|
Plagegeister aller Art und deren Bekämpfung: Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAnWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
06.06.2010, 14:39 | #1 |
| Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn Hallo, ich bin neu, hab gesucht, aber noch nicht das richtige gefunden: Erstmal, ich habe WindowsVista und benutze Avira AntiVir Personal als Antivirenprogramm, die spontan eingeleitete Suchaktion von diesem Programm war allerdings ohne Erfolg. Also, eine Freundin wollte mir ein Bild schicken und dann kam ein Link, den ich leider angeklickt habe, weil ich einen sehr ähnlichen Link (imageshack) erwartet habe. Es ist eine Bilddatei (glaube ich), die in meinem Downloads-Ordner steckte und bereits meinen Windows-Explorer lahmgelegt hat, das heißt, ich kann auf keinen Ordner mehr zugreifen, das Startmenü ist leer. Die Datei heißt PIC0737830249202010.JPG.scr Die Seite hxxp://virusscan.jotti.org hat folgendes Ergebnis geliefert: Gen:Trojan.Heur.cGW@tvCZhAn Ich bin jetzt vollkommen planlos, sowas ist mir noch nie passiert, weil ich eigentlich sehr vorsichtig bin. Was kann ich jetzt machen? Liebe Grüße Amanda Edit: Habe eben mal den Thread etwas weiter undten zu einem ähnlichen Thema gelesen. Ich kann Malwarebytes Anti-Malware 1.46 nicht installieren, weil angeblich nicht genug System-Ressourcen zur Verfügung stehen... Geändert von amanda_the_3 (06.06.2010 um 14:55 Uhr) |
06.06.2010, 15:04 | #2 |
| Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn Mache jetzt einen OTL scan.
__________________Ergebnis: OTL logfile created on: 06.06.2010 15:59:47 - Run 1 OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Amanda\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free 6,00 Gb Paging File | 3,00 Gb Available in Paging File | 54,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 222,88 Gb Total Space | 106,63 Gb Free Space | 47,84% Space Free | Partition Type: NTFS Drive D: | 7,90 Gb Total Space | 0,79 Gb Free Space | 10,00% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 1021,00 Mb Total Space | 1016,38 Mb Free Space | 99,55% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: AMANDA-PC Current User Name: Amanda Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Amanda\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Java\jre6\bin\java.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Java\jre6\bin\jp2launcher.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira GmbH) PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P) PRC - c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International) PRC - c:\Programme\Hewlett-Packard\IAM\Bin\asghost.exe (Bioscrypt Inc.) PRC - C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard) PRC - C:\Programme\PDF Complete\pdfsvc.exe (PDF Complete Inc) PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) PRC - c:\Programme\ActivIdentity\ActivClient\accoca.exe (ActivIdentity) PRC - c:\Programme\ActivIdentity\ActivClient\acevents.exe (ActivIdentity) PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Modules (SafeList) ========== MOD - C:\Users\Amanda\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (0095201239898690mcinstcleanup) McAfee Application Installer Cleanup (0095201239898690) -- File not found SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (HP ProtectTools Service) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P) SRV - (HpFkCryptService) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International) SRV - (ASBroker) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.) SRV - (ASChannel) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll (Bioscrypt Inc.) SRV - (HPFSService) -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard) SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (accoca) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity) SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys () Geändert von amanda_the_3 (06.06.2010 um 15:09 Uhr) |
06.06.2010, 15:09 | #3 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn OTL dauert nicht lange. Grob geschätzt 5 Minuten.
__________________
__________________ |
06.06.2010, 15:11 | #4 |
| Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn Bitte um weitere Anweisung. LG amanda |
06.06.2010, 15:15 | #5 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn Das Log ist unvollständig!! Bitte pack beide Logfiles in eine ZIP-Datei und häng es hier an.
__________________ Logfiles bitte immer in CODE-Tags posten |
06.06.2010, 15:18 | #6 |
| Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn Ich habe das Teil als eine Txt-Datei bekommen, die sich einfach geöffnet hat, und habe keine ahnung, wie ich das in eine zip-Datei rein bekomme... Wo bekomme ich denn den zweiten logfile her? |
06.06.2010, 15:24 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn Die OTL.txt und Extras.txt werden benötigt, die solltest Du direkt auf C: finden. Beide Dateien markieren => Rechtsklick => Senden an ZIP komprimierter Ordner Die dann erstellte ZIP-Datei dem nächsten Beitrag anhängen
__________________ Logfiles bitte immer in CODE-Tags posten |
06.06.2010, 15:28 | #8 |
| Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn Ich kann auf C: nicht mehr zugreifen... |
06.06.2010, 15:37 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn Dann klick auf Start > Ausführen und tipp ein: notepad C:\OTL.txt DasOTL-Log müsste sich zumindest wider öffnen. Markier dann mit STRG+A den gesamten Text und poste das Log komplett!
