TR/Crypt.Morphine.GenC

Tams · 06.08.2008, 07:23

Hallo zusammen!

Ich hab seit gestern morgen einen Trojaner auf dem Computer. Antivir hat ihn als TR/Crypt.Morphine.GenC beschrieben und ich hab auf Zugriff vereigern geklickt...hat aber wohl nicht funktioniert, da danach IE und Morzilla Seiten wie google nicht mehr aufrufen konnten. Nachdem ich denn nach langem rumprobieren eine Suchmaschine gefunden hab, dessen Seite sich öffnen lässt hab ich nach einer Lösung meines Problems gesucht und hab auch mehrere Sachen gefunden und ausprobiert...
Jedenfalls nach langem Hin und Her hats wieder funktioniert und ich dachte ich wäre geheilt, aber als ich den PC heute wieder angemacht hat kam gleich ein Error, dass er uerfr.dll nicht öffnen kann oder so und Antivir hat wieder Alarm geschlagen... Also vl könnt ihr mir weiterhelfen...

Danke schonmal
Tamara

Mein DSS Logfile ist leider zu lang, also kommts in den nächsten Post...

Tams · 06.08.2008, 07:26

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\lg_swupdate\GiljabiStart.exe
C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Users\Tamara\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\phonostar\ps_agent.exe
C:\Program Files\phonostar\ps_timer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ePrompter\ePrompter.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hauri\ViRobot Desktop 5.5\PCFirewall\vrfwsock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\explorer.exe
C:\Users\Tamara\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Tamara.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: IEHelpObj Class - {EC45E3FE-C16D-4F24-9238-D1B49AD74815} - C:\Program Files\Hauri\ViRobot Desktop 5.5\Service\hWebMan.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\giljabistart.exe" Gilautouc
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qoMdCVpn.dll,#1
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\Hauri\Common\Base\VRMONNT.EXE
O4 - HKLM\..\Run: [HEProtect] C:\Program Files\Hauri\ViRobot Desktop 5.5\AntiSpam\HSockPE.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Tamara\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [PhonostarAgent] C:\Program Files\phonostar\ps_agent.exe
O4 - HKCU\..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Tamara\AppData\Local\Temp\khfCsqqp.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Tamara\AppData\Local\Temp\geBrSLFu.dll,c
O4 - HKCU\..\Run: [BM1324dd6e] Rundll32.exe "C:\Users\Tamara\AppData\Local\Temp\ujelmwtl.dll",s
O4 - HKCU\..\Run: [1017eef2] rundll32.exe "C:\Users\Tamara\AppData\Local\Temp\ipuymrdq.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://icq.oberon-media.com/online/online2/chainz_2/mjolauncher.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1207654126
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/online/online2/bejeweled2/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C31C9E29-A28F-49AA-8503-6BB83AAF5DD2}: NameServer = 194.25.0.60
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ViRobot for WinNT(tm) Folder Protect (HFACSVC) - hauri - C:\Program Files\Hauri\ViRobot Desktop 5.5\AccessControl\HFACSvc.exe
O23 - Service: ViRobot Communication Service (hpcsvc) - HAURI - C:\Program Files\Hauri\ViRobot Desktop 5.5\hpcsvc.exe
O23 - Service: Hauri Common Service (hsvcmod) - HAURI Inc. - C:\Program Files\Hauri\Common\hsvcmod.exe
O23 - Service: Evil Driver Daemon (NishService) - Unknown owner - C:\Program Files\LG Software\System Control Manager\edd.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Hauri Firewall (vrfwsvc) - Hauri inc. - C:\Program Files\Hauri\ViRobot Desktop 5.5\PCFirewall\vrfwsvc.exe
O23 - Service: ViRobot Desktop Monitoring (vrmonsvc) - HAURI - C:\Program Files\Hauri\Common\Base\vrmonsvc.exe
O23 - Service: ViRobot Repairing Service (vrrepair) - HAURI - C:\Program Files\Hauri\Common\Base\vrrepair.exe

