| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Autorun.inf entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.07.2010, 20:22
| #1 |
 |  Autorun.inf entfernen Ich habe heute mein Antivirenprogramm AVG durchlaufen lassen und habe die Nachricht bekommen, dass ich einen Befund habe, einen Trojaner oder einen Wurm namens Autorun.inf. Ich hatte zu selben Zeit auch ein USB Stick angeschlossen. Den USB Stick habe ich neu formatiert und auch die Datei vom Antivirenprogramm löschen lassen, aber ich finde immer noch Autorun.inf Dateien in C:/Swsetup. Ich habe mich auch in anderen Foren über diesen Infekt informiert, aber mir wurde nicht ganz klar, ob ich einfach das machen kann, was anderen empfohlen wurde oder ob sich der Virus nicht auch bei jedem anders auswirkt und verschiedene Teile des Laptops befallen kann. Kann mir bitte jemand helfen den Virus zu entfernen? Mein Betriebssystem ist Windows Vista Basic 32bit (ich weiß nicht ob das überhaupt ne Rolle spielt). Vielen Dank! |
|
24.07.2010, 00:40
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Autorun.inf entfernen Deaktiviere erstmal in der Systemsteuerung die automatische Wiedergabe für alle Laufwerke.
__________________Danach steckst Du den betroffenen USB-Stick an und impfst ihn mit dem FlashDisinfector => Flash Disinfector – free autorun.inf trojans removal tool | My Anti Spyware Anschießend bitte nen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Vorerst letzter Schritt OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
24.07.2010, 10:30
| #3 | ||
| | Autorun.inf entfernenZitat:
Zitat:
Geändert von Anney (24.07.2010 um 10:39 Uhr) |
|
25.07.2010, 11:35
| #4 |
| | Autorun.inf entfernen Okay, ich hab das Malware anti-Virus jetzt einfach so durchlaufen lassen: Malwarebytes' Anti-Malware 1.46 Malwarebytes Datenbank Version: 4345 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18928 25.07.2010 12:01:31 mbam-log-2010-07-25 (12-01-31).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|) Durchsuchte Objekte: 307396 Laufzeit: 3 Stunde(n), 2 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
25.07.2010, 11:38
| #5 |
| | Autorun.inf entfernen Beim OTL Scan habe ich folgende Berichte erhalten: OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.07.2010 12:21:01 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Anna\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 62,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 139,05 Gb Total Space | 98,36 Gb Free Space | 70,74% Space Free | Partition Type: NTFS Drive D: | 7,91 Gb Total Space | 0,79 Gb Free Space | 10,00% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 1020,00 Mb Total Space | 1011,29 Mb Free Space | 99,15% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PC-** Current User Name: Anna Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Anna\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft Security Essentials\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Internet Explorer\ielowutil.exe (Microsoft Corporation) PRC - c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International) PRC - c:\Programme\Hewlett-Packard\IAM\Bin\asghost.exe (Bioscrypt Inc.) PRC - C:\Programme\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\PDF Complete\pdfsvc.exe (PDF Complete Inc) PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) PRC - C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.) PRC - C:\Windows\System32\spool\drivers\w32x86\3\CNAB8SWK.EXE (CANON INC.) PRC - C:\Windows\System32\spool\drivers\w32x86\3\CNAP2RPK.EXE (CANON INC.) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) PRC - C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE (CANON INC.) PRC - c:\Programme\ActivIdentity\ActivClient\accoca.exe (ActivIdentity) PRC - c:\Programme\ActivIdentity\ActivClient\acevents.exe (ActivIdentity) PRC - C:\Programme\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Modules (SafeList) ========== MOD - C:\Users\Anna\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (myAgtSvc) -- File not found SRV - (EngineServer) -- File not found SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (getPlus(R) Helper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.) SRV - (HP ProtectTools Service) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P) SRV - (HpFkCryptService) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International) SRV - (ASBroker) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.) SRV - (ASChannel) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll (Bioscrypt Inc.) SRV - (HPFSService) -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard) SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (accoca) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity) SRV - (usnjsvc) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation) SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\windows\System32\DRIVERS\ipinip.sys File not found DRV - (AvgTdiX) -- C:\windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgLdx86) -- C:\windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (MpFilter) -- C:\Windows\System32\drivers\MpFilter.sys (Microsoft Corporation) DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (SbAlg) -- C:\windows\System32\drivers\SbAlg.sys (SafeBoot N.V.) DRV - (SbFsLock) -- C:\windows\System32\drivers\SbFsLock.sys (SafeBoot International) DRV - (RsvLock) -- C:\windows\System32\drivers\rsvlock.sys (SafeBoot International) DRV - (SafeBoot) -- C:\windows\System32\drivers\SafeBoot.sys () DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (mfetdik) -- C:\Windows\System32\drivers\mfetdik.sys (McAfee, Inc.) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) DRV - (ADIHdAudAddService) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (hpdskflt) -- C:\windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation) DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (adpu320) -- C:\windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (MegaSR) -- C:\windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu160m) -- C:\windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (HpCISSs) -- C:\windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_FC) -- C:\windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\windows\system32\drivers\elxstor.sys (Emulex) DRV - (LSI_SCSI) -- C:\windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (nvraid) -- C:\windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (adp94xx) -- C:\windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (viaide) -- C:\windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (ql40xx) -- C:\windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = QIP.RU: ?????, ?????, ???????, ??????????, ??????, ???? ? ??????????? IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = QIP: ????? ? ????????? IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = QIP: ????? ? ????????? IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = QIP: ????? ? ????????? IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Programme\Internet Explorer\qipsearchbar.dll (qip.ru) IE - HKCU\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Playdom Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2464976&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845 FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: {69d1a568-ffdf-4ef5-8919-7003582e0ee8}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=" FF - prefs.js..network.proxy.autoconfig_url: "hxxp://www.myvideo.de/watch/7571052/Folge_13_Jorge_flippt_aus_Germanys_next_Topmodel_GNTM_GNT" FF - prefs.js..network.proxy.backup.ftp: "192.109.135.142" FF - prefs.js..network.proxy.backup.ftp_port: 80 FF - prefs.js..network.proxy.backup.gopher: "192.109.135.142" FF - prefs.js..network.proxy.backup.gopher_port: 80 FF - prefs.js..network.proxy.backup.socks: "192.109.135.142" FF - prefs.js..network.proxy.backup.socks_port: 80 FF - prefs.js..network.proxy.backup.ssl: "192.109.135.142" FF - prefs.js..network.proxy.backup.ssl_port: 80 FF - prefs.js..network.proxy.ftp: "89.248.172.146" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.gopher: "89.248.172.146" FF - prefs.js..network.proxy.gopher_port: 3128 FF - prefs.js..network.proxy.http: "89.248.172.146" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "89.248.172.146" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "89.248.172.146" FF - prefs.js..network.proxy.ssl_port: 3128 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010.07.21 08:39:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010.05.25 13:18:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.24 23:45:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.24 23:45:21 | 000,000,000 | ---D | M] [2009.05.21 08:09:38 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\mozilla\Extensions [2010.07.25 11:24:28 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\2vwcq99q.default\extensions [2010.04.27 19:40:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\2vwcq99q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.27 19:40:51 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\2vwcq99q.