__________________ Logfiles bitte immer in CODE-Tags posten |
06.06.2010, 15:43 | #10 |
| Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn Anhang 7055 Anhang 7056 so, die zip-datei geht leider nicht, ich hoffe, es reichen die txt datein Es klappt heute wirklich gar nichts... |
06.06.2010, 15:52 | #11 |
| Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn Nochmal so: OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.06.2010 15:59:47 - Run 1 OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Amanda\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free 6,00 Gb Paging File | 3,00 Gb Available in Paging File | 54,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 222,88 Gb Total Space | 106,63 Gb Free Space | 47,84% Space Free | Partition Type: NTFS Drive D: | 7,90 Gb Total Space | 0,79 Gb Free Space | 10,00% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 1021,00 Mb Total Space | 1016,38 Mb Free Space | 99,55% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: AMANDA-PC Current User Name: Amanda Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Amanda\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Java\jre6\bin\java.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Java\jre6\bin\jp2launcher.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira GmbH) PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P) PRC - c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International) PRC - c:\Programme\Hewlett-Packard\IAM\Bin\asghost.exe (Bioscrypt Inc.) PRC - C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard) PRC - C:\Programme\PDF Complete\pdfsvc.exe (PDF Complete Inc) PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) PRC - c:\Programme\ActivIdentity\ActivClient\accoca.exe (ActivIdentity) PRC - c:\Programme\ActivIdentity\ActivClient\acevents.exe (ActivIdentity) PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Modules (SafeList) ========== MOD - C:\Users\Amanda\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (0095201239898690mcinstcleanup) McAfee Application Installer Cleanup (0095201239898690) -- File not found SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (HP ProtectTools Service) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P) SRV - (HpFkCryptService) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International) SRV - (ASBroker) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.) SRV - (ASChannel) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll (Bioscrypt Inc.) SRV - (HPFSService) -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard) SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (accoca) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity) SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys () DRV - (SVKP) -- C:\Windows\System32\SVKP.sys (AntiCracking) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (Lbd) -- C:\windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (SbAlg) -- C:\Windows\System32\drivers\SbAlg.sys (SafeBoot N.V.) DRV - (SbFsLock) -- C:\Windows\System32\drivers\SbFsLock.sys (SafeBoot International) DRV - (RsvLock) -- C:\Windows\System32\drivers\rsvlock.sys (SafeBoot International) DRV - (SafeBoot) -- C:\Windows\System32\drivers\SafeBoot.sys () DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) DRV - (ADIHdAudAddService) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (hpdskflt) -- C:\windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation) DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (adpu320) -- C:\windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (MegaSR) -- C:\windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu160m) -- C:\windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (HpCISSs) -- C:\windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_FC) -- C:\windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\windows\system32\drivers\elxstor.sys (Emulex) DRV - (LSI_SCSI) -- C:\windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (nvraid) -- C:\windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (adp94xx) -- C:\windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (viaide) -- C:\windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (ql40xx) -- C:\windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://de.yahoo.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.80 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.12 11:30:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.22 18:46:32 | 000,000,000 | ---D | M] [2009.04.16 17:42:32 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\mozilla\Extensions [2010.05.28 10:55:53 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\mozilla\Firefox\Profiles\s0a9cmbq.default\extensions [2010.05.28 10:55:44 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Amanda\AppData\Roaming\mozilla\Firefox\Profiles\s0a9cmbq.