backup-20080805-095321-558 O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qoMdCVpn.dll,#1
backup-20080805-095322-313 O17 - HKLM\System\CCS\Services\Tcpip\..\{C31C9E29-A28F-49AA-8503-6BB83AAF5DD2}: NameServer = 194.25.0.60
backup-20080805-095322-341 O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Tamara\AppData\Local\Temp\geBrSLFu.dll,c
backup-20080805-095322-855 O4 - HKCU\..\Run: [1017eef2] rundll32.exe "C:\Users\Tamara\AppData\Local\Temp\wkavkqgs.dll",b
backup-20080805-095630-493 O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qoMdCVpn.dll,#1
backup-20080805-095630-659 O4 - HKCU\..\Run: [BM1324dd6e] Rundll32.exe "C:\Users\Tamara\AppData\Local\Temp\atfrtpbf.dll",s
backup-20080805-100008-237 O4 - HKCU\..\Run: [BM1324dd6e] Rundll32.exe "C:\Users\Tamara\AppData\Local\Temp\atfrtpbf.dll",s
backup-20080805-100008-439 O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qoMdCVpn.dll,#1
backup-20080805-100008-713 O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Tamara\AppData\Local\Temp\geBrSLFu.dll,c

-- File Associations

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ssmdrv - c:\windows\system32\drivers\ssmdrv.sys <Not Verified; AVIRA GmbH; >
R3 MGHwCtrl - \??\c:\windows\system32\drivers\mghwctrl.sys
R3 VrAcFil - \??\c:\windows\system32\drivers\vracfil.sys
R3 VRFWNTD6 (VRFWNTD6 Hauri Network Driver) - c:\windows\system32\drivers\vrfwntd6.sys <Not Verified; Hauri Corporation; NDIS Hooking Driver for Windows Vista>
R3 VRsecos - \??\c:\windows\system32\drivers\vrsecos.sys

S3 pgfilter - \??\c:\program files\peerguardian2\pgfilter.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Planer) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 hpcsvc (ViRobot Communication Service) - "c:\program files\hauri\virobot desktop 5.5\hpcsvc.exe" <Not Verified; HAURI; HpcSvc>
R2 hsvcmod (Hauri Common Service) - c:\program files\hauri\common\hsvcmod.exe <Not Verified; HAURI Inc.; HAURI hsvcmod>
R2 NishService (Evil Driver Daemon) - c:\program files\lg software\system control manager\edd.exe
R2 o2flash (O2Micro Flash Memory Card Service) - "c:\program files\o2micro oz128 driver\o2flash.exe" <Not Verified; O2Micro International; O2 MS1/MP1 Service>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
R2 vrfwsvc (Hauri Firewall) - c:\program files\hauri\virobot desktop 5.5\pcfirewall\vrfwsvc.exe <Not Verified; Hauri inc.; Hauri Firewall Service>
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S2 vrmonsvc (ViRobot Desktop Monitoring) - "c:\program files\hauri\common\base\vrmonsvc.exe" <Not Verified; HAURI; HAURI ViRobot Vrmonsvc for Vista>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Nokia E65
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia E65
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

-- Scheduled Tasks -------------------------------------------------------------

2008-08-05 23:39:07 424 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{AE921CF8-0134-4409-949A-9E1C6EFBF93E}.job

