Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.06.2010, 14:39   #1
amanda_the_3
 
Virus über icq:  Gen:Trojan.Heur.cGW@tvCZhAn - Ausrufezeichen

Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn



Hallo,

ich bin neu, hab gesucht, aber noch nicht das richtige gefunden:

Erstmal, ich habe WindowsVista und benutze Avira AntiVir Personal als Antivirenprogramm, die spontan eingeleitete Suchaktion von diesem Programm war allerdings ohne Erfolg.

Also, eine Freundin wollte mir ein Bild schicken und dann kam ein Link, den ich leider angeklickt habe, weil ich einen sehr ähnlichen Link (imageshack) erwartet habe.

Es ist eine Bilddatei (glaube ich), die in meinem Downloads-Ordner steckte und bereits meinen Windows-Explorer lahmgelegt hat, das heißt, ich kann auf keinen Ordner mehr zugreifen, das Startmenü ist leer.
Die Datei heißt PIC0737830249202010.JPG.scr

Die Seite hxxp://virusscan.jotti.org hat folgendes Ergebnis geliefert: Gen:Trojan.Heur.cGW@tvCZhAn

Ich bin jetzt vollkommen planlos, sowas ist mir noch nie passiert, weil ich eigentlich sehr vorsichtig bin.

Was kann ich jetzt machen?

Liebe Grüße
Amanda

Edit: Habe eben mal den Thread etwas weiter undten zu einem ähnlichen Thema gelesen. Ich kann Malwarebytes Anti-Malware 1.46 nicht installieren, weil angeblich nicht genug System-Ressourcen zur Verfügung stehen...

Geändert von amanda_the_3 (06.06.2010 um 14:55 Uhr)

Alt 06.06.2010, 15:04   #2
amanda_the_3
 
Virus über icq:  Gen:Trojan.Heur.cGW@tvCZhAn - Standard

Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn



Mache jetzt einen OTL scan.

Ergebnis:

OTL logfile created on: 06.06.2010 15:59:47 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Amanda\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
6,00 Gb Paging File | 3,00 Gb Available in Paging File | 54,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 106,63 Gb Free Space | 47,84% Space Free | Partition Type: NTFS
Drive D: | 7,90 Gb Total Space | 0,79 Gb Free Space | 10,00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1021,00 Mb Total Space | 1016,38 Mb Free Space | 99,55% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AMANDA-PC
Current User Name: Amanda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Amanda\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Java\jre6\bin\jp2launcher.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira GmbH)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
PRC - c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International)
PRC - c:\Programme\Hewlett-Packard\IAM\Bin\asghost.exe (Bioscrypt Inc.)
PRC - C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
PRC - C:\Programme\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
PRC - c:\Programme\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
PRC - c:\Programme\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Modules (SafeList) ==========

MOD - C:\Users\Amanda\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (0095201239898690mcinstcleanup) McAfee Application Installer Cleanup (0095201239898690) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (HP ProtectTools Service) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (HpFkCryptService) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International)
SRV - (ASBroker) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.)
SRV - (ASChannel) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll (Bioscrypt Inc.)
SRV - (HPFSService) -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (accoca) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys ()
__________________


Geändert von amanda_the_3 (06.06.2010 um 15:09 Uhr)

Alt 06.06.2010, 15:09   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus über icq:  Gen:Trojan.Heur.cGW@tvCZhAn - Standard

Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn



OTL dauert nicht lange. Grob geschätzt 5 Minuten.
__________________
__________________

Alt 06.06.2010, 15:11   #4
amanda_the_3
 
Virus über icq:  Gen:Trojan.Heur.cGW@tvCZhAn - Standard

Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn



Bitte um weitere Anweisung.

LG amanda

Alt 06.06.2010, 15:15   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus über icq:  Gen:Trojan.Heur.cGW@tvCZhAn - Standard

Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn



Das Log ist unvollständig!!
Bitte pack beide Logfiles in eine ZIP-Datei und häng es hier an.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.06.2010, 15:18   #6
amanda_the_3
 
Virus über icq:  Gen:Trojan.Heur.cGW@tvCZhAn - Standard

Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn



Ich habe das Teil als eine Txt-Datei bekommen, die sich einfach geöffnet hat, und habe keine ahnung, wie ich das in eine zip-Datei rein bekomme...
Wo bekomme ich denn den zweiten logfile her?

