Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

tanatos.m virus and maybe more? [Solved]

Started by Kudram , Dec 08 2009 04:30 PM

This topic is locked

#1
Kudram

Posted 08 December 2009 - 04:30 PM

New Member

Member
9 posts

Hello, I hope you can help me with this here.
I think there is at leas one virus on my laptop, maybe it is gone now, after I did all the steps that were in the Guide, that I was able to do.
I can now access the Task-Manager again, I could not do that before I ran mbam. It removed some things, thanks for that! But I guess it's not over yet.
Other programms still do not work. These include the Antivirus-programms.
AntiVir and Avast I could not even install (I tried it a few days ago, maybe it works now, after the mbam thing), AVG I was able to install and run. It found viruses everywhere and said it was mostly Tanatos.M Virus but inbetween there was another unknown virus. It gave so many massages that I could not do much else, some of the found viruses it could heal,only to find them again, others it coul not heal at all. AVG was only running the first day, the next it did not start any more and it does not now.Ther comes an Error-message (which comes more and more from other programms too) that says, that I maybe don't have the rights to access this programm.
So at the moment I am without an antivirus-programm, I can not uninstall AVG, don't know what to do about it.
There is a new folder coming uo on the desktop. When I remove it, it will appear again after some time.
Some programms I can't start, they seem to try to start, but then just close, like the installations from the antivirusprogramms others give error messages or crash.
Someone found on my Mp3-stick two viruses, which came probably from my laptop.

Malwarebytes' Anti-Malware 1.42
Datenbank Version: 3324
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/12/2009 10:19:23 PM
mbam-log-2009-12-08 (22-19-23).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 105154
Laufzeit: 12 minute(s), 9 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 5
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/08 22:30
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF5CDC000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8A70000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF2A53000 Size: 49152 File Visible: No Signed: -
Status: -

==EOF==

OTL logfile created on: 8/12/2009 10:34:56 PM - Run 1
OTL by OldTimer - Version 3.1.11.9 Folder = C:\Dokumente und Einstellungen\nina_2\Desktop\Neuer Ordner
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australien | Language: ENA | Date Format: d/MM/yyyy

510.98 Mb Total Physical Memory | 139.16 Mb Available Physical Memory | 27.23% Memory free
1.22 Gb Paging File | 0.92 Gb Available in Paging File | 75.38% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37.25 Gb Total Space | 4.45 Gb Free Space | 11.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OTTO
Current User Name: nina_2
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/08 22:32:38 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\nina_2\Desktop\Neuer Ordner\OTL.exe
PRC - [2009/12/01 00:53:01 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgchsvx.exe
PRC - [2009/12/01 00:53:00 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgnsx.exe
PRC - [2009/12/01 00:52:59 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgrsx.exe
PRC - [2009/12/01 00:52:58 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgcsrvx.exe
PRC - [2009/12/01 00:52:27 | 00,827,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgam.exe
PRC - [2009/12/01 00:52:25 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgwdsvc.exe
PRC - [2008/12/19 02:59:02 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2008/04/14 03:22:45 | 01,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/04/07 12:22:00 | 00,073,728 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2003/11/10 13:06:24 | 00,135,168 | ---- | M] (WIDCOMM, Inc.) -- C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe

========== Modules (SafeList) ==========

MOD - [2009/12/08 22:32:38 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\nina_2\Desktop\Neuer Ordner\OTL.exe
MOD - [2002/11/06 18:00:38 | 00,040,820 | ---- | M] (SoundMAX) -- C:\WINDOWS\system32\Syncor11.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/12/01 00:52:25 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2006/11/03 08:56:28 | 00,998,400 | ---- | M] () -- C:\Programme\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2005/04/03 23:41:10 | 00,147,456 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/04/07 12:22:00 | 00,073,728 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2003/11/10 13:06:24 | 00,135,168 | ---- | M] (WIDCOMM, Inc.) -- C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2003/11/08 02:01:14 | 00,278,528 | ---- | M] (HP) -- C:\WINDOWS\system32\hpdj -- (hpdj)
SRV - [2002/09/20 14:50:10 | 00,118,784 | ---- | M] () -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {0A94B116-4504-4e26-AB05-E61E474AA38B} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://www.wikipedia.org/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.701
FF - prefs.js..extensions.enabledItems: avg@igeared:2.710.016.005
FF - prefs.js..keyword.URL: "http://search.icq.co...?ch_id=afex&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programme\AVG\AVG9\Firefox [2009/12/01 00:52:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Programme\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/12/01 00:53:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Programme\Mozilla Firefox\components [2009/01/18 15:10:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009/11/22 01:29:14 | 00,000,000 | ---D | M]

[2008/10/09 18:39:37 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\nina_2\Anwendungsdaten\Mozilla\Extensions
[2009/12/07 23:50:10 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\nina_2\Anwendungsdaten\Mozilla\Firefox\Profiles\kzcoztuj.default\extensions
[2009/10/05 18:53:32 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2008/01/04 16:36:50 | 00,001,538 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2008/01/04 16:36:50 | 00,000,947 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2008/11/21 17:40:59 | 00,000,759 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2008/01/04 16:36:50 | 00,000,831 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (820 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {F4D76F09-7896-458A-890F-E1F05C46069F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe ()
O4 - HKLM..\Run: [Arcor Online] File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe ()
O4 - HKLM..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe ()
O4 - HKLM..\Run: [UpdateManager] C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe ()
O4 - HKLM..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe (WildTangent, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe ()
O4 - HKCU..\Run: [DW6] C:\Programme\The Weather Channel FW\Desktop\DesktopWeather.exe ()
O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE ()
O4 - Startup: C:\Dokumente und Einstellungen\nina_2\Startmenü\Programme\Autostart\PowerReg Scheduler V3.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\nina_2\Startmenü\Programme\Autostart\UltimateZip Quick Start.lnk = C:\Programme\UltimateZip\uzqkst.exe (SWE von Schleusen)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://icq.oberon-me...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/20 13:25:29 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{55c8c9e0-c898-11de-9a75-000cf64da079}\Shell\AUtoplay\commaND - "" = E:\qmep.exe -- File not found
O33 - MountPoints2\{55c8c9e0-c898-11de-9a75-000cf64da079}\Shell\AutoRun\command - "" = E:\qmep.exe -- File not found
O33 - MountPoints2\{55c8c9e0-c898-11de-9a75-000cf64da079}\Shell\EXpLORE\comMand - "" = E:\qmep.exe -- File not found
O33 - MountPoints2\{55c8c9e0-c898-11de-9a75-000cf64da079}\Shell\opEn\ComManD - "" = E:\qmep.exe -- File not found
O33 - MountPoints2\{74aaec99-b174-11de-9a55-000cf64da079}\Shell\AUtoPLay\COmmaND - "" = E:\qbqto.pif -- File not found
O33 - MountPoints2\{74aaec99-b174-11de-9a55-000cf64da079}\Shell\AutoRun\command - "" = E:\qbqto.pif -- File not found
O33 - MountPoints2\{74aaec99-b174-11de-9a55-000cf64da079}\Shell\ExPlOre\COmmANd - "" = E:\qbqto.pif -- File not found
O33 - MountPoints2\{74aaec99-b174-11de-9a55-000cf64da079}\Shell\oPeN\commANd - "" = E:\qbqto.pif -- File not found
O33 - MountPoints2\{c96ad20e-189f-11de-99d2-000fb00c3da0}\Shell\AuToPlay\coMMAnd - "" = rudr.exe
O33 - MountPoints2\{c96ad20e-189f-11de-99d2-000fb00c3da0}\Shell\AutoRun\command - "" = rudr.exe
O33 - MountPoints2\{c96ad20e-189f-11de-99d2-000fb00c3da0}\Shell\ExPloRE\coMmand - "" = rudr.exe
O33 - MountPoints2\{c96ad20e-189f-11de-99d2-000fb00c3da0}\Shell\OPen\command - "" = rudr.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/08/20 13:24:52 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891947461378048)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/08 22:05:33 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\nina_2\Anwendungsdaten\Malwarebytes
[2009/12/08 22:05:26 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/08 22:05:23 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2009/12/08 22:05:22 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/08 22:05:22 | 00,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2009/12/08 22:01:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/08 21:58:25 | 00,000,000 | ---D | C] -- C:\Programme\ERUNT
[2009/12/01 01:03:16 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\nina_2\Lokale Einstellungen\Anwendungsdaten\AVG Security Toolbar
[2009/12/01 00:55:02 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/12/01 00:53:54 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/12/01 00:53:53 | 00,161,800 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/12/01 00:53:52 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/12/01 00:53:51 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/12/01 00:53:50 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/12/01 00:53:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/12/01 00:53:38 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar
[2009/12/01 00:52:16 | 00,000,000 | ---D | C] -- C:\Programme\AVG
[2009/12/01 00:52:10 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9
[2009/11/30 17:44:14 | 00,000,000 | ---D | C] -- C:\Programme\Blender Foundation
[2009/11/30 17:32:20 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\nina_2\Desktop\Neuer Ordner (2)
[2009/11/27 17:28:25 | 00,000,000 | ---D | C] -- C:\Programme\SnakeManager
[2008/05/30 13:37:10 | 01,694,728 | ---- | C] (Microsoft Corporation) -- C:\Programme\dsetup32.dll
[2008/05/30 13:35:56 | 00,097,288 | ---- | C] (Microsoft Corporation) -- C:\Programme\DSETUP.dll