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.04.02 14:58:32 | 000,000,000 | ---D | M] (Playdom Toolbar) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\2vwcq99q.default\extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8} [2010.04.05 11:39:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\2vwcq99q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.03.24 16:12:16 | 000,000,917 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\FireFox\Profiles\2vwcq99q.default\searchplugins\conduit.xml [2010.07.20 08:59:24 | 000,000,950 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\FireFox\Profiles\2vwcq99q.default\searchplugins\icqplugin-1.xml [2010.07.22 08:55:55 | 000,000,950 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\FireFox\Profiles\2vwcq99q.default\searchplugins\icqplugin-2.xml [2010.07.24 23:46:15 | 000,000,950 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\FireFox\Profiles\2vwcq99q.default\searchplugins\icqplugin-3.xml [2010.04.05 11:39:30 | 000,000,168 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\FireFox\Profiles\2vwcq99q.default\searchplugins\icqplugin.gif [2010.04.05 11:39:30 | 000,000,618 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\FireFox\Profiles\2vwcq99q.default\searchplugins\icqplugin.src [2010.06.26 17:38:36 | 000,000,947 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\FireFox\Profiles\2vwcq99q.default\searchplugins\icqplugin.xml [2009.07.27 20:43:45 | 000,002,061 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\FireFox\Profiles\2vwcq99q.default\searchplugins\qipsearch.xml [2010.07.10 08:58:18 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.05.16 13:26:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.04.14 10:23:50 | 000,300,408 | ---- | M] (Musicnotes, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npmusicn.dll [2010.03.14 13:05:02 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.14 13:05:02 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.14 13:05:02 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.14 13:05:03 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.14 13:05:03 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Programme\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - Reg Error: Value error. File not found O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll () O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Programme\Internet Explorer\qipsearchbar.dll (qip.ru) O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - Reg Error: Value error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - Reg Error: Value error. File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CNAP2 Launcher] C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE (CANON INC.) O4 - HKLM..\Run: [CognizanceTS] c:\Programme\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.) O4 - HKLM..\Run: [File Sanitizer] C:\Programme\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WatchDog] C:\Programme\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - Reg Error: Value error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img21.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img21.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.25 09:08:01 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe [2010.07.24 11:39:23 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Malwarebytes [2010.07.24 11:38:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2010.07.24 11:38:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2010.07.24 11:38:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.07.24 11:38:55 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.07.21 11:03:47 | 000,000,000 | ---D | C] -- C:\Users\Anna\Desktop\Anmeldung ICC [2010.07.16 21:09:09 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\avgrsstx.dll [2010.07.15 18:22:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.07.15 18:21:45 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\HpUpdate [2010.07.14 18:17:56 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Essentials [2010.07.13 18:09:31 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\dvdcss [2010.07.08 10:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon [2010.07.08 10:57:06 | 000,217,088 | ---- | C] (CANON INC.) -- C:\windows\System32\CNAP2LMK.DLL [2010.07.08 10:57:03 | 000,385,024 | ---- | C] (CANON INC.) -- C:\windows\System32\CNAB8EMK.DLL [2010.07.08 10:56:49 | 000,000,000 | ---D | C] -- C:\Programme\Canon [2010.06.28 15:02:58 | 000,000,000 | ---D | C] -- C:\Programme\Eusing Free Registry Cleaner [2009.01.16 19:37:36 | 000,180,224 