Alt 06.06.2010, 15:24   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus über icq:  Gen:Trojan.Heur.cGW@tvCZhAn - Standard

Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn



Die OTL.txt und Extras.txt werden benötigt, die solltest Du direkt auf C: finden.
Beide Dateien markieren => Rechtsklick => Senden an ZIP komprimierter Ordner
Die dann erstellte ZIP-Datei dem nächsten Beitrag anhängen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.06.2010, 15:28   #8
amanda_the_3
 
Virus über icq:  Gen:Trojan.Heur.cGW@tvCZhAn - Standard

Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn



Ich kann auf C: nicht mehr zugreifen...

Alt 06.06.2010, 15:37   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus über icq:  Gen:Trojan.Heur.cGW@tvCZhAn - Standard

Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn



Dann klick auf Start > Ausführen und tipp ein: notepad C:\OTL.txt
DasOTL-Log müsste sich zumindest wider öffnen. Markier dann mit STRG+A den gesamten Text und poste das Log komplett!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.06.2010, 15:43   #10
amanda_the_3
 
Virus über icq:  Gen:Trojan.Heur.cGW@tvCZhAn - Standard

Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn



Anhang 7055

Anhang 7056

so, die zip-datei geht leider nicht, ich hoffe, es reichen die txt datein

Es klappt heute wirklich gar nichts...

Alt 06.06.2010, 15:52   #11
amanda_the_3
 
Virus über icq:  Gen:Trojan.Heur.cGW@tvCZhAn - Standard

Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn



Nochmal so:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.06.2010 15:59:47 - Run 1
OTL by OldTimer - Version 3.2.5.3     Folder = C:\Users\Amanda\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
6,00 Gb Paging File | 3,00 Gb Available in Paging File | 54,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 106,63 Gb Free Space | 47,84% Space Free | Partition Type: NTFS
Drive D: | 7,90 Gb Total Space | 0,79 Gb Free Space | 10,00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1021,00 Mb Total Space | 1016,38 Mb Free Space | 99,55% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: AMANDA-PC
Current User Name: Amanda
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Amanda\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Java\jre6\bin\jp2launcher.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira GmbH)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
PRC - c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International)
PRC - c:\Programme\Hewlett-Packard\IAM\Bin\asghost.exe (Bioscrypt Inc.)
PRC - C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
PRC - C:\Programme\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
PRC - c:\Programme\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
PRC - c:\Programme\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Amanda\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (0095201239898690mcinstcleanup) McAfee Application Installer Cleanup (0095201239898690) --  File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (HP ProtectTools Service) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (HpFkCryptService) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International)
SRV - (ASBroker) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.)
SRV - (ASChannel) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll (Bioscrypt Inc.)
SRV - (HPFSService) -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (accoca) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys ()
DRV - (SVKP) -- C:\Windows\System32\SVKP.sys (AntiCracking)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (Lbd) -- C:\windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (SbAlg) -- C:\Windows\System32\drivers\SbAlg.sys (SafeBoot N.V.)
DRV - (SbFsLock) -- C:\Windows\System32\drivers\SbFsLock.sys (SafeBoot International)
DRV - (RsvLock) -- C:\Windows\System32\drivers\rsvlock.sys (SafeBoot International)
DRV - (SafeBoot) -- C:\Windows\System32\drivers\SafeBoot.sys ()
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ADIHdAudAddService) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (hpdskflt) -- C:\windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (adpu320) -- C:\windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR) -- C:\windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu160m) -- C:\windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (HpCISSs) -- C:\windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_FC) -- C:\windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\windows\system32\drivers\elxstor.sys (Emulex)
DRV - (LSI_SCSI) -- C:\windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (nvraid) -- C:\windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (adp94xx) -- C:\windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (viaide) -- C:\windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ql40xx) -- C:\windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://de.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.80
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.12 11:30:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.22 18:46:32 | 000,000,000 | ---D | M]
 