========== Files - Modified Within 14 Days ==========

[2009/12/08 22:22:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/08 22:22:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/08 22:22:50 | 53,587,5584 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/08 22:21:01 | 05,767,168 | ---- | M] () -- C:\Dokumente und Einstellungen\nina_2\ntuser.dat
[2009/12/08 22:21:01 | 00,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\nina_2\ntuser.ini
[2009/12/08 22:05:29 | 00,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/08 21:58:32 | 00,000,591 | ---- | M] () -- C:\Dokumente und Einstellungen\nina_2\Desktop\NTREGOPT.lnk
[2009/12/08 21:58:30 | 00,000,572 | ---- | M] () -- C:\Dokumente und Einstellungen\nina_2\Desktop\ERUNT.lnk
[2009/12/08 21:56:11 | 00,068,856 | ---- | M] () -- C:\Dokumente und Einstellungen\nina_2\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/01 00:56:58 | 45,961,902 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/01 00:55:53 | 00,106,272 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/12/01 00:54:36 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/12/01 00:53:54 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/12/01 00:53:54 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/12/01 00:53:54 | 00,001,479 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 9.0.lnk
[2009/12/01 00:53:53 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/12/01 00:53:53 | 00,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/12/01 00:53:51 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/12/01 00:53:50 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/12/01 00:53:50 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/30 23:02:00 | 00,041,984 | ---- | M] () -- C:\Dokumente und Einstellungen\nina_2\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/30 17:45:01 | 00,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\nina_2\Desktop\Blender.lnk
[2009/11/27 12:21:57 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2009/12/08 22:05:29 | 00,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/08 21:58:32 | 00,000,591 | ---- | C] () -- C:\Dokumente und Einstellungen\nina_2\Desktop\NTREGOPT.lnk
[2009/12/08 21:58:30 | 00,000,572 | ---- | C] () -- C:\Dokumente und Einstellungen\nina_2\Desktop\ERUNT.lnk
[2009/12/01 00:54:35 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/12/01 00:53:54 | 45,961,902 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/01 00:53:54 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/12/01 00:53:54 | 00,106,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/12/01 00:53:54 | 00,001,479 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 9.0.lnk
[2009/12/01 00:53:45 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/11/30 17:45:01 | 00,001,709 | ---- | C] () -- C:\Dokumente und Einstellungen\nina_2\Desktop\Blender.lnk
[2008/09/05 00:53:06 | 00,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\nina_2\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/08/21 00:41:18 | 02,076,672 | ---- | C] () -- C:\WINDOWS\System32\dz3delight.dll
[2008/08/21 00:41:15 | 06,131,712 | ---- | C] () -- C:\WINDOWS\System32\daz-qt-mt.dll
[2008/08/21 00:41:15 | 01,785,856 | ---- | C] () -- C:\WINDOWS\System32\daz-qsa.dll
[2008/05/30 13:38:30 | 01,158,739 | ---- | C] () -- C:\Programme\BDANT.cab
[2008/05/30 13:38:30 | 01,130,465 | ---- | C] () -- C:\Programme\OCT2006_d3dx9_31_x86.cab
[2008/05/30 13:38:30 | 01,118,469 | ---- | C] () -- C:\Programme\Apr2006_d3dx9_30_x86.cab
[2008/05/30 13:38:30 | 01,087,968 | ---- | C] () -- C:\Programme\Feb2006_d3dx9_29_x86.cab
[2008/05/30 13:38:30 | 01,082,704 | ---- | C] () -- C:\Programme\Dec2005_d3dx9_28_x86.cab
[2008/05/30 13:38:30 | 01,082,210 | ---- | C] () -- C:\Programme\Apr2005_d3dx9_25_x86.cab
[2008/05/30 13:38:28 | 01,080,892 | ---- | C] () -- C:\Programme\Aug2005_d3dx9_27_x86.cab
[2008/05/30 13:38:26 | 01,068,173 | ---- | C] () -- C:\Programme\Jun2005_d3dx9_26_x86.cab
[2008/05/30 13:38:26 | 01,016,473 | ---- | C] () -- C:\Programme\Feb2005_d3dx9_24_x86.cab
[2008/05/30 13:38:26 | 00,978,396 | ---- | C] () -- C:\Programme\BDAXP.cab
[2008/05/30 13:38:26 | 00,919,678 | ---- | C] () -- C:\Programme\Apr2006_MDX1_x86.cab
[2008/05/30 13:38:26 | 00,867,848 | ---- | C] () -- C:\Programme\Nov2007_d3dx10_36_x64.cab
[2008/05/30 13:38:26 | 00,855,534 | ---- | C] () -- C:\Programme\AUG2007_d3dx10_35_x64.cab
[2008/05/30 13:38:24 | 00,871,076 | ---- | C] () -- C:\Programme\Jun2008_d3dx10_38_x64.cab
[2008/05/30 13:38:24 | 00,853,167 | ---- | C] () -- C:\Programme\Jun2008_d3dx10_38_x86.cab
[2008/05/30 13:38:24 | 00,848,132 | ---- | C] () -- C:\Programme\Mar2008_d3dx10_37_x64.cab
[2008/05/30 13:38:24 | 00,807,132 | ---- | C] () -- C:\Programme\Nov2007_d3dx10_36_x86.cab
[2008/05/30 13:38:24 | 00,702,292 | ---- | C] () -- C:\Programme\JUN2007_d3dx10_34_x64.cab
[2008/05/30 13:38:22 | 00,821,508 | ---- | C] () -- C:\Programme\Mar2008_d3dx10_37_x86.cab
[2008/05/30 13:38:22 | 00,800,115 | ---- | C] () -- C:\Programme\AUG2007_d3dx10_35_x86.cab
[2008/05/30 13:38:22 | 00,701,860 | ---- | C] () -- C:\Programme\APR2007_d3dx10_33_x64.cab
[2008/05/30 13:38:20 | 00,701,720 | ---- | C] () -- C:\Programme\JUN2007_d3dx10_34_x86.cab
[2008/05/30 13:38:18 | 00,272,876 | ---- | C] () -- C:\Programme\Jun2008_XAudio_x64.cab
[2008/05/30 13:38:16 | 00,699,113 | ---- | C] () -- C:\Programme\APR2007_d3dx10_33_x86.cab
[2008/05/30 13:38:16 | 00,254,442 | ---- | C] () -- C:\Programme\Mar2008_XAudio_x64.cab
[2008/05/30 13:38:14 | 00,272,272 | ---- | C] () -- C:\Programme\Jun2008_XAudio_x86.cab
[2008/05/30 13:38:14 | 00,229,498 | ---- | C] () -- C:\Programme\Mar2008_XAudio_x86.cab
[2008/05/30 13:38:14 | 00,216,055 | ---- | C] () -- C:\Programme\DEC2006_d3dx10_00_x64.cab
[2008/05/30 13:38:12 | 00,201,344 | ---- | C] () -- C:\Programme\AUG2007_XACT_x64.cab
[2008/05/30 13:38:12 | 00,200,370 | ---- | C] () -- C:\Programme\JUN2007_XACT_x64.cab
[2008/05/30 13:38:12 | 00,200,010 | ---- | C] () -- C:\Programme\NOV2007_XACT_x64.cab
[2008/05/30 13:38:12 | 00,197,923 | ---- | C] () -- C:\Programme\FEB2007_XACT_x64.cab
[2008/05/30 13:38:10 | 00,186,151 | ---- | C] () -- C:\Programme\AUG2006_XACT_x64.cab
[2008/05/30 13:38:10 | 00,185,609 | ---- | C] () -- C:\Programme\OCT2006_XACT_x64.cab
[2008/05/30 13:38:08 | 00,199,014 | ---- | C] () -- C:\Programme\APR2007_XACT_x64.cab
[2008/05/30 13:38:08 | 00,194,968 | ---- | C] () -- C:\Programme\DEC2006_d3dx10_00_x86.cab
[2008/05/30 13:38:06 | 00,195,723 | ---- | C] () -- C:\Programme\DEC2006_XACT_x64.cab
[2008/05/30 13:38:06 | 00,184,033 | ---- | C] () -- C:\Programme\JUN2006_XACT_x64.cab
[2008/05/30 13:38:04 | 00,182,381 | ---- | C] () -- C:\Programme\Apr2006_XACT_x64.cab
[2008/05/30 13:38:04 | 00,181,607 | ---- | C] () -- C:\Programme\Feb2006_XACT_x64.cab
[2008/05/30 13:38:04 | 00,156,157 | ---- | C] () -- C:\Programme\JUN2007_XACT_x86.cab
[2008/05/30 13:38:04 | 00,151,512 | ---- | C] () -- C:\Programme\NOV2007_XACT_x86.cab
[2008/05/30 13:38:04 | 00,151,231 | ---- | C] () -- C:\Programme\FEB2007_XACT_x86.cab
[2008/05/30 13:38:02 | 00,156,260 | ---- | C] () -- C:\Programme\AUG2007_XACT_x86.cab
[2008/05/30 13:38:00 | 00,154,473 | ---- | C] () -- C:\Programme\APR2007_XACT_x86.cab
[2008/05/30 13:38:00 | 00,136,351 | ---- | C] () -- C:\Programme\Apr2006_XACT_x86.cab
[2008/05/30 13:37:58 | 00,148,847 | ---- | C] () -- C:\Programme\DEC2006_XACT_x86.cab
[2008/05/30 13:37:58 | 00,135,657 | ---- | C] () -- C:\Programme\Feb2006_XACT_x86.cab
[2008/05/30 13:37:56 | 00,141,265 | ---- | C] () -- C:\Programme\OCT2006_XACT_x86.cab
[2008/05/30 13:37:56 | 00,140,483 | ---- | C] () -- C:\Programme\AUG2006_XACT_x86.cab
[2008/05/30 13:37:56 | 00,136,919 | ---- | C] () -- C:\Programme\JUN2006_XACT_x86.cab
[2008/05/30 13:37:54 | 00,056,550 | ---- | C] () -- C:\Programme\APR2007_xinput_x86.cab
[2008/05/30 13:37:52 | 00,125,584 | ---- | C] () -- C:\Programme\Mar2008_XACT_x64.cab