-- Files created between 2008-07-06 and 2008-08-06 -----------------------------

2008-08-05 15:50:13 0 d-------- C:\Program Files\ePrompter
2008-08-05 11:32:45 27260 -----n--- C:\Windows\system32\drivers\vracfil.sys <Not Verified; HAURI; VRAC Filter for Windows NT/2K/XP>
2008-08-05 11:32:41 15644 -----n--- C:\Windows\system32\drivers\VRsecos.sys <Not Verified; HAURI; VRsecos for Windows NT/2K/XP>
2008-08-05 11:31:56 30720 --a------ C:\Windows\system32\drivers\VRFWNTD6.SYS <Not Verified; Hauri Corporation; NDIS Hooking Driver for Windows Vista>
2008-08-05 11:30:37 0 d-------- C:\Program Files\Hauri
2008-08-05 09:46:24 0 d-------- C:\Program Files\Trend Micro
2008-08-05 09:11:31 1024 --a------ C:\Windows\system32\pwdremover.dat
2008-08-05 09:11:07 36864 --a------ C:\Windows\system32\ssqrRLDV.dll
2008-08-05 09:11:07 36864 --a------ C:\Windows\system32\mlJBRhIy.dll
2008-08-05 09:10:25 36864 --a------ C:\Windows\system32\qoMdCVpn.dll
2008-08-05 09:10:25 36864 --a------ C:\Windows\system32\mlJYRiJy.dll
2008-07-18 23:25:14 0 d-------- C:\Program Files\phonostar
2008-07-16 08:38:14 0 d-------- C:\Program Files\MSXML 4.0
2008-07-14 19:01:44 0 d-------- C:\Users\All Users\MAGIX
2008-07-14 19:01:38 82432 --a------ C:\Windows\system32\msxml4r.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2008-07-14 19:01:37 44544 --a------ C:\Windows\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2008-07-14 19:00:40 0 d-------- C:\Program Files\Common Files\MAGIX Shared
2008-07-14 19:00:11 120200 --a------ C:\Windows\system32\DLLDEV32i.dll <Not Verified; ; DLLDEV32i>
2008-07-14 19:00:11 0 d-------- C:\Program Files\MAGIX
2008-07-14 18:59:35 667648 --a------ C:\Windows\system32\mgxoschk.dll <Not Verified; MAGIX AG; mgxoschk>
2008-07-14 18:59:35 0 d-------- C:\Windows\system32\MAGIX
2008-07-14 01:13:40 0 d-------- C:\Program Files\CDex_150

-- Find3M Report ---------------------------------------------------------------

2008-08-06 07:48:18 0 d-------- C:\Users\Tamara\AppData\Roaming\DNA
2008-08-06 06:45:02 618430 --a------ C:\Windows\system32\perfh007.dat
2008-08-06 06:45:02 122648 --a------ C:\Windows\system32\perfc007.dat
2008-08-05 23:59:12 12 --a------ C:\Windows\bthservsdp.dat
2008-08-05 11:31:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-05 11:30:35 0 d-------- C:\Program Files\Common Files\InstallShield
2008-08-05 09:10:10 0 d-------- C:\Users\Tamara\AppData\Roaming\WinRAR
2008-08-05 09:06:43 0 d-------- C:\Users\Tamara\AppData\Roaming\BitTorrent
2008-07-23 09:25:45 0 d-------- C:\Program Files\Java
2008-07-19 11:59:15 0 d-------- C:\Users\Tamara\AppData\Roaming\phonostar-Player
2008-07-18 21:38:44 0 d-------- C:\Users\Tamara\AppData\Roaming\ICQ
2008-07-14 19:00:40 0 d-------- C:\Program Files\Common Files
2008-07-14 16:55:07 1337721 --a------ C:\Users\Tamara\AppData\Roaming\NMM-MetaData.db
2008-07-11 15:50:40 0 d-------- C:\Program Files\PeerGuardian2
2008-07-10 13:15:05 0 d-------- C:\Program Files\Windows Mail
2008-07-05 03:32:28 174 --ahs---- C:\Program Files\desktop.ini
2008-07-05 03:21:06 0 d-------- C:\Program Files\Windows Sidebar
2008-07-05 03:21:06 0 d-------- C:\Program Files\Windows Calendar
2008-07-05 03:21:06 0 d-------- C:\Program Files\Movie Maker
2008-07-05 03:21:00 0 d-------- C:\Program Files\Windows Collaboration
2008-07-05 03:20:59 0 d-------- C:\Program Files\Windows Journal
2008-07-05 03:20:58 0 d-------- C:\Program Files\Windows Photo Gallery
2008-07-05 03:20:47 0 d-------- C:\Program Files\Windows Defender
2008-07-04 10:14:12 22016 --a------ C:\Windows\system32\prospeed_bmp2jpg.dll
2008-06-17 00:43:52 0 d-------- C:\Users\Tamara\AppData\Roaming\Winamp
2008-06-14 20:08:46 0 d-------- C:\Program Files\Winamp
2008-06-14 13:04:36 0 d-------- C:\Users\Tamara\AppData\Roaming\Skype
2008-06-14 12:27:44 0 d-------- C:\Users\Tamara\AppData\Roaming\skypePM