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll [2009.01.16 19:37:35 | 000,176,128 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.07.25 12:23:38 | 002,359,296 | -HS- | M] () -- C:\Users\Anna\ntuser.dat [2010.07.25 12:20:19 | 000,000,416 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{4DCD1850-20F2-4073-9DE7-718395FF870A}.job [2010.07.25 12:16:33 | 000,000,000 | ---- | M] () -- C:\Users\Anna\AppData\Local\prvlcl.dat [2010.07.25 10:51:29 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.25 10:51:29 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.25 09:08:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe [2010.07.25 08:51:25 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2010.07.25 00:28:30 | 002,460,521 | -H-- | M] () -- C:\Users\Anna\AppData\Local\IconCache.db [2010.07.24 23:50:51 | 062,455,073 | ---- | M] () -- C:\windows\System32\drivers\Avg\incavi.avm [2010.07.24 23:41:56 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT [2010.07.24 23:41:20 | 1875,763,200 | -HS- | M] () -- C:\hiberfil.sys [2010.07.24 20:48:05 | 000,524,288 | -HS- | M] () -- C:\Users\Anna\ntuser.dat{a6c20341-82a4-11df-87c1-002186d89243}.TMContainer00000000000000000001.regtrans-ms [2010.07.24 20:48:05 | 000,065,536 | -HS- | M] () -- C:\Users\Anna\ntuser.dat{a6c20341-82a4-11df-87c1-002186d89243}.TM.blf [2010.07.24 11:39:05 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.24 11:18:13 | 000,132,597 | ---- | M] () -- C:\Users\Anna\Desktop\Flash_Disinfector.exe [2010.07.23 21:19:18 | 001,488,384 | ---- | M] () -- C:\Users\Anna\Desktop\Oriantation_Sprachtest_englisch.ppt [2010.07.23 13:19:48 | 001,672,942 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI [2010.07.23 13:19:48 | 000,718,042 | ---- | M] () -- C:\windows\System32\perfh007.dat [2010.07.23 13:19:48 | 000,658,164 | ---- | M] () -- C:\windows\System32\perfh009.dat [2010.07.23 13:19:48 | 000,167,308 | ---- | M] () -- C:\windows\System32\perfc007.dat [2010.07.23 13:19:48 | 000,133,620 | ---- | M] () -- C:\windows\System32\perfc009.dat [2010.07.21 10:48:23 | 000,098,816 | ---- | M] () -- C:\Users\Anna\Desktop\OM-Mne Finances 10.xls [2010.07.18 14:40:28 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2010.07.16 21:09:36 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgtdix.sys [2010.07.16 21:09:09 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\avgrsstx.dll [2010.07.16 21:07:24 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgldx86.sys [2010.07.15 22:59:55 | 000,008,690 | ---- | M] () -- C:\Users\Anna\Desktop\fehler.odt [2010.07.14 18:17:59 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.07.14 16:22:39 | 000,279,251 | R--- | M] () -- C:\Users\Anna\Desktop\ielts_application_form.pdf [2010.07.04 18:03:44 | 000,010,292 | ---- | M] () -- C:\Users\Anna\.recently-used.xbel [2010.06.28 16:25:00 | 000,524,288 | -HS- | M] () -- C:\Users\Anna\ntuser.dat{a6c20341-82a4-11df-87c1-002186d89243}.TMContainer00000000000000000002.regtrans-ms [2010.06.28 14:25:16 | 000,524,288 | -HS- | M] () -- C:\Users\Anna\ntuser.dat{11adf871-16e1-11de-88dc-002186d89243}.TMContainer00000000000000000001.regtrans-ms [2010.06.28 14:25:16 | 000,065,536 | -HS- | M] () -- C:\Users\Anna\ntuser.dat{11adf871-16e1-11de-88dc-002186d89243}.TM.blf [2010.06.28 12:32:35 | 000,008,131 | ---- | M] () -- C:\Users\Anna\as.reg [2010.06.27 19:36:06 | 000,013,442 | ---- | M] () -- C:\Users\Anna\Desktop\Lieder.odt [2010.06.27 18:18:16 | 001,212,454 | ---- | M] () -- C:\Users\Anna\Desktop\Rundbrief september10.odt [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.24 11:39:05 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.24 11:13:08 | 000,132,597 | ---- | C] () -- C:\Users\Anna\Desktop\Flash_Disinfector.exe [2010.07.23 21:19:17 | 001,488,384 | ---- | C] () -- C:\Users\Anna\Desktop\Oriantation_Sprachtest_englisch.ppt [2010.07.15 22:59:51 | 000,008,690 | ---- | C] () -- C:\Users\Anna\Desktop\fehler.odt [2010.07.14 18:17:59 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.07.14 16:22:42 | 000,279,251 | R--- | C] () -- C:\Users\Anna\Desktop\ielts_application_form.pdf [2010.07.04 18:03:44 | 000,010,292 | ---- | C] () -- C:\Users\Anna\.recently-used.xbel [2010.07.02 21:06:04 | 000,098,816 | ---- | C] () -- C:\Users\Anna\Desktop\OM-Mne Finances 10.xls [2010.06.28 22:01:59 | 1875,763,200 | -HS- | C] () -- C:\hiberfil.sys [2010.06.28 14:29:19 | 000,524,288 | -HS- | C] () -- C:\Users\Anna\ntuser.dat{a6c20341-82a4-11df-87c1-002186d89243}.TMContainer00000000000000000002.regtrans-ms [2010.06.28 14:29:19 | 000,524,288 | -HS- | C] () -- C:\Users\Anna\ntuser.dat{a6c20341-82a4-11df-87c1-002186d89243}.TMContainer00000000000000000001.regtrans-ms [2010.06.28 14:29:19 | 000,065,536 | -HS- | C] () -- C:\Users\Anna\ntuser.dat{a6c20341-82a4-11df-87c1-002186d89243}.TM.blf [2010.06.28 12:32:35 | 000,008,131 | ---- | C] () -- C:\Users\Anna\as.reg [2009.09.12 03:47:23 | 000,117,248 | ---- | C] () -- C:\windows\System32\EhStorAuthn.dll [2009.05.21 12:20:30 | 000,017,408 | ---- | C] () -- C:\windows\System32\rpcnetp.dll [2009.04.09 23:01:00 | 000,000,041 | ---- | C] () -- C:\windows\SIERRA.INI [2009.03.01 10:22:06 | 000,000,103 | ---- | C] () -- C:\windows\System32\hptrace.ini [2009.03.01 10:21:26 | 000,014,683 | ---- | C] () -- C:\windows\hplj1010.ini [2009.01.16 19:37:35 | 001,804,160 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys [2009.01.16 19:37:35 | 000,028,160 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys [2009.01.16 19:37:35 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini [2008.07.23 15:38:17 | 000,204,800 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll [2008.07.23 15:38:17 | 000,200,704 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll [2008.07.23 15:38:17 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll [2008.07.23 15:38:17 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll [2008.07.23 15:38:17 | 000,188,416 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll [2008.07.23 15:38:17 | 000,020,480 | ---- | C] () -- C:\windows\System32\IVIresize.dll [2008.07.23 15:07:46 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI [2008.05.30 18:36:58 | 000,108,752 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys [2008.05.21 11:38:12 | 000,159,744 | ---- | C] () -- C:\windows\System32\atitmmxx.dll [2007.11.15 03:24:14 | 000,003,584 | ---- | C] () -- C:\windows\System32\wceprv.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini [2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\windows\System32\WdfCoInstaller01000.dll [2005.04.04 00:30:00 | 000,110,592 | ---- | C] () -- C:\windows\System32\scardsyn.dll [2003.07.14 17:10:57 | 000,094,274 | ---- | C] () -- C:\windows\System32\HPBHEALR.DLL [2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll [1998.05.07 05:10:00 | 000,069,632 | ---- | C] () -- C:\windows\System32\ODMA32.dll < End of report > |
|
25.07.2010, 11:47
| #6 |
| | Autorun.inf entfernen OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.07.2010 12:21:01 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Anna\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 62,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 139,05 Gb Total Space | 98,36 Gb Free Space | 70,74% Space Free | Partition Type: NTFS Drive D: | 7,91 Gb Total Space | 0,79 Gb Free Space | 10,00% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 1020,00 Mb Total Space | 1011,29 Mb Free Space | 99,15% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PC-*** Current User Name: Anna Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Anna\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft Security Essentials\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Internet Explorer\ielowutil.exe (Microsoft Corporation) PRC - c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International) PRC - c:\Programme\Hewlett-Packard\IAM\Bin\asghost.exe (Bioscrypt Inc.) PRC - C:\Programme\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\PDF Complete\pdfsvc.exe (PDF Complete Inc) PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) PRC - C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.) PRC - C:\Windows\System32\spool\drivers\w32x86\3\CNAB8SWK.EXE (CANON INC.) PRC - C:\Windows\System32\spool\drivers\w32x86\3\CNAP2RPK.EXE (CANON INC.) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) PRC - C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE (CANON INC.) PRC - c:\Programme\ActivIdentity\ActivClient\accoca.exe (ActivIdentity) PRC - c:\Programme\ActivIdentity\ActivClient\acevents.exe (ActivIdentity) PRC - C:\Programme\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Modules (SafeList) ========== MOD - C:\Users\Anna\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (myAgtSvc) -- File not found SRV - (EngineServer) -- File not found SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (getPlus(R) Helper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.) SRV - (HP ProtectTools Service) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P) SRV - (HpFkCryptService) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International) SRV - (ASBroker) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.) SRV - (ASChannel) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll (Bioscrypt Inc.) SRV - (HPFSService) -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard) SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (accoca) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity) SRV - (usnjsvc) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation) SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\windows\System32\DRIVERS\ipinip.sys File not found DRV - (AvgTdiX) -- C:\windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgLdx86) -- C:\windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (MpFilter) -- C:\Windows\System32\drivers\MpFilter.sys (Microsoft Corporation) DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (SbAlg) -- C:\windows\System32\drivers\SbAlg.sys (SafeBoot N.V.) DRV - (SbFsLock) -- C:\windows\System32\drivers\SbFsLock.sys (SafeBoot International) DRV - (RsvLock) -- C:\windows\System32\drivers\rsvlock.sys (SafeBoot International) DRV - (SafeBoot) -- C:\windows\System32\drivers\SafeBoot.sys () DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (mfetdik) -- C:\Windows\System32\drivers\mfetdik.sys (McAfee, Inc.) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) DRV - (ADIHdAudAddService) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (hpdskflt) -- C:\windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation) DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (adpu320) -- C:\windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (MegaSR) -- C:\windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu160m) -- C:\windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (HpCISSs) -- C:\windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_FC) -- C:\windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\windows\system32\drivers\elxstor.sys (Emulex) DRV - (LSI_SCSI) -- C:\windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (nvraid) -- C:\windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (adp94xx) -- C:\windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (viaide) -- C:\windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (ql40xx) -- C:\windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = QIP.RU: ?????, ?????, ???????, ??????????, ??????, ???? ? ??????????? IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = QIP: ????? ? ????????? IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = QIP: ????? ? ????????? IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = QIP: ????? ? ????????? IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Programme\Internet Explorer\qipsearchbar.dll (qip.ru) IE - HKCU\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Playdom Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2464976&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845 FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: {69d1a568-ffdf-4ef5-8919-7003582e0ee8}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=" FF - prefs.js..network.proxy.autoconfig_url: "hxxp://www.myvideo.de/watch/7571052/Folge_13_Jorge_flippt_aus_Germanys_next_Topmodel_GNTM_GNT" FF - prefs.js..network.proxy.backup.ftp: "192.109.135.142" FF - prefs.js..network.proxy.backup.ftp_port: 80 FF - prefs.js..network.proxy.backup.gopher: "192.109.135.142" FF - prefs.js..network.proxy.backup.gopher_port: 80 FF - prefs.js..network.proxy.backup.socks: "192.109.135.142" FF - prefs.js..network.proxy.backup.socks_port: 80 FF - prefs.js..network.proxy.backup.ssl: "192.109.135.142" FF - prefs.js..network.proxy.backup.ssl_port: 80 FF - prefs.js..network.proxy.ftp: "89.248.172.146" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.gopher: "89.248.172.146" FF - prefs.js..network.proxy.gopher_port: 3128 FF - prefs.js..network.proxy.http: "89.248.172.146" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "89.248.172.146" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "89.248.172.146" FF - prefs.js..network.proxy.ssl_port: 3128 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010.07.21 08:39:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010.05.25 13:18:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.24 23:45:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.24 23:45:21 | 000,000,000 | ---D | M] [2009.05.21 08:09:38 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\mozilla\Extensions [2010.07.25 11:24:28 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\2vwcq99q.default\extensions [2010.04.27 19:40:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\2vwcq99q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.27 19:40:51 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\2vwcq99q.