[2008/05/30 13:37:52 | 00,124,302 | ---- | C] () -- C:\Programme\Jun2008_XACT_x64.cab
[2008/05/30 13:37:52 | 00,100,065 | ---- | C] () -- C:\Programme\APR2007_xinput_x64.cab
[2008/05/30 13:37:52 | 00,058,402 | ---- | C] () -- C:\Programme\Jun2008_X3DAudio_x64.cab
[2008/05/30 13:37:52 | 00,049,306 | ---- | C] () -- C:\Programme\AUG2006_xinput_x86.cab
[2008/05/30 13:37:50 | 00,058,306 | ---- | C] () -- C:\Programme\Mar2008_X3DAudio_x64.cab
[2008/05/30 13:37:50 | 00,025,153 | ---- | C] () -- C:\Programme\Jun2008_X3DAudio_x86.cab
[2008/05/30 13:37:48 | 00,097,916 | ---- | C] () -- C:\Programme\dxupdate.cab
[2008/05/30 13:37:48 | 00,049,258 | ---- | C] () -- C:\Programme\Apr2006_xinput_x86.cab
[2008/05/30 13:37:48 | 00,048,607 | ---- | C] () -- C:\Programme\Oct2005_xinput_x86.cab
[2008/05/30 13:37:46 | 00,090,390 | ---- | C] () -- C:\Programme\AUG2006_xinput_x64.cab
[2008/05/30 13:37:46 | 00,090,349 | ---- | C] () -- C:\Programme\Apr2006_xinput_x64.cab
[2008/05/30 13:37:46 | 00,047,700 | ---- | C] () -- C:\Programme\dxdllreg_x86.cab
[2008/05/30 13:37:44 | 00,049,392 | ---- | C] () -- C:\Programme\NOV2007_X3DAudio_x64.cab
[2008/05/30 13:37:42 | 00,096,982 | ---- | C] () -- C:\Programme\Mar2008_XACT_x86.cab
[2008/05/30 13:37:42 | 00,096,376 | ---- | C] () -- C:\Programme\Jun2008_XACT_x86.cab
[2008/05/30 13:37:42 | 00,089,285 | ---- | C] () -- C:\Programme\Oct2005_xinput_x64.cab
[2008/05/30 13:37:42 | 00,025,115 | ---- | C] () -- C:\Programme\Mar2008_X3DAudio_x86.cab
[2008/05/30 13:37:42 | 00,021,744 | ---- | C] () -- C:\Programme\NOV2007_X3DAudio_x86.cab
[2008/05/30 13:36:04 | 13,267,416 | ---- | C] () -- C:\Programme\dxnt.cab
[2008/05/30 13:36:02 | 04,165,878 | ---- | C] () -- C:\Programme\Apr2006_MDX1_x86_Archive.cab
[2008/05/30 13:36:02 | 01,805,306 | ---- | C] () -- C:\Programme\Nov2007_d3dx9_36_x64.cab
[2008/05/30 13:36:00 | 01,803,408 | ---- | C] () -- C:\Programme\AUG2007_d3dx9_35_x64.cab
[2008/05/30 13:35:56 | 01,795,856 | ---- | C] () -- C:\Programme\Jun2008_d3dx9_38_x64.cab
[2008/05/30 13:35:56 | 01,773,110 | ---- | C] () -- C:\Programme\Mar2008_d3dx9_37_x64.cab
[2008/05/30 13:35:56 | 01,712,608 | ---- | C] () -- C:\Programme\Nov2007_d3dx9_36_x86.cab
[2008/05/30 13:35:56 | 01,711,400 | ---- | C] () -- C:\Programme\AUG2007_d3dx9_35_x86.cab
[2008/05/30 13:35:56 | 01,611,022 | ---- | C] () -- C:\Programme\JUN2007_d3dx9_34_x64.cab
[2008/05/30 13:35:56 | 01,610,606 | ---- | C] () -- C:\Programme\APR2007_d3dx9_33_x64.cab
[2008/05/30 13:35:56 | 01,610,534 | ---- | C] () -- C:\Programme\JUN2007_d3dx9_34_x86.cab
[2008/05/30 13:35:56 | 01,609,287 | ---- | C] () -- C:\Programme\APR2007_d3dx9_33_x86.cab
[2008/05/30 13:35:56 | 01,577,624 | ---- | C] () -- C:\Programme\DEC2006_d3dx9_32_x86.cab
[2008/05/30 13:35:56 | 01,574,402 | ---- | C] () -- C:\Programme\DEC2006_d3dx9_32_x64.cab
[2008/05/30 13:35:56 | 01,467,126 | ---- | C] () -- C:\Programme\Jun2008_d3dx9_38_x86.cab
[2008/05/30 13:35:56 | 01,446,530 | ---- | C] () -- C:\Programme\Mar2008_d3dx9_37_x86.cab
[2008/05/30 13:35:56 | 01,416,150 | ---- | C] () -- C:\Programme\OCT2006_d3dx9_31_x64.cab
[2008/05/30 13:35:56 | 01,401,078 | ---- | C] () -- C:\Programme\Apr2006_d3dx9_30_x64.cab
[2008/05/30 13:35:56 | 01,361,224 | ---- | C] () -- C:\Programme\Dec2005_d3dx9_28_x64.cab
[2008/05/30 13:35:56 | 01,339,250 | ---- | C] () -- C:\Programme\Jun2005_d3dx9_26_x64.cab
[2008/05/30 13:35:54 | 01,366,044 | ---- | C] () -- C:\Programme\Feb2006_d3dx9_29_x64.cab
[2008/05/30 13:35:54 | 01,353,790 | ---- | C] () -- C:\Programme\Aug2005_d3dx9_27_x64.cab
[2008/05/30 13:35:54 | 01,350,602 | ---- | C] () -- C:\Programme\Apr2005_d3dx9_25_x64.cab
[2008/05/30 13:35:54 | 01,250,747 | ---- | C] () -- C:\Programme\Feb2005_d3dx9_24_x64.cab
[2008/05/30 13:34:50 | 00,598,024 | ---- | C] () -- C:\Programme\DXSETUP.exe
[2007/12/06 16:26:01 | 00,004,579 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
[2007/11/23 01:19:44 | 00,041,984 | ---- | C] () -- C:\Dokumente und Einstellungen\nina_2\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/02 14:31:55 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2007/01/26 00:04:12 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2007/01/26 00:04:12 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2006/08/31 20:39:11 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/08/25 13:11:22 | 00,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/20 16:42:51 | 00,120,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV65.sys
[2006/08/20 15:50:58 | 00,002,184 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log
[2006/08/20 15:47:02 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/08/20 15:47:02 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/08/20 15:47:02 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/08/20 15:47:02 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/08/20 15:47:02 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/08/20 15:47:02 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/08/20 15:32:17 | 00,000,173 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/08/20 15:18:38 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004/01/09 04:22:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/11/10 13:15:36 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\btbip.dll
[2003/11/10 13:04:58 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\btsendto_ie.dll
[2003/11/10 13:04:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\btsendto_wab.dll
[2003/11/10 13:00:02 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2002/05/15 21:29:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 16:18:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 11:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1999/01/22 19:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/05/27 17:07:10 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Advanced Chemistry Development
[2009/12/01 01:02:12 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar
[2009/12/01 02:04:44 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9
[2009/01/24 12:32:00 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2009/06/19 20:45:17 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
[2009/06/19 20:49:15 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle VideoSpin
[2006/08/29 17:38:33 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SBT
[2009/11/19 01:10:53 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2007/07/15 18:34:02 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2009/05/27 17:07:05 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\nina_2\Anwendungsdaten\Advanced Chemistry Development
[2009/02/08 14:12:42 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\nina_2\Anwendungsdaten\Blender Foundation
[2008/04/24 00:26:11 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\nina_2\Anwendungsdaten\Coding4Fun
[2009/10/07 16:41:58 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\nina_2\Anwendungsdaten\CrystalApp
[2009/10/07 16:41:00 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\nina_2\Anwendungsdaten\CrystalSpace
[2009/10/20 18:58:49 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\nina_2\Anwendungsdaten\gtk-2.0
[2009/01/24 12:37:22 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\nina_2\Anwendungsdaten\ICQ
[2008/03/03 22:37:16 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\nina_2\Anwendungsdaten\InterVideo
[2008/11/03 19:00:27 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\nina_2\Anwendungsdaten\Leadertech
[2009/10/07 17:58:22 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\nina_2\Anwendungsdaten\PlaneShift
[2008/10/04 16:59:49 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\nina_2\Anwendungsdaten\Rainlendar
[2007/11/22 22:40:26 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\nina_2\Anwendungsdaten\Template
[2008/08/14 01:12:25 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\nina_2\Anwendungsdaten\UltimateZip