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC45E3FE-C16D-4F24-9238-D1B49AD74815}]
15.05.2007 14:17 135168 --------- C:\Program Files\Hauri\ViRobot Desktop 5.5\Service\hWebMan.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19.01.2008 09:38]
"LG Intelligent Update"="C:\Program Files\lg_swupdate\giljabistart.exe" [18.03.2008 00:50]
"MGSysCtrl"="C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe" [21.11.2007 14:33]
"RtHDVCpl"="RtHDVCpl.exe" [17.12.2007 12:02 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [22.11.2006 22:20]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.01.2008 23:16]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [18.07.2008 11:28]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24.08.2007 07:00]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10.11.2006 13:35]
"Skytel"="Skytel.exe" [20.11.2007 19:15 C:\Windows\SkyTel.exe]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [28.11.2006 15:12]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [29.03.2008 00:37]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10.06.2008 04:27]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [01.04.2008 20:49]
"MSServer"="C:\Windows\system32\qoMdCVpn.dll" [05.08.2008 09:10]
"Vrmon"="C:\Program Files\Hauri\Common\Base\VRMONNT.EXE" [07.11.2007 16:00]
"HEProtect"="C:\Program Files\Hauri\ViRobot Desktop 5.5\AntiSpam\HSockPE.exe" [01.07.2008 15:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [19.01.2008 09:33]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [26.02.2008 03:23]
"BitTorrent DNA"="C:\Users\Tamara\Program Files\DNA\btdna.exe" [11.05.2008 09:09]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [19.01.2008 09:33]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [01.04.2008 12:40]
"PhonostarAgent"="C:\Program Files\phonostar\ps_agent.exe" [14.07.2008 15:15]
"PhonostarTimer"="C:\Program Files\phonostar\ps_timer.exe" [14.07.2008 15:18]
"MSServer"="C:\Users\Tamara\AppData\Local\Temp\khfCsqqp.dll,#1" []
"cmds"="C:\Users\Tamara\AppData\Local\Temp\geBrSLFu.dll,c" []
"BM1324dd6e"="C:\Users\Tamara\AppData\Local\Temp\ujelmwtl.dll,s" []
"1017eef2"="C:\Users\Tamara\AppData\Local\Temp\ipuymrdq.dll,b" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ePrompter.lnk - C:\Program Files\ePrompter\ePrompter.exe [02.12.2004 18:02:46]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [24.08.2007 04:45:42]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BB81FE02-F70B-46C2-82C3-DE5C6652E677}"= C:\Windows\system32\qoMdCVpn.dll [05.08.2008 09:10 36864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c287504-dc99-11dc-ba4a-806e6f6e6963}]
AutoRun\command- E:\PhotoViewer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

Tams · 06.08.2008, 07:27

und das auch noch...

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6001) SP 1.0
Architecture: X86; Language: German

CPU 0: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 2046.64 MiB / 984.6 MiB
Pagefile Memory (total/avail): 4336.56 MiB / 3087.83 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1898.16 MiB

C: is Fixed (NTFS) - 119 GiB total, 50.33 GiB free.
D: is Fixed (NTFS) - 29.05 GiB total, 16.95 GiB free.
E: is CDROM (CDFS)
G: is Removable (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHY2160BH ATA Device - 149.05 GiB - 3 partitions
\PARTITION0 - Unknown - 1024 MiB
\PARTITION1 (bootable) - Installierbares Dateisystem - 119 GiB - C:
\PARTITION2 - Installierbares Dateisystem - 29.05 GiB - D:

\\.\PHYSICALDRIVE1 - Brother DCP-130C USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: Avira AntiVir PersonalEdition v8.0.1.18 (Avira GmbH)
AV: HAURI AntiVirus ViRobot vVersion 5 (HAURI)
AS: Avira AntiVir PersonalEdition v 7.0.3.158
(Avira GmbH)
AS: Windows-Defender v1.1.1505.0 (Microsoft Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Tamara\AppData\Roaming
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TAMARA-PC
ComSpec=C:\Windows\system32\cmd.exe
configsetroot=C:\Windows\ConfigSetRoot
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Tamara
LOCALAPPDATA=C:\Users\Tamara\AppData\Local
LOGONSERVER=\\TAMARA-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Tamara\AppData\Local\Temp
TMP=C:\Users\Tamara\AppData\Local\Temp
USERDOMAIN=Tamara-PC
USERNAME=Tamara
USERPROFILE=C:\Users\Tamara
windir=C:\Windows

-- User Profiles ---------------------------------------------------------------

Tamara

-- Add/Remove Programs ---------------------------------------------------------

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.2 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Agere Systems HDA Modem --> agrsmdel
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Atheros Driver Installation Program --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x7 -removeonly
Avira AntiVir Personal - Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BitTorrent --> C:\Program Files\BitTorrent\uninst.exe
Catalyst Control Center - Branding --> MsiExec.exe /I{15374719-86D9-4244-9426-B17398EEA833}
CDex extraction audio --> "C:\Program Files\CDex_150\uninstall.exe"
DNA --> "C:\Users\Tamara\Program Files\DNA\btdna.exe" /UNINSTALL
ePrompter --> C:\Program Files\ePrompter\Uninstall.exe
EzManual --> "C:\Program Files\EzManual\UnInstall.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ICQ6 --> "C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LG Intelligent Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{81717D01-32F6-449C-85E1-41AFD678E545}\SETUP.EXE"
LG Smart Cam --> C:\Program Files\InstallShield Installation Information\{9455E8B0-4D73-4A9D-BFA3-D2C213BFD28F}\setup.exe -runfromtemp -l0x0007 -removeonly
Magic ISO Maker v5.4 (build 0256) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MAGIX Ringtone Maker 2007 silver 3.1.0.3 (D) --> C:\Program Files\MAGIX\Ringtone_Maker_2007_silver\instslct.exe
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mp3 RightName 1.28 --> C:\Users\Tamara\Documents\Downloads\mp3RightName\unins000.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Nokia Connectivity Cable Driver --> RUNDLL32.EXE nsesetup.dll,DoNTUninst
Nokia PC Suite --> MsiExec.exe /I{02091327-B124-4216-9D71-58C0E24F5392}
O2Micro Flash Memory Card Reader Driver Installer(x86) --> MsiExec.exe /X{78764173-3805-4916-B3CE-B433702B8870}
OViSS - Mikro --> C:\Windows\system32\javaws.exe -uninstall -prompt "http://groups.uni-paderborn.de/reiss/OViSS/oStart/Mikro.jnlp"
PC Connectivity Solution --> MsiExec.exe /I{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
phonostar-Player Version 2.01.4 --> "C:\Program Files\phonostar\unins000.exe"
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista --> C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Control Manager --> C:\Program Files\InstallShield Installation Information\{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}\setup.exe -runfromtemp -l0x0009 -removeonly
Update for Microsoft Office Outlook 2007 (KB952142) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb953463) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
ViRobot Desktop 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{08CC6CEF-3AF6-400C-BCF2-E7AB5E0AB649}\Setup.exe" -l0x9
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live installer --> MsiExec.exe /X{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR --> C:\Program Files\WinRAR\uninstall.exe
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"