[2009.04.16 17:42:32 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\mozilla\Extensions
[2010.05.28 10:55:53 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\mozilla\Firefox\Profiles\s0a9cmbq.default\extensions
[2010.05.28 10:55:44 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Amanda\AppData\Roaming\mozilla\Firefox\Profiles\s0a9cmbq.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.05.28 10:55:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Amanda\AppData\Roaming\mozilla\Firefox\Profiles\s0a9cmbq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.03 16:04:27 | 000,000,950 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\FireFox\Profiles\s0a9cmbq.default\searchplugins\icqplugin-1.xml
[2010.04.05 20:59:21 | 000,000,950 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\FireFox\Profiles\s0a9cmbq.default\searchplugins\icqplugin-2.xml
[2010.04.12 11:31:53 | 000,000,950 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\FireFox\Profiles\s0a9cmbq.default\searchplugins\icqplugin-3.xml
[2010.05.05 21:24:12 | 000,000,950 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\FireFox\Profiles\s0a9cmbq.default\searchplugins\icqplugin-4.xml
[2010.03.17 12:45:01 | 000,000,955 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\FireFox\Profiles\s0a9cmbq.default\searchplugins\icqplugin.xml
[2009.12.06 16:41:27 | 000,001,996 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\FireFox\Profiles\s0a9cmbq.default\searchplugins\suche-in-wikipedia.xml
[2010.04.22 18:46:38 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.14 16:35:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPPDLicenseHelper.dll
[2010.04.12 11:30:15 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.12 11:30:15 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.12 11:30:15 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.12 11:30:15 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.12 11:30:15 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - No CLSID value found.
O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Programme\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (no name) - {F156768E-81EF-470C-9057-481BA8380DBA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v911/Navigram.cab (Navigram Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Amanda\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Amanda\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d4fabb52-ca08-11de-9839-002186e55935}\Shell - "" = AutoRun
O33 - MountPoints2\{d4fabb52-ca08-11de-9839-002186e55935}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found
O33 - MountPoints2\{d4fabb52-ca08-11de-9839-002186e55935}\Shell\setup\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\{e5e6e7e7-7785-11de-b961-002186e55935}\Shell - "" = AutoRun
O33 - MountPoints2\{e5e6e7e7-7785-11de-b961-002186e55935}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.06 15:58:36 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Amanda\Desktop\OTL.exe
[2010.06.06 15:51:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.06 15:47:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010.06.06 15:47:51 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2010.05.26 11:50:19 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\Meerschweinchen
[2010.05.26 09:08:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2010.05.25 10:08:19 | 000,000,000 | ---D | C] -- C:\ed489c9c21f4f0ce592776a9e7cc
[2010.05.23 22:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2009.04.16 15:01:53 | 000,180,224 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2009.04.16 15:01:52 | 000,176,128 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.06 15:59:57 | 002,883,584 | -HS- | M] () -- C:\Users\Amanda\NTUSER.DAT
[2010.06.06 15:58:42 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Amanda\Desktop\OTL.exe
[2010.06.06 14:12:19 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.06 14:12:19 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.06 06:53:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010.06.01 18:51:03 | 000,000,680 | ---- | M] () -- C:\Users\Amanda\AppData\Local\d3d9caps.dat
[2010.05.31 18:55:26 | 000,000,054 | ---- | M] () -- C:\windows\System32\rp_stats.dat
[2010.05.31 18:55:26 | 000,000,039 | ---- | M] () -- C:\windows\System32\rp_rules.dat
[2010.05.31 18:55:17 | 000,000,474 | ---- | M] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2010.05.28 10:44:59 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010.05.28 10:44:15 | 2947,432,448 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.28 09:42:10 | 000,002,140 | ---- | M] () -- C:\windows\bthservsdp.dat
[2010.05.28 09:41:58 | 000,524,288 | -HS- | M] () -- C:\Users\Amanda\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010.05.28 09:41:58 | 000,065,536 | -HS- | M] () -- C:\Users\Amanda\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010.05.28 09:41:39 | 002,377,639 | -H-- | M] () -- C:\Users\Amanda\AppData\Local\IconCache.db
[2010.05.27 17:45:37 | 000,000,326 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForAmanda.job
[2010.05.12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
 