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2001/05/24 11:59:30 | 00,231,936 | ---- | M] () -- C:\UNWISE.EXE

< MD5 for: AGP440.SYS >
[2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 07:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 06:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 03:22:10 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 03:22:10 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 08:57:18 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 03:22:19 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 03:22:19 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 08:57:30 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 03:22:23 | 00,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 03:22:23 | 00,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004/08/04 08:57:33 | 00,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

OTL Extras logfile created on: 8/12/2009 10:34:56 PM - Run 1
OTL by OldTimer - Version 3.1.11.9 Folder = C:\Dokumente und Einstellungen\nina_2\Desktop\Neuer Ordner
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australien | Language: ENA | Date Format: d/MM/yyyy

510.98 Mb Total Physical Memory | 139.16 Mb Available Physical Memory | 27.23% Memory free
1.22 Gb Paging File | 0.92 Gb Available in Paging File | 75.38% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37.25 Gb Total Space | 4.45 Gb Free Space | 11.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OTTO
Current User Name: nina_2
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Programme\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 ()
htmlfile [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 ()
http [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programme\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UacDisableNotify" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Internet Explorer\iexplore.exe" = C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Programme\Trillian\trillian.exe" = C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian -- File not found
"C:\Programme\Spiele\NWN\nwmain.exe" = C:\Programme\Spiele\NWN\nwmain.exe:*:Enabled:Neverwinter Nights -- (Bioware Corp.)
"C:\Programme\Electronic Arts\EADM\Core.exe" = C:\Programme\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- File not found
"C:\Programme\Lionhead Studios Ltd\Black & White\runblack.exe" = C:\Programme\Lionhead Studios Ltd\Black & White\runblack.exe:*:Disabled:lh -- File not found
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\BioWare Corp\Neverwinter Nights\nwmain.exe" = C:\Programme\BioWare Corp\Neverwinter Nights\nwmain.exe:*:Enabled:Neverwinter Nights -- (BioWare)
"C:\Programme\Atari\Neverwinter Nights 2\nwn2main.exe" = C:\Programme\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main -- File not found
"C:\Programme\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe" = C:\Programme\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD -- File not found
"C:\Programme\Atari\Neverwinter Nights 2\nwupdate.exe" = C:\Programme\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater -- File not found
"C:\Programme\Atari\Neverwinter Nights 2\nwn2server.exe" = C:\Programme\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server -- File not found
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ipsec -- (ICQ, LLC.)
"C:\Programme\Python\pythonw.exe" = C:\Programme\Python\pythonw.exe:*:Enabled:pythonw -- File not found
"C:\Programme\Pinnacle\VideoSpin\Programs\RM.exe" = C:\Programme\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager -- ()
"C:\Programme\Pinnacle\VideoSpin\Programs\umi.exe" = C:\Programme\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi -- ()
"C:\Programme\Pinnacle\VideoSpin\Programs\VideoSpin.exe" = C:\Programme\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin -- ()
"E:\qbqto.pif" = E:\qbqto.pif:*:Enabled:ipsec -- File not found
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
"c:\PROGRA~1\GEMEIN~1\MICROS~1\DW\DW20.EXE" = c:\PROGRA~1\GEMEIN~1\MICROS~1\DW\DW20.EXE:*:Enabled:ipsec -- ()
"C:\WINDOWS\system32\nwiz.exe" = C:\WINDOWS\system32\nwiz.exe:*:Enabled:ipsec -- ()
"C:\Programme\The Weather Channel FW\Desktop\DesktopWeather.exe" = C:\Programme\The Weather Channel FW\Desktop\DesktopWeather.exe:*:Enabled:ipsec -- ()
"C:\Programme\GIMP-2.0\bin\gimp-2.6.exe" = C:\Programme\GIMP-2.0\bin\gimp-2.6.exe:*:Enabled:ipsec -- ()
"C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" = C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe:*:Enabled:ipsec -- ()
"C:\WINDOWS\wt\updater\wcmdmgr.exe" = C:\WINDOWS\wt\updater\wcmdmgr.exe:*:Enabled:ipsec -- ()
"C:\Programme\Winamp\winamp.exe" = C:\Programme\Winamp\winamp.exe:*:Enabled:ipsec -- (Nullsoft)
"C:\WINDOWS\system32\ieudinit.exe" = C:\WINDOWS\system32\ieudinit.exe:*:Enabled:ipsec -- ()
"C:\WINDOWS\system32\ie4uinit.exe" = C:\WINDOWS\system32\ie4uinit.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkCalRem.exe" = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkCalRem.exe:*:Enabled:ipsec -- File not found
"C:\Programme\Analog Devices\SoundMAX\SMAgent.exe" = C:\Programme\Analog Devices\SoundMAX\SMAgent.exe:*:Enabled:ipsec -- ()
"C:\DOKUME~1\nina_2\LOKALE~1\Temp\hpdj5100.exe" = C:\DOKUME~1\nina_2\LOKALE~1\Temp\hpdj5100.exe:*:Enabled:ipsec -- File not found
"C:\Programme\AVG\AVG9\avgam.exe" = C:\Programme\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG9\avgdiagex.exe" = C:\Programme\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- ()
"C:\Programme\AVG\AVG9\avgnsx.exe" = C:\Programme\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG9\avgupd.exe" = C:\Programme\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00040407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}" = Microsoft SQL Server Compact 3.5 DEU
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{23F2AD64-EAB3-4C01-AECA-33FBA6C7BFCD}" = Neverwinter Nights
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{97355297-21C8-40CD-96D3-48E58037A9B8}" = TI1620/1520
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 4.20 E1
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E837279E-4C3F-411A-8E3D-0EFD97F818E3}" = Bluetooth by hp
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"35026FC35F6FE00B16595E0AAA85AA2E6124A988" = Windows-Treiberpaket - Realtek Semiconductor Corp. (RTLWUSB) Net (01/11/2007 5.1273.0111.2007)
"AC3Filter" = AC3Filter (remove only)
"ACDLabs in C__Programme_ACDFREE12_" = ACD/Labs Software in C:\Programme\ACDFREE12\
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG 9.0
"Blender" = Blender (remove only)
"DAZ Studio 2.2" = DAZ Studio
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"E36AC90DC611AF30218F7A4F531CE263DD6A001E" = Windows-Treiberpaket - Realtek Semiconductor Corp. (RTL8187B) Net (07/18/2007 5.1097.0718.2007)
"ERUNT_is1" = ERUNT 1.1j
"Free YouTube Download_is1" = Free YouTube Download 2.2
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"GameSpy Arcade" = GameSpy Arcade
"ie8" = Windows Internet Explorer 8
"InstallShield_{97355297-21C8-40CD-96D3-48E58037A9B8}" = PCI 1620 Cardbus Controller and Software
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NapkinRace_is1" = NapkinRace v1.0
"Natula ® Freeware 1" = Natula ® Freeware 1 1.0
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA nForce Drivers" = NVIDIA nForce Drivers
"Security Task Manager" = Security Task Manager 1.7h
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"UltimateZip_is1" = UltimateZip
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6c
"wcmdmgr.exe" = WildTangent Updater
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.6
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"wtwebdriver" = WildTangent Web Driver
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/10/2009 9:17:58 AM | Computer Name = OTTO | Source = HotFixInstaller | ID = 5000
Description =