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.04.02 14:58:32 | 000,000,000 | ---D | M] (Playdom Toolbar) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\2vwcq99q.default\extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8} [2010.04.05 11:39:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\2vwcq99q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.03.24 16:12:16 | 000,000,917 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\FireFox\Profiles\2vwcq99q.default\searchplugins\conduit.xml [2010.07.20 08:59:24 | 000,000,950 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\FireFox\Profiles\2vwcq99q.default\searchplugins\icqplugin-1.xml [2010.07.22 08:55:55 | 000,000,950 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\FireFox\Profiles\2vwcq99q.default\searchplugins\icqplugin-2.xml [2010.07.24 23:46:15 | 000,000,950 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\FireFox\Profiles\2vwcq99q.default\searchplugins\icqplugin-3.xml [2010.04.05 11:39:30 | 000,000,168 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\FireFox\Profiles\2vwcq99q.default\searchplugins\icqplugin.gif [2010.04.05 11:39:30 | 000,000,618 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\FireFox\Profiles\2vwcq99q.default\searchplugins\icqplugin.src [2010.06.26 17:38:36 | 000,000,947 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\FireFox\Profiles\2vwcq99q.default\searchplugins\icqplugin.xml [2009.07.27 20:43:45 | 000,002,061 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\FireFox\Profiles\2vwcq99q.default\searchplugins\qipsearch.xml [2010.07.10 08:58:18 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.05.16 13:26:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.04.14 10:23:50 | 000,300,408 | ---- | M] (Musicnotes, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npmusicn.dll [2010.03.14 13:05:02 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.14 13:05:02 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.14 13:05:02 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.14 13:05:03 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.14 13:05:03 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Programme\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - Reg Error: Value error. File not found O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll () O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Programme\Internet Explorer\qipsearchbar.dll (qip.ru) O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - Reg Error: Value error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - Reg Error: Value error. File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CNAP2 Launcher] C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE (CANON INC.) O4 - HKLM..\Run: [CognizanceTS] c:\Programme\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.) O4 - HKLM..\Run: [File Sanitizer] C:\Programme\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WatchDog] C:\Programme\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - Reg Error: Value error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img21.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img21.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.25 09:08:01 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe [2010.07.24 11:39:23 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Malwarebytes [2010.07.24 11:38:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2010.07.24 11:38:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2010.07.24 11:38:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.07.24 11:38:55 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.07.21 11:03:47 | 000,000,000 | ---D | C] -- C:\Users\Anna\Desktop\Anmeldung ICC [2010.07.16 21:09:09 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\avgrsstx.dll [2010.07.15 18:22:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.07.15 18:21:45 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\HpUpdate [2010.07.14 18:17:56 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Essentials [2010.07.13 18:09:31 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\dvdcss [2010.07.08 10:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon [2010.07.08 10:57:06 | 000,217,088 | ---- | C] (CANON INC.) -- C:\windows\System32\CNAP2LMK.DLL [2010.07.08 10:57:03 | 000,385,024 | ---- | C] (CANON INC.) -- C:\windows\System32\CNAB8EMK.DLL [2010.07.08 10:56:49 | 000,000,000 | ---D | C] -- C:\Programme\Canon [2010.06.28 15:02:58 | 