2011-05-06 19:34 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
.
[-] 2010-06-28 . 32272BF10467C8ACF1F83138C61D541E . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-06 2424192]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-06-29 74752]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-05 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-05 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-05 141848]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-03-13 2060288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-2-10 604776]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4.5.2011 20:20 136360]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [13.3.2008 20:08 24576]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [16.8.2010 20:16 583360]
R3 DCamUSBGene;Integrated Camera;c:\windows\system32\drivers\USBSTK.sys [21.5.2010 0:41 173584]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [21.5.2010 0:52 108032]
S2 XYNTService;XYNTService;c:\docume~1\***\LOCALS~1\Temp\{29A1889A-AC4C-461A-B5AB-1D459ECA1EBF}\{061A431C-86E7-4DB4-92B8-36DE783865CF}\STK2135\Win2KXP\stk2135bsrv.exe --> c:\docume~1\***\LOCALS~1\Temp\{29A1889A-AC4C-461A-B5AB-1D459ECA1EBF}\{061A431C-86E7-4DB4-92B8-36DE783865CF}\STK2135\Win2KXP\stk2135bsrv.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1993962763-839522115-1003Core.job
- c:\documents and settings\***\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-21 10:24]
.
2011-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1993962763-839522115-1003UA.job
- c:\documents and settings\***\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-21 10:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hr/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\***\Application Data\Mozilla\Firefox\Profiles\wd2x791w.default\
FF - prefs.js: browser.startup.homepage - google.de
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-mscj2 - c:\documents and settings\***\application data\1561484\mscj2.exe
AddRemove-{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1 - c:\documents and settings\***\Local Settings\Temp\mpc_6490+_2kXP_cze\unins000.exe
AddRemove-AntiVirus_AntiSpyware_2011 - c:\documents and settings\***\Application Data\AntiVirus_AntiSpyware_2011\securityhelper.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-05-07 20:55
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1556)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(1048)
c:\windows\system32\btmmhook.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\system32\acs.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Completion time: 2011-05-07 20:59:18 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-07 18:59
.
Pre-Run: 162.338.869.248 bytes free
Post-Run: 162.354.552.832 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0B36D3DD37A97E94435191F9A7FAFFFF
|
|
08.05.2011, 10:39
| #12 |
| /// Malware-holic | Kann mit keinem browser googlemail öffnen - 404 Not Found lade den CCleaner slim: Piriform - Builds falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.05.2011, 20:04
| #13 |
| | Kann mit keinem browser googlemail öffnen - 404 Not Found Puh, jetzt wird's richtig spannend. Leider konnte ich Deinen Anweisung nicht folgen, da ein neues Problem aufgetreten ist: Nach dem Starten wird die Taskleiste unten geladen, jedoch bleibt der Desktop schwarz. Es sind weder Programme noch jegliche Dateien zu finden. Es kommt folgende Fehlermeldung: "The system has detected a problem with one or more installed IDE/SATA hard disks. It is recommended that you restart the system". Auch nach Neustart erscheint erneut dasselbe Problem und diesselbe Meldung. Zusätzlich war auf dem Desktop nach dem Neustart eine Meldung von Avira zu finden. "TR/Kazy-mekml.1" detected. Was nun? |
|
09.05.2011, 20:06
| #14 |
| | Kann mit keinem browser googlemail öffnen - 404 Not Found Unten rechts war zu lesen: "Critical Error Windows can't find hard disk space. Hard drive error" |
|
09.05.2011, 20:31
| #15 |
| | Kann mit keinem browser googlemail öffnen - 404 Not Found Genau, ist das Problem mit "Windows Recovery"... Ist es überhaupt sinnvoll hier noch was zu machen? Oder lieber gleich neu formatieren? Wenn ja, was beachten? |
|
| Themen zu Kann mit keinem browser googlemail öffnen - 404 Not Found |
| ad-aware, adware, antispyware, antivir, avgntflt.sys, avira, bho, browser, explorer, fehlermeldung, firefox, format, found, google, googlemail, launch, location, log-file, logfile, monitor, mozilla, object, oldtimer, opera, plug-in, port, poweriso, realtek, registry, scan, sched.exe, security scan, shortcut, software, start menu, system, temp, vodafone, öffnen |
Linear-Darstellung