Error - 6/10/2009 1:50:45 PM | Computer Name = OTTO | Source = Winlogon | ID = 1015
Description = Ein kritischer Systemprozess C:\WINDOWS\system32\lsass.exe ist fehlgeschlagen
mit den Statuscode 00000000. Der Computer muss neu gestartet werden.

Error - 13/10/2009 6:35:52 AM | Computer Name = OTTO | Source = ESENT | ID = 482
Description = wuauclt (3560) Versuch, in Datei "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
bei Offset 0 (0x0000000000000000) für 8192 (0x00002000) Bytes zu schreiben, ist
mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem
Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) bei Schreiboperation.
Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss
aus einer vorherigen Sicherung wiederhergestellt werden.

Error - 13/10/2009 6:35:54 AM | Computer Name = OTTO | Source = ESENT | ID = 439
Description = wuauclt (3560) Die Shadowkopfzeile für Datei C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
konnte nicht geschrieben werden. Fehler -1808.

Error - 13/10/2009 6:36:02 AM | Computer Name = OTTO | Source = ESENT | ID = 482
Description = wuauclt (2344) Versuch, in Datei "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
bei Offset 8192 (0x0000000000002000) für 57344 (0x0000e000) Bytes zu schreiben,
ist mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf
dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) bei Schreiboperation.
Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss
aus einer vorherigen Sicherung wiederhergestellt werden.

Error - 13/10/2009 6:36:11 AM | Computer Name = OTTO | Source = ESENT | ID = 482
Description = wuauclt (2452) Versuch, in Datei "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
bei Offset 8192 (0x0000000000002000) für 57344 (0x0000e000) Bytes zu schreiben,
ist mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf
dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) bei Schreiboperation.
Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss
aus einer vorherigen Sicherung wiederhergestellt werden.

Error - 13/10/2009 6:36:12 AM | Computer Name = OTTO | Source = Microsoft Works | ID = 1000
Description =

Error - 2/12/2009 2:53:34 PM | Computer Name = OTTO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 6.0.2900.5512, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 5/12/2009 5:58:12 PM | Computer Name = OTTO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 6.0.2900.5512, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 5/12/2009 5:58:57 PM | Computer Name = OTTO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 6.0.2900.5512, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

[ System Events ]
Error - 7/12/2009 2:30:50 PM | Computer Name = OTTO | Source = BROWSER | ID = 8032
Description = Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport
"\Device\NetBT_Tcpip_{9BFD0062-E211-452D-BC60-171DCD83AD83}" zu oft fehl. Der Sicherungssuchdienst
wird beendet.

Error - 8/12/2009 4:07:43 AM | Computer Name = OTTO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "hpdj" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 8/12/2009 4:07:43 AM | Computer Name = OTTO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SoundMAX Agent Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%5

Error - 8/12/2009 4:43:37 PM | Computer Name = OTTO | Source = Service Control Manager | ID = 7031
Description = Der Dienst "AVG WatchDog" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt:
Starten Sie den Dienst neu..

Error - 8/12/2009 4:43:37 PM | Computer Name = OTTO | Source = Service Control Manager | ID = 7034
Description = Dienst "Bluetooth Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.

Error - 8/12/2009 4:43:37 PM | Computer Name = OTTO | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Driver Helper Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.

Error - 8/12/2009 4:47:23 PM | Computer Name = OTTO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "hpdj" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 8/12/2009 4:47:23 PM | Computer Name = OTTO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SoundMAX Agent Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%5

Error - 8/12/2009 5:23:04 PM | Computer Name = OTTO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "hpdj" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 8/12/2009 5:23:04 PM | Computer Name = OTTO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SoundMAX Agent Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%5

< End of report >

#2
hammerman

Posted 15 December 2009 - 01:34 PM

Member 4k

Member
4,183 posts

Hello Kudram and welcome to GeeksToGo

I'm hammerman and I'm going to help you fix your problem.

Sorry for the delay.

Before we begin, here are some guidelines which will help us both in fixing your problem.

I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread. You can copy and paste these instructions into Notepad and then save the text file to your Desktop. If you need any help with this or further clarification, please let me know.
Please do no attach logs or post them in Quote/Code boxes unless requested.
When posting logs, please ensure Word Wrap is turned off in Notepad. Open Notepad, select Format on the menu bar and make sure that Word Wrap is unchecked.
Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
Malware removal is not instantaneous and will take a number of steps to complete. Please continue to carry out the steps requested until I let you know that your computer appears clean.
If in doubt about anything, please ask.

Let's get a fresh look at your system. Please follow these steps.

-- Step 1 --

To ensure that I get all the information, this log will need to be attached (instructions at the end).