========== Files Created - No Company Name ==========
 
[2010.02.24 20:50:40 | 000,047,104 | ---- | C] () -- C:\windows\System32\KMVIDC32.DLL
[2009.11.05 14:21:07 | 000,691,696 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys
[2009.10.22 12:38:44 | 000,117,248 | ---- | C] () -- C:\windows\System32\EhStorAuthn.dll
[2009.06.03 13:21:33 | 000,017,408 | ---- | C] () -- C:\windows\System32\rpcnetp.dll
[2009.04.16 15:01:53 | 001,804,160 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2009.04.16 15:01:53 | 000,028,160 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2009.04.16 15:01:53 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2009.02.28 01:18:28 | 000,003,584 | ---- | C] () -- C:\windows\System32\wceprv.dll
[2008.07.23 15:38:17 | 000,204,800 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll
[2008.07.23 15:38:17 | 000,200,704 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll
[2008.07.23 15:38:17 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll
[2008.07.23 15:38:17 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll
[2008.07.23 15:38:17 | 000,188,416 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll
[2008.07.23 15:38:17 | 000,020,480 | ---- | C] () -- C:\windows\System32\IVIresize.dll
[2008.07.23 15:07:46 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI
[2008.05.30 18:36:58 | 000,108,752 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2008.05.21 11:38:12 | 000,159,744 | ---- | C] () -- C:\windows\System32\atitmmxx.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini
[2005.04.04 00:30:00 | 000,110,592 | ---- | C] () -- C:\windows\System32\scardsyn.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll
[1998.05.07 05:10:00 | 000,069,632 | ---- | C] () -- C:\windows\System32\ODMA32.dll
< End of report >
         