-- Application Event Log -------------------------------------------------------

Event Record #/Type8378 / Error
Event Submitted/Written: 08/06/2008 07:44:36 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Programm explorer.exe, Version 6.0.6001.18000 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 107c
Anfangszeit: 01c8f786f3607b60
Zeitpunkt der Beendigung: 46

Event Record #/Type8376 / Warning
Event Submitted/Written: 08/06/2008 07:43:56 AM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Crypt.Morphine.GenC:\Users\Tamara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8UFRIGYE\8579[1].dll

Event Record #/Type8375 / Warning
Event Submitted/Written: 08/06/2008 07:41:52 AM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Crypt.Morphine.GenC:\Users\Tamara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8UFRIGYE\8579[1].dll

Event Record #/Type8374 / Warning
Event Submitted/Written: 08/06/2008 07:41:37 AM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Crypt.Morphine.GenC:\Users\Tamara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8UFRIGYE\8579[1].dll

Event Record #/Type8373 / Error
Event Submitted/Written: 08/06/2008 07:40:36 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Programm Explorer.EXE, Version 6.0.6001.18000 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 710
Anfangszeit: 01c8f77e2f59de45
Zeitpunkt der Beendigung: 250

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type55485 / Warning
Event Submitted/Written: 08/06/2008 07:49:36 AM
Event ID/Source: 3004 / WinDefend
Event Description:
Vom %Tamara-PC27-Echtzeitschutz-Agent wurden Änderungen erkannt. Microsoft empfiehlt, die Software, die diese Änderungen vorgenommen hat, zu analysieren, um potenzielle Risiken festzustellen. Sie können anhand der Informationen über die Funktionsweise dieser Programme entscheiden, ob die Software ausgeführt werden kann oder vom Computer entfernt werden soll. Lassen Sie nur Änderungen zu, wenn das Programm oder der Softwareherausgeber vertrauenswürdig ist. %Tamara-PC27 kann Änderungen, die Sie zugelassen haben, nicht mehr rückgängig machen.

Weitere Informationen finden Sie im Folgenden:
%Tamara-PC275

Scan-ID: {A847AC8C-BBE4-48E2-A1D6-C5E5E66BB37D}

Benutzer: Tamara-PC\Tamara

Name: %Tamara-PC271

ID: %Tamara-PC272

Schweregrad-ID: %Tamara-PC273

Kategorie-ID: %Tamara-PC274

Gefundener Pfad: %Tamara-PC276

Warnungsart: %Tamara-PC278

Feststellungstyp: 1.1.1600.02

Event Record #/Type55484 / Warning
Event Submitted/Written: 08/06/2008 07:49:36 AM
Event ID/Source: 3004 / WinDefend
Event Description:
Vom %Tamara-PC27-Echtzeitschutz-Agent wurden Änderungen erkannt. Microsoft empfiehlt, die Software, die diese Änderungen vorgenommen hat, zu analysieren, um potenzielle Risiken festzustellen. Sie können anhand der Informationen über die Funktionsweise dieser Programme entscheiden, ob die Software ausgeführt werden kann oder vom Computer entfernt werden soll. Lassen Sie nur Änderungen zu, wenn das Programm oder der Softwareherausgeber vertrauenswürdig ist. %Tamara-PC27 kann Änderungen, die Sie zugelassen haben, nicht mehr rückgängig machen.

Weitere Informationen finden Sie im Folgenden:
%Tamara-PC275

Scan-ID: {C403D3BE-B4CC-4D70-AFBE-AB01CB50BC5A}

Benutzer: Tamara-PC\Tamara

Name: %Tamara-PC271

ID: %Tamara-PC272

Schweregrad-ID: %Tamara-PC273

Kategorie-ID: %Tamara-PC274

Gefundener Pfad: %Tamara-PC276

Warnungsart: %Tamara-PC278

Feststellungstyp: 1.1.1600.02

Event Record #/Type55483 / Warning
Event Submitted/Written: 08/06/2008 07:49:36 AM
Event ID/Source: 3004 / WinDefend
Event Description:
Vom %Tamara-PC27-Echtzeitschutz-Agent wurden Änderungen erkannt. Microsoft empfiehlt, die Software, die diese Änderungen vorgenommen hat, zu analysieren, um potenzielle Risiken festzustellen. Sie können anhand der Informationen über die Funktionsweise dieser Programme entscheiden, ob die Software ausgeführt werden kann oder vom Computer entfernt werden soll. Lassen Sie nur Änderungen zu, wenn das Programm oder der Softwareherausgeber vertrauenswürdig ist. %Tamara-PC27 kann Änderungen, die Sie zugelassen haben, nicht mehr rückgängig machen.