Download OTS to your Desktop

Close ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program.
Check the box that says Scan All Users
Under Additional Scans check the following:
- Reg - Approved Shell Extensions
- Reg - Desktop Components
- Reg - Disabled MS Config Items
- Reg - Drivers32
- Reg - File Associations
- Reg - SafeBoot Minimal
- Reg - SafeBoot Network
- Reg - Shell Spawning
- Reg - Uninstall List
- File - Lop Check
- File - Purity Scan
- Evnt - EvtViewer (last 10)
Under the Custom Scans box at the bottom left paste the following in

netsvcs
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
/md5stop
%systemroot%\*. /mp /s
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:

Click Add Reply
Under the reply panel is the Attachments Panel
Browse for the attachment file you want to upload, then click the green Upload button
Once it has uploaded, click the Manage Current Attachments drop down box
Click on to insert the attachment into your post

-- Step 2 --

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click NO
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

#3
Kudram

Posted 15 December 2009 - 06:16 PM

New Member

Topic Starter
Member
9 posts

Hello hammerman! Thank you for helping me out.
There are still some programms not working at all, and I don't know why.

Here is the OTS log as attachment an the GMER log here:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-16 01:06:50
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOKUME~1\nina_2\LOKALE~1\Temp\pxtdapog.sys

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\tiumflt.sys entry point in "init" section [0xF8954E00]
init C:\WINDOWS\system32\drivers\tiumfwl.sys entry point in "init" section [0xF884EF00]
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF700E340, 0x106FDF, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF9D6300, 0x238E10, 0xF8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.15 ----

Attached Files

OTS.Txt 158.98KB 117 downloads

#4
hammerman

Posted 16 December 2009 - 12:07 AM

Member 4k

Member
4,183 posts

Hi,

Please follow these steps.

-- Step 1 --

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "Arcor Online" -> []
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
YN -> \\"DisableTaskMgr" -> [1]
YN -> \\"DisableRegistryTools" -> [1]
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
YN -> \\"DisableTaskMgr" -> [1]
YN -> \\"DisableRegistryTools" -> [1]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "E:\qbqto.pif" -> E:\qbqto.pif [E:\qbqto.pif:*:Enabled:ipsec]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> \{55c8c9e0-c898-11de-9a75-000cf64da079} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55c8c9e0-c898-11de-9a75-000cf64da079}\shELl\AUtoplay\commaND ->
YN -> \{55c8c9e0-c898-11de-9a75-000cf64da079}\shELl\AUtoplay\commaND\\"" -> E:\qmep.exe [E:\qmep.exe]
YN -> \{55c8c9e0-c898-11de-9a75-000cf64da079} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55c8c9e0-c898-11de-9a75-000cf64da079}\shELl\AutoRun\command ->
YN -> \{55c8c9e0-c898-11de-9a75-000cf64da079}\shELl\AutoRun\command\\"" -> E:\qmep.exe [E:\qmep.exe]
YN -> \{55c8c9e0-c898-11de-9a75-000cf64da079} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55c8c9e0-c898-11de-9a75-000cf64da079}\shELl\EXpLORE\comMand ->
YN -> \{55c8c9e0-c898-11de-9a75-000cf64da079}\shELl\EXpLORE\comMand\\"" -> E:\qmep.exe [E:\qmep.exe]
YN -> \{55c8c9e0-c898-11de-9a75-000cf64da079} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55c8c9e0-c898-11de-9a75-000cf64da079}\shELl\opEn\ComManD ->
YN -> \{55c8c9e0-c898-11de-9a75-000cf64da079}\shELl\opEn\ComManD\\"" -> E:\qmep.exe [E:\qmep.exe]
YN -> \{74aaec99-b174-11de-9a55-000cf64da079} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74aaec99-b174-11de-9a55-000cf64da079}\SheLl\AUtoPLay\COmmaND ->
YN -> \{74aaec99-b174-11de-9a55-000cf64da079}\SheLl\AUtoPLay\COmmaND\\"" -> E:\qbqto.pif [E:\qbqto.pif]
YN -> \{74aaec99-b174-11de-9a55-000cf64da079} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74aaec99-b174-11de-9a55-000cf64da079}\SheLl\AutoRun\command ->
YN -> \{74aaec99-b174-11de-9a55-000cf64da079}\SheLl\AutoRun\command\\"" -> E:\qbqto.pif [E:\qbqto.pif]
YN -> \{74aaec99-b174-11de-9a55-000cf64da079} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74aaec99-b174-11de-9a55-000cf64da079}\SheLl\ExPlOre\COmmANd ->
YN -> \{74aaec99-b174-11de-9a55-000cf64da079}\SheLl\ExPlOre\COmmANd\\"" -> E:\qbqto.pif [E:\qbqto.pif]
YN -> \{74aaec99-b174-11de-9a55-000cf64da079} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74aaec99-b174-11de-9a55-000cf64da079}\SheLl\oPeN\commANd ->
YN -> \{74aaec99-b174-11de-9a55-000cf64da079}\SheLl\oPeN\commANd\\"" -> E:\qbqto.pif [E:\qbqto.pif]
[Empty Temp Folders]
[CreateRestorePoint]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

-- Step 2 --

Download Dr.Web CureIt to the desktop.

Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, just let it cure whatever it finds...
- Now, go to Settings >> Change Settings
- Go to Actions tab >> under Objects section, change the settings to below
  - Infected objects - Cure
  - Incurable objects - Report
  - Suspicious objects - Report
- Don't change any other settings
- Press Apply then OK
Select Complete Scan
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
If prompted to Move files, select No to All
After the scan has finished, click Select All
Click on Cure. Don't select Move, or Rename or Delete
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer to allow files that were in use to be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

#5
Kudram

Posted 16 December 2009 - 09:05 AM

New Member

Topic Starter
Member
9 posts

Ok, I did the OTS thing, this worked well and I put the report at the end of the post.

Then I did the Dr.WEB thing, it did the first quick scan, and did find quiet some things, I let it cure them. Then I started the other scan, how you told me to and I left my computer alone, cause I thought it would take a while. When I came back, not long after I started the scan, the computer had rebooted. Several programms that did not autostart before had autostartet, but the Dr.WEB was closed and so I have no report. But the AVG Anti-Virus did autostart again, too, and did find immediately the Win32/Tanatos.M virus again and another unknown threat. There are still other programms not working at all.
Should I do the Dr.WEB thing again?

All Processes Killed
[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Arcor Online deleted successfully.
Registry key HKEY_USERS\Microsoft\Windows\CurrentVersion\policies\System not found.
Registry key HKEY_USERS\Microsoft\Windows\CurrentVersion\policies\System not found.
Registry key HKEY_USERS\Microsoft\Windows\CurrentVersion\policies\System not found.
Registry key HKEY_USERS\Microsoft\Windows\CurrentVersion\policies\System not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\qbqto.pif deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55c8c9e0-c898-11de-9a75-000cf64da079}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55c8c9e0-c898-11de-9a75-000cf64da079}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55c8c9e0-c898-11de-9a75-000cf64da079}\shELl\AUtoplay\commaND\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55c8c9e0-c898-11de-9a75-000cf64da079}\shELl\AUtoplay\commaND not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55c8c9e0-c898-11de-9a75-000cf64da079}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55c8c9e0-c898-11de-9a75-000cf64da079}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55c8c9e0-c898-11de-9a75-000cf64da079}\shELl\AutoRun\command\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55c8c9e0-c898-11de-9a75-000cf64da079}\shELl\AutoRun\command not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55c8c9e0-c898-11de-9a75-000cf64da079}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55c8c9e0-c898-11de-9a75-000cf64da079}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55c8c9e0-c898-11de-9a75-000cf64da079}\shELl\EXpLORE\comMand\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55c8c9e0-c898-11de-9a75-000cf64da079}\shELl\EXpLORE\comMand not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55c8c9e0-c898-11de-9a75-000cf64da079}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55c8c9e0-c898-11de-9a75-000cf64da079}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55c8c9e0-c898-11de-9a75-000cf64da079}\shELl\opEn\ComManD\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55c8c9e0-c898-11de-9a75-000cf64da079}\shELl\opEn\ComManD not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74aaec99-b174-11de-9a55-000cf64da079}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74aaec99-b174-11de-9a55-000cf64da079}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74aaec99-b174-11de-9a55-000cf64da079}\SheLl\AUtoPLay\COmmaND\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74aaec99-b174-11de-9a55-000cf64da079}\SheLl\AUtoPLay\COmmaND not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74aaec99-b174-11de-9a55-000cf64da079}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74aaec99-b174-11de-9a55-000cf64da079}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74aaec99-b174-11de-9a55-000cf64da079}\SheLl\AutoRun\command\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74aaec99-b174-11de-9a55-000cf64da079}\SheLl\AutoRun\command not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74aaec99-b174-11de-9a55-000cf64da079}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74aaec99-b174-11de-9a55-000cf64da079}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74aaec99-b174-11de-9a55-000cf64da079}\SheLl\ExPlOre\COmmANd\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74aaec99-b174-11de-9a55-000cf64da079}\SheLl\ExPlOre\COmmANd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74aaec99-b174-11de-9a55-000cf64da079}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74aaec99-b174-11de-9a55-000cf64da079}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74aaec99-b174-11de-9a55-000cf64da079}\SheLl\oPeN\commANd\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74aaec99-b174-11de-9a55-000cf64da079}\SheLl\oPeN\commANd not found.
[Empty Temp Folders]

User: Administrator
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: nina_2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 73767214 bytes
->Java cache emptied: 0 bytes

Edited by Kudram, 16 December 2009 - 09:08 AM.