--- --- ---















OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 06.06.2010 16:21:55 - Run 1
OTL by OldTimer - Version 3.2.5.3     Folder = C:\Users\Amanda\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
6,00 Gb Paging File | 3,00 Gb Available in Paging File | 53,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 106,63 Gb Free Space | 47,84% Space Free | Partition Type: NTFS
Drive D: | 7,90 Gb Total Space | 0,79 Gb Free Space | 10,00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1021,00 Mb Total Space | 1016,38 Mb Free Space | 99,55% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: AMANDA-PC
Current User Name: Amanda
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.jse [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.pif [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.wsf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.wsh [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FB5ED61-1530-4297-86A0-6843A3E540AF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1BFA1A1D-B0C6-4DEB-9A7F-9ED32242634F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{207E302F-76FF-4BFC-977A-DE014BEF164C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2668E148-6073-4985-ADE6-4FCC058F8B6D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2AB8C25A-E1ED-4180-8560-3390A9EEA070}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{44511208-0329-4EC5-B367-5574C3138068}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{46C2894E-E496-4425-8299-65B4F3902EA1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6DD1C650-DB1E-425D-BE0F-0D37402B4155}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7A8F35FF-91BC-4D1D-BE89-085BAF77E1E6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{7D4DD2A4-E582-44C4-9CC8-6965372D9663}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8336126B-7940-4317-A05D-31825DEBB22A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{93688B8B-0D98-4E67-AB1B-61CFEB1D67AE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9C93ABF5-5D8B-43A1-BED9-4C6F9D773B4D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A87B9D60-E027-4D08-BA9F-22986310D585}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BF85BCEA-6DDB-4EFB-9692-5FA15CBD0482}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C0C05712-0820-4AEF-B4B2-2D4AD2222DD1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D65C45C0-F1E1-416A-BFF2-BD4005C0B880}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{DC92C7FF-09B3-4D48-BF1B-DD1AD8883079}" = rport=445 | protocol=6 | dir=out | app=system | 
"{EB68D4CF-FC6D-43EE-AE2E-8296405BCD42}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EC07229E-0D24-40DA-AF20-F8F09840FE3D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F5450EB1-C1E1-442D-B047-A4F3094E2A57}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{019BCCEE-B0A6-43A6-A8C4-5266C3A30193}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0B0F32B9-566F-4B00-BF0A-1E8F040EDD8E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{1AD35ED0-A4B0-4B03-A914-2724B25DF6C5}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{1BD696C1-FA30-4314-B631-D5EDCFB08477}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{22B84974-1EBE-47BF-89A0-BCEE41F4EE2B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{3959E5C4-93D5-4FE1-806F-3AAE73A1CD55}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{47515DC5-40E3-4C75-979B-4DD18926717B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{62ED8F0B-D4BB-47C9-96F9-B60F70930ABB}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{63B08FCB-497E-43AD-A734-69F2491F1E71}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{73A82066-F7E7-4F77-9903-8834AE14ACF5}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{80D9562D-E161-45A8-835B-E546DECCB1A4}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{90CA9CB9-F0C9-4BD2-8F55-FB8DB136B208}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9FC76D00-3F99-45CE-BFEB-957F4D60E00C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D6AF44FA-74F3-4C4B-B044-E2E0AD036954}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E3366F78-2071-4CE2-9166-03467CF9BE8B}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"TCP Query User{0992A499-F3CA-48CF-AF74-77D92526F9E6}C:\program files\steam\steamapps\mehrtuerer@farcryhq.com\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mehrtuerer@farcryhq.com\team fortress 2\hl2.exe | 
"TCP Query User{414F725F-A982-409E-803D-910EBBBD6180}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{48A4F89D-3B74-4320-9075-E75C7579EEBD}C:\program files\steam\steamapps\mehrtuerer@farcryhq.com\half-life\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mehrtuerer@farcryhq.com\half-life\hl.exe | 
"TCP Query User{4EA86154-E6B7-45DC-BA5A-31C2A24CDB9E}C:\program files\steam\steamapps\mehrtuerer@farcryhq.com\opposing force\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mehrtuerer@farcryhq.com\opposing force\hl.exe | 
"TCP Query User{626DF298-EB9D-4DCD-A0F2-8EBECD006AF0}C:\program files\java\jre1.6.0_06\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\java.exe | 