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.05.28 10:55:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Amanda\AppData\Roaming\mozilla\Firefox\Profiles\s0a9cmbq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.06.03 16:04:27 | 000,000,950 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\FireFox\Profiles\s0a9cmbq.default\searchplugins\icqplugin-1.xml [2010.04.05 20:59:21 | 000,000,950 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\FireFox\Profiles\s0a9cmbq.default\searchplugins\icqplugin-2.xml [2010.04.12 11:31:53 | 000,000,950 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\FireFox\Profiles\s0a9cmbq.default\searchplugins\icqplugin-3.xml [2010.05.05 21:24:12 | 000,000,950 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\FireFox\Profiles\s0a9cmbq.default\searchplugins\icqplugin-4.xml [2010.03.17 12:45:01 | 000,000,955 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\FireFox\Profiles\s0a9cmbq.default\searchplugins\icqplugin.xml [2009.12.06 16:41:27 | 000,001,996 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\FireFox\Profiles\s0a9cmbq.default\searchplugins\suche-in-wikipedia.xml [2010.04.22 18:46:38 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.01.14 16:35:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPPDLicenseHelper.dll [2010.04.12 11:30:15 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.12 11:30:15 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.12 11:30:15 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.12 11:30:15 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.12 11:30:15 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - No CLSID value found. O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Programme\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) O2 - BHO: (no name) - {F156768E-81EF-470C-9057-481BA8380DBA} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\JC_ALL.HTM () O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\JC_LINK.HTM () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v911/Navigram.cab (Navigram Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Amanda\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Amanda\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{d4fabb52-ca08-11de-9839-002186e55935}\Shell - "" = AutoRun O33 - MountPoints2\{d4fabb52-ca08-11de-9839-002186e55935}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found O33 - MountPoints2\{d4fabb52-ca08-11de-9839-002186e55935}\Shell\setup\command - "" = G:\setup.exe -- File not found O33 - MountPoints2\{e5e6e7e7-7785-11de-b961-002186e55935}\Shell - "" = AutoRun O33 - MountPoints2\{e5e6e7e7-7785-11de-b961-002186e55935}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.06.06 15:58:36 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Amanda\Desktop\OTL.exe [2010.06.06 15:51:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.06.06 15:47:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2010.06.06 15:47:51 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware [2010.05.26 11:50:19 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\Meerschweinchen [2010.05.26 09:08:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll [2010.05.25 10:08:19 | 000,000,000 | ---D | C] -- C:\ed489c9c21f4f0ce592776a9e7cc [2010.05.23 22:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2009.04.16 15:01:53 | 000,180,224 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll [2009.04.16 15:01:52 | 000,176,128 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll ========== Files - Modified Within 30 Days ========== [2010.06.06 15:59:57 | 002,883,584 | -HS- | M] () -- C:\Users\Amanda\NTUSER.DAT [2010.06.06 15:58:42 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Amanda\Desktop\OTL.exe [2010.06.06 14:12:19 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.06 14:12:19 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.06 06:53:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2010.06.01 18:51:03 | 000,000,680 | ---- | M] () -- C:\Users\Amanda\AppData\Local\d3d9caps.dat [2010.05.31 18:55:26 | 000,000,054 | ---- | M] () -- C:\windows\System32\rp_stats.dat [2010.05.31 18:55:26 | 000,000,039 | ---- | M] () -- C:\windows\System32\rp_rules.dat [2010.05.31 18:55:17 | 000,000,474 | ---- | M] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job [2010.05.28 10:44:59 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT [2010.05.28 10:44:15 | 2947,432,448 | -HS- | M] () -- C:\hiberfil.sys [2010.05.28 09:42:10 | 000,002,140 | ---- | M] () -- C:\windows\bthservsdp.dat [2010.05.28 09:41:58 | 000,524,288 | -HS- | M] () -- C:\Users\Amanda\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms [2010.05.28 09:41:58 | 000,065,536 | -HS- | M] () -- C:\Users\Amanda\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf [2010.05.28 09:41:39 | 002,377,639 | -H-- | M] () -- C:\Users\Amanda\AppData\Local\IconCache.db [2010.05.27 17:45:37 | 000,000,326 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForAmanda.job [2010.05.12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe ========== Files Created - No Company Name ========== [2010.02.24 20:50:40 | 000,047,104 | ---- | C] () -- C:\windows\System32\KMVIDC32.DLL [2009.11.05 14:21:07 | 000,691,696 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys [2009.10.22 12:38:44 | 000,117,248 | ---- | C] () -- C:\windows\System32\EhStorAuthn.dll [2009.06.03 13:21:33 | 000,017,408 | ---- | C] () -- C:\windows\System32\rpcnetp.dll [2009.04.16 15:01:53 | 001,804,160 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys [2009.04.16 15:01:53 | 000,028,160 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys [2009.04.16 15:01:53 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini [2009.02.28 01:18:28 | 000,003,584 | ---- | C] () -- C:\windows\System32\wceprv.dll [2008.07.23 15:38:17 | 000,204,800 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll [2008.07.23 15:38:17 | 000,200,704 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll [2008.07.23 15:38:17 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll [2008.07.23 15:38:17 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll [2008.07.23 15:38:17 | 000,188,416 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll [2008.07.23 15:38:17 | 000,020,480 | ---- | C] () -- C:\windows\System32\IVIresize.dll [2008.07.23 15:07:46 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI [2008.05.30 18:36:58 | 000,108,752 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys [2008.05.21 11:38:12 | 000,159,744 | ---- | C] () -- C:\windows\System32\atitmmxx.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini [2005.04.04 00:30:00 | 000,110,592 | ---- | C] () -- C:\windows\System32\scardsyn.dll [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll [1998.05.07 05:10:00 | 000,069,632 | ---- | C] () -- C:\windows\System32\ODMA32.dll < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.06.2010 16:21:55 - Run 1 OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Amanda\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free 6,00 Gb Paging File | 3,00 Gb Available in Paging File | 53,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 222,88 Gb Total Space | 106,63 Gb Free Space | 47,84% Space Free | Partition Type: NTFS Drive D: | 7,90 Gb Total Space | 0,79 Gb Free Space | 10,00% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 1021,00 Mb Total Space | 1016,38 Mb Free Space | 99,55% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: AMANDA-PC Current User Name: Amanda Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .jse [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .pif [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .txt [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .wsf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .wsh [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0FB5ED61-1530-4297-86A0-6843A3E540AF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1BFA1A1D-B0C6-4DEB-9A7F-9ED32242634F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{207E302F-76FF-4BFC-977A-DE014BEF164C}" = lport=445 | protocol=6 | dir=in | app=system | "{2668E148-6073-4985-ADE6-4FCC058F8B6D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2AB8C25A-E1ED-4180-8560-3390A9EEA070}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{44511208-0329-4EC5-B367-5574C3138068}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{46C2894E-E496-4425-8299-65B4F3902EA1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6DD1C650-DB1E-425D-BE0F-0D37402B4155}" = lport=139 | protocol=6 | dir=in | app=system | "{7A8F35FF-91BC-4D1D-BE89-085BAF77E1E6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{7D4DD2A4-E582-44C4-9CC8-6965372D9663}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{8336126B-7940-4317-A05D-31825DEBB22A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{93688B8B-0D98-4E67-AB1B-61CFEB1D67AE}" = rport=139 | protocol=6 | dir=out | app=system | "{9C93ABF5-5D8B-43A1-BED9-4C6F9D773B4D}" = lport=138 | protocol=17 | dir=in | app=system | "{A87B9D60-E027-4D08-BA9F-22986310D585}" = rport=137 | protocol=17 | dir=out | app=system | "{BF85BCEA-6DDB-4EFB-9692-5FA15CBD0482}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{C0C05712-0820-4AEF-B4B2-2D4AD2222DD1}" = lport=137 | protocol=17 | dir=in | app=system | "{D65C45C0-F1E1-416A-BFF2-BD4005C0B880}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{DC92C7FF-09B3-4D48-BF1B-DD1AD8883079}" = rport=445 | protocol=6 | dir=out | app=system | "{EB68D4CF-FC6D-43EE-AE2E-8296405BCD42}" = lport=2869 | protocol=6 | dir=in | app=system | "{EC07229E-0D24-40DA-AF20-F8F09840FE3D}" = rport=138 | protocol=17 | dir=out | app=system | "{F5450EB1-C1E1-442D-B047-A4F3094E2A57}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{019BCCEE-B0A6-43A6-A8C4-5266C3A30193}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{0B0F32B9-566F-4B00-BF0A-1E8F040EDD8E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{1AD35ED0-A4B0-4B03-A914-2724B25DF6C5}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "{1BD696C1-FA30-4314-B631-D5EDCFB08477}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{22B84974-1EBE-47BF-89A0-BCEE41F4EE2B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{3959E5C4-93D5-4FE1-806F-3AAE73A1CD55}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{47515DC5-40E3-4C75-979B-4DD18926717B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{62ED8F0B-D4BB-47C9-96F9-B60F70930ABB}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{63B08FCB-497E-43AD-A734-69F2491F1E71}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "{73A82066-F7E7-4F77-9903-8834AE14ACF5}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "{80D9562D-E161-45A8-835B-E546DECCB1A4}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "{90CA9CB9-F0C9-4BD2-8F55-FB8DB136B208}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9FC76D00-3F99-45CE-BFEB-957F4D60E00C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D6AF44FA-74F3-4C4B-B044-E2E0AD036954}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{E3366F78-2071-4CE2-9166-03467CF9BE8B}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "TCP Query User{0992A499-F3CA-48CF-AF74-77D92526F9E6}C:\program files\steam\steamapps\mehrtuerer@farcryhq.com\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mehrtuerer@farcryhq.com\team fortress 2\hl2.exe | "TCP Query User{414F725F-A982-409E-803D-910EBBBD6180}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{48A4F89D-3B74-4320-9075-E75C7579EEBD}C:\program files\steam\steamapps\mehrtuerer@farcryhq.com\half-life\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mehrtuerer@farcryhq.com\half-life\hl.exe | "TCP Query User{4EA86154-E6B7-45DC-BA5A-31C2A24CDB9E}C:\program files\steam\steamapps\mehrtuerer@farcryhq.com\opposing force\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mehrtuerer@farcryhq.com\opposing force\hl.exe | "TCP Query User{626DF298-EB9D-4DCD-A0F2-8EBECD006AF0}C:\program files\java\jre1.6.0_06\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\java.exe | "TCP Query User{839A5E70-D6C6-45A8-8A16-76EF80718DC8}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe | "TCP Query User{9AA8787F-AB68-4FD4-80B4-32F1A5CCDDBC}C:\program files\surfmusik 3.1\surfmusik.exe" = protocol=6 | dir=in | app=c:\program files\surfmusik 3.1\surfmusik.exe | "TCP Query User{B420E171-A468-4E71-8DCC-60A891A3DFBD}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe | "TCP Query User{F853BB57-F280-4F8E-BEDB-00BA08C78031}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe | "UDP Query User{07EA5787-E37F-4D4C-9DAF-C2386CB719F3}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe | "UDP Query User{21DB01A9-5043-4CED-AC45-B05C401081B4}C:\program files\surfmusik 3.1\surfmusik.exe" = protocol=17 | dir=in | app=c:\program files\surfmusik 3.1\surfmusik.exe | "UDP Query User{231C54D6-EB00-4134-B7C7-4E9DFF7C85CD}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe | "UDP Query User{5FC8C5CE-4929-4D51-A40E-12137EBD82D1}C:\program files\steam\steamapps\mehrtuerer@farcryhq.com\half-life\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mehrtuerer@farcryhq.com\half-life\hl.exe | "UDP Query User{7A8290F5-50A2-4770-96C5-32B021DFD0C7}C:\program files\java\jre1.6.0_06\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\java.exe | "UDP Query User{A0BC9741-788E-4617-828A-EFD9A616A582}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe | "UDP Query User{A4B76C91-591A-422C-AB0D-F30FB5868A99}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{AF70D0F2-2585-423E-9356-9DC77F214FE4}C:\program files\steam\steamapps\mehrtuerer@farcryhq.com\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mehrtuerer@farcryhq.com\team fortress 2\hl2.exe | "UDP Query User{FA9F8FDC-6731-49CE-A7CA-25C2D431943F}C:\program files\steam\steamapps\mehrtuerer@farcryhq.com\opposing force\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mehrtuerer@farcryhq.com\opposing force\hl.