#6
Kudram

Posted 16 December 2009 - 10:55 AM

New Member

Topic Starter
Member
9 posts

With this other virus AVG gives this:
May be infected by unknown virus Win32/DH.CAFF820038

AVG seems to be able to heal the Tanatos.M virus, but it finds it after some time again, often then there are four or more virus messages at once and it seems to find the most in itself, the most are in: C:\Programme\AVG\AVG9\...

#7
hammerman

Posted 16 December 2009 - 11:17 AM

Member 4k

Member
4,183 posts

Hi,

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on View Report and then Save Report
Save the file to your desktop as a text file.
Copy and paste that information in your next post.

#8
Kudram

Posted 16 December 2009 - 02:14 PM

New Member

Topic Starter
Member
9 posts

Do you know how I disable AVG? Because Kasperky says it would be better if I disable it.

#9
hammerman

Posted 16 December 2009 - 02:20 PM

Member 4k

Member
4,183 posts

This might help.

http://www.myantispy...autoprotection/

or this: http://www.bleepingc...opic114351.html

Edited by hammerman, 16 December 2009 - 02:23 PM.

#10
Kudram

Posted 17 December 2009 - 08:47 AM

New Member

Topic Starter
Member
9 posts

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, December 17, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, December 16, 2009 23:01:34
Records in database: 3379879
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 97480
Threats found: 2
Infected objects found: 248
Suspicious objects found: 0
Scan duration: 13:41:49