"TCP Query User{839A5E70-D6C6-45A8-8A16-76EF80718DC8}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe | 
"TCP Query User{9AA8787F-AB68-4FD4-80B4-32F1A5CCDDBC}C:\program files\surfmusik 3.1\surfmusik.exe" = protocol=6 | dir=in | app=c:\program files\surfmusik 3.1\surfmusik.exe | 
"TCP Query User{B420E171-A468-4E71-8DCC-60A891A3DFBD}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe | 
"TCP Query User{F853BB57-F280-4F8E-BEDB-00BA08C78031}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe | 
"UDP Query User{07EA5787-E37F-4D4C-9DAF-C2386CB719F3}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe | 
"UDP Query User{21DB01A9-5043-4CED-AC45-B05C401081B4}C:\program files\surfmusik 3.1\surfmusik.exe" = protocol=17 | dir=in | app=c:\program files\surfmusik 3.1\surfmusik.exe | 
"UDP Query User{231C54D6-EB00-4134-B7C7-4E9DFF7C85CD}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe | 
"UDP Query User{5FC8C5CE-4929-4D51-A40E-12137EBD82D1}C:\program files\steam\steamapps\mehrtuerer@farcryhq.com\half-life\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mehrtuerer@farcryhq.com\half-life\hl.exe | 
"UDP Query User{7A8290F5-50A2-4770-96C5-32B021DFD0C7}C:\program files\java\jre1.6.0_06\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\java.exe | 
"UDP Query User{A0BC9741-788E-4617-828A-EFD9A616A582}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe | 
"UDP Query User{A4B76C91-591A-422C-AB0D-F30FB5868A99}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{AF70D0F2-2585-423E-9356-9DC77F214FE4}C:\program files\steam\steamapps\mehrtuerer@farcryhq.com\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mehrtuerer@farcryhq.com\team fortress 2\hl2.exe | 
"UDP Query User{FA9F8FDC-6731-49CE-A7CA-25C2D431943F}C:\program files\steam\steamapps\mehrtuerer@farcryhq.com\opposing force\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mehrtuerer@farcryhq.com\opposing force\hl.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3600_series" = Canon iP3600 series Printer Driver
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{27AB9B63-70B4-3444-7FE7-EAAF837286B6}" = Catalyst Control Center Localization Turkish
"{2ACA66D0-7C67-4235-90B5-7AB382FF8633}" = HP 3D DriveGuard
"{2B01122D-645A-7A29-5F98-025F3F920EEE}" = CCC Help Thai
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2E8A56E1-8421-623F-7D27-5B0D64052D35}" = CCC Help Swedish
"{3032FE9D-1EF0-2B28-E28F-D14123A54091}" = CCC Help Norwegian
"{30BF4E6C-D866-46F7-A4F6-81A45E97706E}" = Catalyst Control Center - Branding
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{32D95F2D-17A3-9457-667D-DC603227295F}" = ATI Catalyst Install Manager
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 E1
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{3FE45683-E0A6-8887-BA46-93846D76A571}" = Catalyst Control Center Localization Japanese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B8CE04B-567D-A6D1-C8C3-55151585051A}" = Catalyst Control Center Localization Hungarian
"{4BBB1697-A0C0-C00D-CC3B-2A3D8D7ED8E1}" = CCC Help Czech
"{4BDBFEB0-784B-8FBB-E323-17F4B8C3450D}" = Catalyst Control Center Core Implementation
"{4DEB1738-EE2D-9415-B1F3-99FE75519BB8}" = Catalyst Control Center Localization Norwegian
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{5FEB063B-B9A0-7677-8D4B-5DE1397BBC7F}" = Catalyst Control Center Localization Swedish
"{6079977A-C216-0ED5-7E82-5E94A7683EB1}" = Catalyst Control Center Localization Chinese Traditional
"{609C59C0-2920-B88F-AC4E-8434CEEA093F}" = CCC Help Chinese Standard
"{62A07DAC-EE36-7C2D-28D4-18A4B8F55EC9}" = Catalyst Control Center Localization Greek
"{6716796A-DD6E-8B10-AF22-D30ECB25C682}" = CCC Help Portuguese
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{6F854740-01D1-46A4-C809-D73B14F9FAA2}" = ccc-utility
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{8253DB6F-C883-93A4-435F-9526DC07C17F}" = CCC Help Italian
"{8BB128BE-2670-485D-A221-B00715BCEBCF}" = HP Easy Setup - Frontend
"{8EC7AB5C-7128-B1CD-CA1D-74190D31313E}" = Catalyst Control Center Localization Chinese Standard
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{938DB54D-B302-4594-A782-32219F1734AB}" = Canon Camera WIA Driver
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{BBF10B37-4ED3-11D5-A818-00500435FC18}" = Gothic
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"7-Zip" = 7-Zip 4.65
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Dorgem_is1" = Dorgem 2.1.0
"DVD Flick_is1" = DVD Flick 1.3.0.7
"Gothic II" = Gothic II
"InstallShield_{938DB54D-B302-4594-A782-32219F1734AB}" = Canon PowerShot S45 WIA-Treiber
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Steam App 220" = Half-Life 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"SurfMusik 3.1a_is1" = SurfMusik 3.1a
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Sweet Home 3D" = Sweet Home 3D
"uTorrent" = µTorrent
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.06.2010 10:01:44 | Computer Name = Amanda-PC | Source = Windows Search Service | ID = 3100
Description = 
 