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1 "{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3600_series" = Canon iP3600 series Printer Driver "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0 "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18 "{27AB9B63-70B4-3444-7FE7-EAAF837286B6}" = Catalyst Control Center Localization Turkish "{2ACA66D0-7C67-4235-90B5-7AB382FF8633}" = HP 3D DriveGuard "{2B01122D-645A-7A29-5F98-025F3F920EEE}" = CCC Help Thai "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2E8A56E1-8421-623F-7D27-5B0D64052D35}" = CCC Help Swedish "{3032FE9D-1EF0-2B28-E28F-D14123A54091}" = CCC Help Norwegian "{30BF4E6C-D866-46F7-A4F6-81A45E97706E}" = Catalyst Control Center - Branding "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6 "{32D95F2D-17A3-9457-667D-DC603227295F}" = ATI Catalyst Install Manager "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 E1 "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{3FE45683-E0A6-8887-BA46-93846D76A571}" = Catalyst Control Center Localization Japanese "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B8CE04B-567D-A6D1-C8C3-55151585051A}" = Catalyst Control Center Localization Hungarian "{4BBB1697-A0C0-C00D-CC3B-2A3D8D7ED8E1}" = CCC Help Czech "{4BDBFEB0-784B-8FBB-E323-17F4B8C3450D}" = Catalyst Control Center Core Implementation "{4DEB1738-EE2D-9415-B1F3-99FE75519BB8}" = Catalyst Control Center Localization Norwegian "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{5FEB063B-B9A0-7677-8D4B-5DE1397BBC7F}" = Catalyst Control Center Localization Swedish "{6079977A-C216-0ED5-7E82-5E94A7683EB1}" = Catalyst Control Center Localization Chinese Traditional "{609C59C0-2920-B88F-AC4E-8434CEEA093F}" = CCC Help Chinese Standard "{62A07DAC-EE36-7C2D-28D4-18A4B8F55EC9}" = Catalyst Control Center Localization Greek "{6716796A-DD6E-8B10-AF22-D30ECB25C682}" = CCC Help Portuguese "{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2 "{6F854740-01D1-46A4-C809-D73B14F9FAA2}" = ccc-utility "{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{8253DB6F-C883-93A4-435F-9526DC07C17F}" = CCC Help Italian "{8BB128BE-2670-485D-A221-B00715BCEBCF}" = HP Easy Setup - Frontend "{8EC7AB5C-7128-B1CD-CA1D-74190D31313E}" = Catalyst Control Center Localization Chinese Standard "{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007 "{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007 "{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007 "{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007 "{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007 "{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007 "{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007 "{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007 "{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007 "{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007 "{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007 "{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007 "{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007 "{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007 "{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007 "{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007 "{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007 "{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{938DB54D-B302-4594-A782-32219F1734AB}" = Canon Camera WIA Driver "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{BBF10B37-4ED3-11D5-A818-00500435FC18}" = Gothic "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "7-Zip" = 7-Zip 4.65 "Ad-Aware" = Ad-Aware "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Dorgem_is1" = Dorgem 2.1.0 "DVD Flick_is1" = DVD Flick 1.3.0.7 "Gothic II" = Gothic II "InstallShield_{938DB54D-B302-4594-A782-32219F1734AB}" = Canon PowerShot S45 WIA-Treiber "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Steam App 220" = Half-Life 2 "Steam App 380" = Half-Life 2: Episode One "Steam App 400" = Portal "Steam App 420" = Half-Life 2: Episode Two "Steam App 440" = Team Fortress 2 "SurfMusik 3.1a_is1" = SurfMusik 3.1a "Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Sweet Home 3D" = Sweet Home 3D "uTorrent" = µTorrent ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 06.06.2010 10:01:44 | Computer Name = Amanda-PC | Source = Windows Search Service | ID = 3100 Description = Error - 06.06.2010 10:03:42 | Computer Name = Amanda-PC | Source = Windows Search Service | ID = 3100 Description = Error - 06.06.2010 10:03:51 | Computer Name = Amanda-PC | Source = Windows Search Service | ID = 3083 Description = Error - 06.06.2010 10:03:52 | Computer Name = Amanda-PC | Source = Windows Search Service | ID = 3100 Description = Error - 06.06.2010 10:05:52 | Computer Name = Amanda-PC | Source = Windows Search Service | ID = 3100 Description = Error - 06.06.2010 10:07:51 | Computer Name = Amanda-PC | Source = Windows Search Service | ID = 3100 Description = Error - 06.06.2010 10:08:11 | Computer Name = Amanda-PC | Source = Windows Search Service | ID = 3083 Description = Error - 06.06.2010 10:08:14 | Computer Name = Amanda-PC | Source = Windows Search Service | ID = 3100 Description = Error - 06.06.2010 10:10:12 | Computer Name = Amanda-PC | Source = Windows Search Service | ID = 3100 Description = Error - 06.06.2010 10:12:12 | Computer Name = Amanda-PC | Source = Windows Search Service | ID = 3100 Description = [ Credential Manager Events ] Error - 13.06.2009 07:03:23 | Computer Name = Amanda-PC | Source = AuthServer | ID = 100811779 Description = The system failed to authenticate