File name / Threat / Threats count
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan\ASKPBAR.DLL.q_Quarantine_B10B003_q Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.a 1
C:\Dokumente und Einstellungen\nina_2\Desktop\Sachen\DAZBilder\ps_fr275_SeaDragonU3D.exe Infected: Virus.Win32.Sality.aa 1
C:\Dokumente und Einstellungen\nina_2\Desktop\Sachen\DAZBilder\ps_pe038-michael3T.exe Infected: Virus.Win32.Sality.aa 1
C:\i386\QlbServr.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\AC3Filter\uninstall.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\ACDFREE12\SYSEXEC.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Adobe\Acrobat 7.0\Reader\Updater\acroaum.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU\instmsiw.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU\setup.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\AMD\Athlon 64 Processor Driver\amdcon.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Analog Devices\SoundMAX\AEEnable.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Analog Devices\SoundMAX\DLSLoader.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Analog Devices\SoundMAX\install.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Analog Devices\SoundMAX\RemADI.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Analog Devices\SoundMAX\Remove.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Analog Devices\SoundMAX\SMAgentI.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Analog Devices\SoundMAX\SMAgentX.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Analog Devices\SoundMAX\SMTray.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Analog Devices\SoundMAX\SMWizard.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Analog Devices\SoundMAX\_iscppr.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Apoint2K\ApntEx.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Apoint2K\Ezcapt.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Apoint2K\Uninstap.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\AVG\AVG9\avgcfgex.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\AVG\AVG9\avgdumpx.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\AVG\AVG9\avgfrw.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\AVG\AVG9\setup.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\AVG\AVG9\Toolbar\ToolbarBroker.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\BioWare Corp\Neverwinter Nights\ereg\ATR1.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\BioWare Corp\Neverwinter Nights\nwupdate.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\BioWare Corp\Neverwinter Nights\utils\DataPack.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\BioWare Corp\Neverwinter Nights\utils\nwcontbuild.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\BioWare Corp\Neverwinter Nights\utils\nwcontinst.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\BioWare Corp\Neverwinter Nights\utils\nwsfx.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\BioWare Corp\Neverwinter Nights\utils\nwstub.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Blender Foundation\Blender\blenderplayer.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Blender Foundation\Blender\uninstall.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\DAZ\Studio\bin\tdlmake.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\DAZ\Studio\content\Runtime\libraries\!DAZ\DzCreateExPFiles.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\DAZ\Studio\Remove-Studio.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\DIFX\270581355A767BF1\DPInstX86.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\DivX\DivX Codec\config.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\DivX\DivX Codec\DivXsm.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\DivX\DivX Updater\DivXVersionChecker.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\DivX\DivXBundleUninstall.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\DivX\DivXCodecUninstall.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\DivX\DivXConverterUninstall.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\DivX\DivXDSFiltersUninstall.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\DivX\DivXPlayerUninstall.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\DivX\DivXWebPlayerUninstall.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\DXSETUP.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GameSpy Arcade\Aphex.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GameSpy Arcade\GSAPak.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GameSpy Arcade\Services\_common\RWVoice.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GameSpy Arcade\UNWISE.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Gemeinsame Dateien\DAZ\AfricanElephant_Uninstall.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Gemeinsame Dateien\DAZ\aniMateMonsterPackSampler_Uninstall.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Gemeinsame Dateien\DAZ\BrontotheriumDAZStudioAdditionalContent_Uninstall.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Gemeinsame Dateien\DAZ\Brontotherium_Uninstall.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Gemeinsame Dateien\DAZ\CaligoFanumDS_Uninstall.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Gemeinsame Dateien\DAZ\CaligoFanum_Uninstall.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Gemeinsame Dateien\DAZ\DaysofCider_Uninstall.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Gemeinsame Dateien\DAZ\DragonsLairTextureforCaveSystemPt1_Uninstall.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Gemeinsame Dateien\DAZ\DragonsLairTextureforCaveSystemPt2_Uninstall.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Gemeinsame Dateien\DAZ\FamilyGrave_Uninstall.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Gemeinsame Dateien\DAZ\FlyingSteamer_Uninstall.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Gemeinsame Dateien\DAZ\Jumperia_Uninstall.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Gemeinsame Dateien\DAZ\KeratocephalusDR_Uninstall.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Gemeinsame Dateien\DAZ\Krill_Uninstall.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Gemeinsame Dateien\DAZ\LittleThings_Uninstall.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Gemeinsame Dateien\DAZ\Michael4Base_Uninstall.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Gemeinsame Dateien\DAZ\MissileLauncher_Uninstall.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Gemeinsame Dateien\DAZ\PlacesofSummertexturetemplate_Uninstall.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Gemeinsame Dateien\DAZ\PointofImpact_Uninstall.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Gemeinsame Dateien\HP\Memories Disc\2.0\hpodlog3.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Gemeinsame Dateien\HP\Memories Disc\2.0\hpodrend.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Gemeinsame Dateien\HP\Memories Disc\2.0\hpodserv.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriver.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriver2.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Gemeinsame Dateien\InstallShield\Driver\7\Intel 32\IDriver.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Gemeinsame Dateien\InstallShield\engine\6\Intel 32\IKernel.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Artgalry\ARTGALRY.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Artgalry\CAG.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DW20.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Gemeinsame Dateien\Microsoft Shared\MSInfo\OFFPROV.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Gemeinsame Dateien\Microsoft Shared\WordArt\WRDART32.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Gemeinsame Dateien\Yahoo!\CCM\ygca2.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\bin\bzip2.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\bin\gimp-2.6.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\bin\gimp-console-2.6.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\animation-play.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\apply-canvas.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\blur-gauss-selective.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\blur-gauss.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\cml-explorer.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\color-rotate.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\compose.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\curve-bend.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\file-bmp.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\file-fits.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\file-gih.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\file-ico.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\file-jpeg.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\file-mng.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\file-png.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\file-ps.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\file-psd-load.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\file-tiff-load.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\file-xwd.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\film.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\filter-pack.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\flame.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\fractal-explorer.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\gfig.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\gimpressionist.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\gradient-flare.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\ifs-compose.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\imagemap.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\iwarp.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\jigsaw.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\lcms.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\lighting.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\map-object.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\maze.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\metadata.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\mosaic.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\newsprint.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\pagecurl.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\print.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\sample-colorize.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\script-fu.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\selection-to-path.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\sphere-designer.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\video.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\warp.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Hewlett-Packard\hp deskjet assistant\bin\browser.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\drivers\dot4\win2000\hpzinw12.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\drivers\dot4\win2000\hpzipm12.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\hpzglu09.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\HP\Memories Disc\hpod.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\HP\Memories Disc\skins\HewlettPackard_0002\skingen\MEMDISC\PROVIDED\BIN\PROGSHIM.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\HPQ\BrandIt\BrdItVer.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\HPQ\Quick Launch Buttons\eabservr.exe.old-87fdfe00 Infected: Virus.Win32.Sality.aa 1
C:\Programme\HPQ\Quick Launch Buttons\eabver.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\InstallShield Installation Information\{23F2AD64-EAB3-4C01-AECA-33FBA6C7BFCD}\Setup.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\Setup.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\InstallShield Installation Information\{7C503E58-B2BC-11D5-978A-0050BA84F5F7}\Setup.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\Setup.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\Setup.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\InstallShield Installation Information\{9E11661F-C75F-4566-A91F-85BD90D09C70}\setup.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\Setup.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\InstallShield Installation Information\{FC6E442D-ACBF-4EE3-BB0F-E9EFD6A43D07}\setup.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\InterVideo\WinDVD\WinDVD.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Java\j2re1.4.2_03\bin\jucheck.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Java\j2re1.4.2_03\javaws\javaws.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Microsoft Office\Office\1031\MSOFFICE.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Microsoft Office\Office\1031\MSOHELP.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Microsoft Office\Office\1031\PROJWIZ.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Microsoft Office\Office\1031\WRKGADM.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Microsoft Office\Office\Business Planner German\MSBP_STB.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Microsoft Office\Office\EXCEL.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Microsoft Office\Office\FINDER.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Microsoft Office\Office\GRAPH9.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Microsoft Office\Office\MAKECERT.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Microsoft Office\Office\MSACCESS.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Microsoft Office\Office\MSBPD.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Microsoft Office\Office\MSDRAW82.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Microsoft Office\Office\MSOHTMED.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Microsoft Office\Office\MSPUB.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Microsoft Office\Office\OUTLOOK.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Microsoft Office\Office\SBCMSTRT.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Microsoft Office\Office\SBT\SBCM\SBCMAUT.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Microsoft Office\Office\SELFCERT.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Microsoft Office\Office\SETLANG.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Microsoft Office\Office\UNPACK.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Microsoft Silverlight\2.0.31005.0\Silverlight.Configuration.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Mozilla Firefox\crashreporter.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Mozilla Firefox\uninstall\helper.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Mozilla Firefox\updater.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\MSN\MSNCoreFiles\copymar.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\MSN\MSNCoreFiles\dw.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\MSN\MSNCoreFiles\install\msn9components\digcore.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\MSN\MSNCoreFiles\install\msn9components\msncli.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\MSN\MSNCoreFiles\install\msnsusii.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\MSN\MSNCoreFiles\msn6.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\MSN\MSNCoreFiles\Setup\msnunin.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\MSN\MSNCoreFiles\update.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Pinnacle\Shared Files\Pixie\PixieTool.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Pinnacle\VideoSpin\Plugins\Export\ffmpeg.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Pinnacle\VideoSpin\Programs\Check3D.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Pinnacle\VideoSpin\Programs\FWKick.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Pinnacle\VideoSpin\Programs\PER.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Pinnacle\VideoSpin\Programs\PinnacleWebPublisher.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Pinnacle\VideoSpin\Programs\ResDebugu.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Pinnacle\VideoSpin\Programs\RM.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Pinnacle\VideoSpin\Programs\umi.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Pinnacle\VideoSpin\Programs\VideoSpin.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\QuickTime\PictureViewer.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\QuickTime\QTInfo.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\QuickTime\QTSystem\ExportController.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\QuickTime\QTSystem\QuickTimeUpdateHelper.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\RecordNow!\Launch.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\RecordNow!\LeaderReg.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\RecordNow!\RecordNow.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\RecordNow!\Tutorial\DEU\TutorialDEU.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\RecordNow!\Tutorial\Movies\movies.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Snapshot Viewer\SNAPVIEW.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Spiele\LineRider\LineRider_beta.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Spiele\NapkinRace\NapkinRace.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Spiele\NWN\nwupdate.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Spiele\NWN\utils\DataPack.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Spiele\NWN\utils\nwcontbuild.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Spiele\NWN\utils\nwcontinst.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Spiele\NWN\utils\nwsfx.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Spiele\NWN\utils\nwstub.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\The Weather Channel FW\Desktop\UNWISE.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\WIDCOMM\Bluetooth Software\bin\BcbtRmv_1.7.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\WIDCOMM\Bluetooth Software\bin\btdfuapp.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\WIDCOMM\Bluetooth Software\btsendto_explorer.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\WIDCOMM\Bluetooth Software\gzip.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Winamp\UninstWA.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Windows Media Player\dlimport.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Windows Media Player\Installer\mpsetup.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Windows Media Player\wmdbexport.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Windows Media Player\wmlaunch.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Windows Media Player\wmpnscfg.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Windows Media Player\wmpshare.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Windows Media Player\wmsetsdk.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Winzip\WINZIP32.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Winzip\wz100gev.exe Infected: Virus.Win32.Sality.aa 1
C:\Programme\Winzip\WZMSG.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Winzip\WZQKPICK.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Winzip\WZSEPE32.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Winzip\WZSESS32.EXE Infected: Virus.Win32.Sality.aa 1
C:\Programme\Winzip\WZSRVR32.EXE Infected: Virus.Win32.Sality.aa 1
C:\WINDOWS\ie8\spuninst\spuninst.exe Infected: Virus.Win32.Sality.aa 1
C:\WINDOWS\ie8updates\KB972260-IE8\ie4uinit.exe Infected: Virus.Win32.Sality.aa 1

Selected area has been scanned.

#11
hammerman

Posted 17 December 2009 - 04:09 PM

Member 4k

Member
4,183 posts

I'm afraid I have some bad news.

You are infected with the polymorphic file infector Sality. This infection can and will infect all the machine's executable files .exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.

I recommend a Complete Reformat and Reinstall . This includes All Drives that contain .exe, .scr, .rar, .zip, .htm, .html files.

Backup all your documents and important items only.
DO NOT backup any executable files (.exe .scr .html or .htm)
Do Not back up compressed files (zip/cab/rar) files that may contain .exe or .scr files
Reformat and Reinstall as outlined HERE

#12
Kudram

Posted 17 December 2009 - 04:33 PM

New Member

Topic Starter
Member
9 posts

Thank you very much for your help! I guessed that I would have to do this.

How is it with my mp3-stick? There might be this virus on it. How can I make sure it gets off it and does not infect any other peoples computers? (I may need it for university stuff)

Edited by Kudram, 17 December 2009 - 04:42 PM.

#13
hammerman

Posted 18 December 2009 - 11:37 AM

Member 4k

Member
4,183 posts

Hi,

If it's been connected to the infected computer, there's a good chance it's also infected. I would recommend you reformat it (on you infected computer) and scan it with Dr.Web. Make sure it's clean before using it elsewhere.

#14
Kudram

Posted 18 December 2009 - 07:36 PM

New Member

Topic Starter
Member
9 posts

Ok, thanks again for taking you time to help!!!
I think I'm going to buy me a new laptop for chrismas. This one is now a few years old, and I do not know where that Starter CDs are now.
I'll try to reformat it, when I find the CDs, when not, well.
I think then this thread can be closed.