Error - 06.06.2010 10:03:42 | Computer Name = Amanda-PC | Source = Windows Search Service | ID = 3100
Description = 
 
Error - 06.06.2010 10:03:51 | Computer Name = Amanda-PC | Source = Windows Search Service | ID = 3083
Description = 
 
Error - 06.06.2010 10:03:52 | Computer Name = Amanda-PC | Source = Windows Search Service | ID = 3100
Description = 
 
Error - 06.06.2010 10:05:52 | Computer Name = Amanda-PC | Source = Windows Search Service | ID = 3100
Description = 
 
Error - 06.06.2010 10:07:51 | Computer Name = Amanda-PC | Source = Windows Search Service | ID = 3100
Description = 
 
Error - 06.06.2010 10:08:11 | Computer Name = Amanda-PC | Source = Windows Search Service | ID = 3083
Description = 
 
Error - 06.06.2010 10:08:14 | Computer Name = Amanda-PC | Source = Windows Search Service | ID = 3100
Description = 
 
Error - 06.06.2010 10:10:12 | Computer Name = Amanda-PC | Source = Windows Search Service | ID = 3100
Description = 
 
Error - 06.06.2010 10:12:12 | Computer Name = Amanda-PC | Source = Windows Search Service | ID = 3100
Description = 
 
[ Credential Manager Events ]
Error - 13.06.2009 07:03:23 | Computer Name = Amanda-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   Benutzer:
 Amanda@Amanda-PC   Client-GUID: {Password}   Fehler: 0xC516020B   Client-Host: localhost

Client-Adresse:
 127.0.0.1   Authentifizierungsstelle: HP   Server-Host: localhost   Protokoll: HTTP
 
Error - 13.06.2009 07:03:23 | Computer Name = Amanda-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Amanda@Amanda-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 28.06.2009 05:34:33 | Computer Name = Amanda-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   Benutzer:
 Amanda@Amanda-PC   Client-GUID: {Password}   Fehler: 0xC516020B   Client-Host: localhost

Client-Adresse:
 127.0.0.1   Authentifizierungsstelle: HP   Server-Host: localhost   Protokoll: HTTP
 
Error - 28.06.2009 05:34:33 | Computer Name = Amanda-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Amanda@Amanda-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 29.06.2009 10:28:27 | Computer Name = Amanda-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   Benutzer:
 Amanda@Amanda-PC   Client-GUID: {Password}   Fehler: 0xC516020B   Client-Host: localhost

Client-Adresse:
 127.0.0.1   Authentifizierungsstelle: HP   Server-Host: localhost   Protokoll: HTTP
 
Error - 29.06.2009 10:28:27 | Computer Name = Amanda-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Amanda@Amanda-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 03.07.2009 13:44:21 | Computer Name = Amanda-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Amanda@Amanda-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 03.07.2009 13:44:21 | Computer Name = Amanda-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   Benutzer:
 Amanda@Amanda-PC   Client-GUID: {Password}   Fehler: 0xC516020B   Client-Host: localhost

Client-Adresse:
 127.0.0.1   Authentifizierungsstelle: HP   Server-Host: localhost   Protokoll: HTTP
 
Error - 08.07.2009 13:48:41 | Computer Name = Amanda-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   Benutzer:
 Amanda@Amanda-PC   Client-GUID: {Password}   Fehler: 0xC516020B   Client-Host: localhost

Client-Adresse:
 127.0.0.1   Authentifizierungsstelle: HP   Server-Host: localhost   Protokoll: HTTP
 
Error - 08.07.2009 13:48:41 | Computer Name = Amanda-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Amanda@Amanda-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
[ OSession Events ]
Error - 23.08.2009 15:46:33 | Computer Name = Amanda-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 47
 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---

Alt 06.06.2010, 16:24   #12
amanda_the_3
 
Virus über icq:  Gen:Trojan.Heur.cGW@tvCZhAn - Standard

Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn



Arne, lass mich jetzt nicht im Stich...

Meinst du, man kann da noch was retten oder sollte ich lieber direkt alles platt machen?

Alt 06.06.2010, 19:33   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus über icq:  Gen:Trojan.Heur.cGW@tvCZhAn - Standard

Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O33 - MountPoints2\{d4fabb52-ca08-11de-9839-002186e55935}\Shell - "" = AutoRun
O33 - MountPoints2\{d4fabb52-ca08-11de-9839-002186e55935}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found
O33 - MountPoints2\{d4fabb52-ca08-11de-9839-002186e55935}\Shell\setup\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\{e5e6e7e7-7785-11de-b961-002186e55935}\Shell - "" = AutoRun
O33 - MountPoints2\{e5e6e7e7-7785-11de-b961-002186e55935}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found
[2010.02.24 20:50:40 | 000,047,104 | ---- | C] () -- C:\windows\System32\KMVIDC32.DLL
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.06.2010, 20:46   #14
amanda_the_3
 
Virus über icq:  Gen:Trojan.Heur.cGW@tvCZhAn - Standard

Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn



All processes killed
Error: Unable to interpret <[emptytemp]> in the current context!