the submitted user credentials. Benutzer: Amanda@Amanda-PC Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost Client-Adresse: 127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP Error - 13.06.2009 07:03:23 | Computer Name = Amanda-PC | Source = AuthWiz | ID = 100796068 Description = The submitted credentials were rejected. Benutzer: Amanda@Amanda-PC Anmeldeinformationen: Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste nicht aktiviert ist. Error - 28.06.2009 05:34:33 | Computer Name = Amanda-PC | Source = AuthServer | ID = 100811779 Description = The system failed to authenticate the submitted user credentials. Benutzer: Amanda@Amanda-PC Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost Client-Adresse: 127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP Error - 28.06.2009 05:34:33 | Computer Name = Amanda-PC | Source = AuthWiz | ID = 100796068 Description = The submitted credentials were rejected. Benutzer: Amanda@Amanda-PC Anmeldeinformationen: Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste nicht aktiviert ist. Error - 29.06.2009 10:28:27 | Computer Name = Amanda-PC | Source = AuthServer | ID = 100811779 Description = The system failed to authenticate the submitted user credentials. Benutzer: Amanda@Amanda-PC Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost Client-Adresse: 127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP Error - 29.06.2009 10:28:27 | Computer Name = Amanda-PC | Source = AuthWiz | ID = 100796068 Description = The submitted credentials were rejected. Benutzer: Amanda@Amanda-PC Anmeldeinformationen: Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste nicht aktiviert ist. Error - 03.07.2009 13:44:21 | Computer Name = Amanda-PC | Source = AuthWiz | ID = 100796068 Description = The submitted credentials were rejected. Benutzer: Amanda@Amanda-PC Anmeldeinformationen: Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste nicht aktiviert ist. Error - 03.07.2009 13:44:21 | Computer Name = Amanda-PC | Source = AuthServer | ID = 100811779 Description = The system failed to authenticate the submitted user credentials. Benutzer: Amanda@Amanda-PC Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost Client-Adresse: 127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP Error - 08.07.2009 13:48:41 | Computer Name = Amanda-PC | Source = AuthServer | ID = 100811779 Description = The system failed to authenticate the submitted user credentials. Benutzer: Amanda@Amanda-PC Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost Client-Adresse: 127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP Error - 08.07.2009 13:48:41 | Computer Name = Amanda-PC | Source = AuthWiz | ID = 100796068 Description = The submitted credentials were rejected. Benutzer: Amanda@Amanda-PC Anmeldeinformationen: Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste nicht aktiviert ist. [ OSession Events ] Error - 23.08.2009 15:46:33 | Computer Name = Amanda-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 47 seconds with 0 seconds of active time. This session ended with a crash. ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
06.06.2010, 16:24 | #12 |
| Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn Arne, lass mich jetzt nicht im Stich... Meinst du, man kann da noch was retten oder sollte ich lieber direkt alles platt machen? |
06.06.2010, 19:33 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL O33 - MountPoints2\{d4fabb52-ca08-11de-9839-002186e55935}\Shell - "" = AutoRun O33 - MountPoints2\{d4fabb52-ca08-11de-9839-002186e55935}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found O33 - MountPoints2\{d4fabb52-ca08-11de-9839-002186e55935}\Shell\setup\command - "" = G:\setup.exe -- File not found O33 - MountPoints2\{e5e6e7e7-7785-11de-b961-002186e55935}\Shell - "" = AutoRun O33 - MountPoints2\{e5e6e7e7-7785-11de-b961-002186e55935}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found [2010.02.24 20:50:40 | 000,047,104 | ---- | C] () -- C:\windows\System32\KMVIDC32.DLL :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
07.06.2010, 20:46 | #14 |
| Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn All processes killed Error: Unable to interpret <[emptytemp]> in the current context! OTL by OldTimer - Version 3.2.5.3 log created on 06072010_181731 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
07.06.2010, 21:36 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn Funktioniert Malwarebytes jetzt? Wenn nicht mit dieser Methode? => http://www.trojaner-board.de/82699-m...tet-nicht.html
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn |
antivir, antivirenprogramm, avira, avira antivir, bereits, bild, bilddatei, ergebnis, folge, folgendes, freundin, geliefert, gen, gesuch, gesucht, icq, link, neu, personal, programm, schicken, seite, tan, troja, virus, windows-explorer, windowsvista, zugreifen |