Weitere Informationen finden Sie im Folgenden:
%Tamara-PC275

Scan-ID: {FB3DE563-4AE4-4DA2-9E6E-3EAE302767B0}

Benutzer: Tamara-PC\Tamara

Name: %Tamara-PC271

ID: %Tamara-PC272

Schweregrad-ID: %Tamara-PC273

Kategorie-ID: %Tamara-PC274

Gefundener Pfad: %Tamara-PC276

Warnungsart: %Tamara-PC278

Feststellungstyp: 1.1.1600.02

Event Record #/Type55482 / Warning
Event Submitted/Written: 08/06/2008 07:49:36 AM
Event ID/Source: 3004 / WinDefend
Event Description:
Vom %Tamara-PC27-Echtzeitschutz-Agent wurden Änderungen erkannt. Microsoft empfiehlt, die Software, die diese Änderungen vorgenommen hat, zu analysieren, um potenzielle Risiken festzustellen. Sie können anhand der Informationen über die Funktionsweise dieser Programme entscheiden, ob die Software ausgeführt werden kann oder vom Computer entfernt werden soll. Lassen Sie nur Änderungen zu, wenn das Programm oder der Softwareherausgeber vertrauenswürdig ist. %Tamara-PC27 kann Änderungen, die Sie zugelassen haben, nicht mehr rückgängig machen.

Weitere Informationen finden Sie im Folgenden:
%Tamara-PC275

Scan-ID: {B2F2A2A3-33BA-4D15-8833-C0DE458C33B4}

Benutzer: Tamara-PC\Tamara

Name: %Tamara-PC271

ID: %Tamara-PC272

Schweregrad-ID: %Tamara-PC273

Kategorie-ID: %Tamara-PC274

Gefundener Pfad: %Tamara-PC276

Warnungsart: %Tamara-PC278

Feststellungstyp: 1.1.1600.02

Event Record #/Type55475 / Warning
Event Submitted/Written: 08/06/2008 07:44:24 AM
Event ID/Source: 3004 / WinDefend
Event Description:
Vom %Tamara-PC27-Echtzeitschutz-Agent wurden Änderungen erkannt. Microsoft empfiehlt, die Software, die diese Änderungen vorgenommen hat, zu analysieren, um potenzielle Risiken festzustellen. Sie können anhand der Informationen über die Funktionsweise dieser Programme entscheiden, ob die Software ausgeführt werden kann oder vom Computer entfernt werden soll. Lassen Sie nur Änderungen zu, wenn das Programm oder der Softwareherausgeber vertrauenswürdig ist. %Tamara-PC27 kann Änderungen, die Sie zugelassen haben, nicht mehr rückgängig machen.

Weitere Informationen finden Sie im Folgenden:
%Tamara-PC275

Scan-ID: {F3DC2405-1D7C-4636-B280-41764F6DE15E}

Benutzer: Tamara-PC\Tamara

Name: %Tamara-PC271

ID: %Tamara-PC272

Schweregrad-ID: %Tamara-PC273

Kategorie-ID: %Tamara-PC274

Gefundener Pfad: %Tamara-PC276

Warnungsart: %Tamara-PC278

Feststellungstyp: 1.1.1600.02

-- End of Deckard's System Scanner: finished at 2008-08-06 07:52:06 ------------

TR/Crypt.Morphine.GenC

Plagegeister aller Art und deren Bekämpfung: TR/Crypt.Morphine.GenC