OTL by OldTimer - Version 3.2.5.3 log created on 06072010_181731

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Alt 07.06.2010, 21:36   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus über icq:  Gen:Trojan.Heur.cGW@tvCZhAn - Standard

Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn



Funktioniert Malwarebytes jetzt?
Wenn nicht mit dieser Methode? => http://www.trojaner-board.de/82699-m...tet-nicht.html
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn
antivir, antivirenprogramm, avira, avira antivir, bereits, bild, bilddatei, ergebnis, folge, folgendes, freundin, geliefert, gen, gesuch, gesucht, icq, link, neu, personal, programm, schicken, seite, tan, troja, virus, windows-explorer, windowsvista, zugreifen




Ähnliche Themen: Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn


  1. Zlob Trojan-Downloader & Gen:Trojan.Heur.mu!@YoPlN
    Plagegeister aller Art und deren Bekämpfung - 30.08.2014 (11)
  2. ZoneArlarm scan ergab u.a. HEUR:Trojan.Win32.Generic , Trojan.Win32.Agent.aeqtk
    Log-Analyse und Auswertung - 11.02.2014 (9)
  3. [Win XP] botnet: ntp-muliplier; desinfect: Trojan.Script.Iframer, Trojan.Heur.TP, Win.Trojan.Iniduoh, Win.Trojan.Ramnit
    Log-Analyse und Auswertung - 08.02.2014 (16)
  4. Trojan.Heur.FU & Trojan.Heur.AutoIT.1 & Banker.d Worm
    Plagegeister aller Art und deren Bekämpfung - 07.01.2014 (34)
  5. Desinfizierung durch Kaspersky nicht möglich: Trojan.Win32.Bromngr.k, HEUR:Trojan.Win32.Generic, Trojan-Downloader.Win32.MultiDL.I
    Plagegeister aller Art und deren Bekämpfung - 28.11.2013 (1)
  6. Windows7:Kapersky findet HEUR:Trojan.Win32.generic und Trojan.Downloader.Win32MultiDL (Arbeitspc!)
    Log-Analyse und Auswertung - 15.11.2013 (9)
  7. Gen:Trojan.Heur.LP.sz4aaqOrUbbi und Win32.Trojan.Agent.000000
    Plagegeister aller Art und deren Bekämpfung - 18.05.2013 (4)
  8. Trojan.Heur.JP.eu
    Plagegeister aller Art und deren Bekämpfung - 23.09.2012 (1)
  9. Gen:Trojan.Heur...@... ...
    Log-Analyse und Auswertung - 03.09.2012 (3)
  10. Trojan.Heur - Was tun?
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (5)
  11. Virus Heur: Trojan- Downloader.Script.Generic
    Mülltonne - 28.07.2011 (3)
  12. Gen: Trojan.Heur.GM.01E0000002 und Trojan.Generic.4033639 von BitDefender Internet Security 2011 gef
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (1)
  13. gen.trojan.heur!ik exploit.java.agent!ik trojan.bat.drive by!ik....
    Plagegeister aller Art und deren Bekämpfung - 24.02.2011 (3)
  14. Entfernung Trojan.Heur.Vundo.cu4@d4CKyXk sowie Trojan.Tdss.153
    Plagegeister aller Art und deren Bekämpfung - 17.01.2010 (1)
  15. Trojaner "Gen:Trojan.Heur.Vundo.cy4@diPE2Jd" & "Gen:Trojan.Heur.Vundo.by4@dCgCSGe"
    Plagegeister aller Art und deren Bekämpfung - 28.12.2009 (28)
  16. Virus HEUR Trojan Script.Ifra
    Plagegeister aller Art und deren Bekämpfung - 30.09.2009 (2)
  17. Gen:Trojan.Heur. VIRUS Bitte um Hilfe/Entfernungstips, etc.
    Plagegeister aller Art und deren Bekämpfung - 22.07.2009 (1)

Zum Thema Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn - Hallo, ich bin neu, hab gesucht, aber noch nicht das richtige gefunden: Erstmal, ich habe WindowsVista und benutze Avira AntiVir Personal als Antivirenprogramm, die spontan eingeleitete Suchaktion von diesem Programm - Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn...
Archiv
Du betrachtest: Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.