000,000,000 | ---D | C] -- C:\Programme\Eusing Free Registry Cleaner [2009.01.16 19:37:36 | 000,180,224 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll [2009.01.16 19:37:35 | 000,176,128 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.07.25 12:23:38 | 002,359,296 | -HS- | M] () -- C:\Users\Anna\ntuser.dat [2010.07.25 12:20:19 | 000,000,416 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{4DCD1850-20F2-4073-9DE7-718395FF870A}.job [2010.07.25 12:16:33 | 000,000,000 | ---- | M] () -- C:\Users\Anna\AppData\Local\prvlcl.dat [2010.07.25 10:51:29 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.25 10:51:29 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.25 09:08:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe [2010.07.25 08:51:25 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2010.07.25 00:28:30 | 002,460,521 | -H-- | M] () -- C:\Users\Anna\AppData\Local\IconCache.db [2010.07.24 23:50:51 | 062,455,073 | ---- | M] () -- C:\windows\System32\drivers\Avg\incavi.avm [2010.07.24 23:41:56 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT [2010.07.24 23:41:20 | 1875,763,200 | -HS- | M] () -- C:\hiberfil.sys [2010.07.24 20:48:05 | 000,524,288 | -HS- | M] () -- C:\Users\Anna\ntuser.dat{a6c20341-82a4-11df-87c1-002186d89243}.TMContainer00000000000000000001.regtrans-ms [2010.07.24 20:48:05 | 000,065,536 | -HS- | M] () -- C:\Users\Anna\ntuser.dat{a6c20341-82a4-11df-87c1-002186d89243}.TM.blf [2010.07.24 11:39:05 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.24 11:18:13 | 000,132,597 | ---- | M] () -- C:\Users\Anna\Desktop\Flash_Disinfector.exe [2010.07.23 21:19:18 | 001,488,384 | ---- | M] () -- C:\Users\Anna\Desktop\Oriantation_Sprachtest_englisch.ppt [2010.07.23 13:19:48 | 001,672,942 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI [2010.07.23 13:19:48 | 000,718,042 | ---- | M] () -- C:\windows\System32\perfh007.dat [2010.07.23 13:19:48 | 000,658,164 | ---- | M] () -- C:\windows\System32\perfh009.dat [2010.07.23 13:19:48 | 000,167,308 | ---- | M] () -- C:\windows\System32\perfc007.dat [2010.07.23 13:19:48 | 000,133,620 | ---- | M] () -- C:\windows\System32\perfc009.dat [2010.07.21 10:48:23 | 000,098,816 | ---- | M] () -- C:\Users\Anna\Desktop\OM-Mne Finances 10.xls [2010.07.18 14:40:28 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2010.07.16 21:09:36 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgtdix.sys [2010.07.16 21:09:09 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\avgrsstx.dll [2010.07.16 21:07:24 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgldx86.sys [2010.07.15 22:59:55 | 000,008,690 | ---- | M] () -- C:\Users\Anna\Desktop\fehler.odt [2010.07.14 18:17:59 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.07.14 16:22:39 | 000,279,251 | R--- | M] () -- C:\Users\Anna\Desktop\ielts_application_form.pdf [2010.07.04 18:03:44 | 000,010,292 | ---- | M] () -- C:\Users\Anna\.recently-used.xbel [2010.06.28 16:25:00 | 000,524,288 | -HS- | M] () -- C:\Users\Anna\ntuser.dat{a6c20341-82a4-11df-87c1-002186d89243}.TMContainer00000000000000000002.regtrans-ms [2010.06.28 14:25:16 | 000,524,288 | -HS- | M] () -- C:\Users\Anna\ntuser.dat{11adf871-16e1-11de-88dc-002186d89243}.TMContainer00000000000000000001.regtrans-ms [2010.06.28 14:25:16 | 000,065,536 | -HS- | M] () -- C:\Users\Anna\ntuser.dat{11adf871-16e1-11de-88dc-002186d89243}.TM.blf [2010.06.28 12:32:35 | 000,008,131 | ---- | M] () -- C:\Users\Anna\as.reg [2010.06.27 19:36:06 | 000,013,442 | ---- | M] () -- C:\Users\Anna\Desktop\Lieder.odt [2010.06.27 18:18:16 | 001,212,454 | ---- | M] () -- C:\Users\Anna\Desktop\Rundbrief september10.odt [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.24 11:39:05 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.24 11:13:08 | 000,132,597 | ---- | C] () -- C:\Users\Anna\Desktop\Flash_Disinfector.exe [2010.07.23 21:19:17 | 001,488,384 | ---- | C] () -- C:\Users\Anna\Desktop\Oriantation_Sprachtest_englisch.ppt [2010.07.15 22:59:51 | 000,008,690 | ---- | C] () -- C:\Users\Anna\Desktop\fehler.odt [2010.07.14 18:17:59 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.07.14 16:22:42 | 000,279,251 | R--- | C] () -- C:\Users\Anna\Desktop\ielts_application_form.pdf [2010.07.04 18:03:44 | 000,010,292 | ---- | C] () -- C:\Users\Anna\.recently-used.xbel [2010.07.02 21:06:04 | 000,098,816 | ---- | C] () -- C:\Users\Anna\Desktop\OM-Mne Finances 10.xls [2010.06.28 22:01:59 | 1875,763,200 | -HS- | C] () -- C:\hiberfil.sys [2010.06.28 14:29:19 | 000,524,288 | -HS- | C] () -- C:\Users\Anna\ntuser.dat{a6c20341-82a4-11df-87c1-002186d89243}.TMContainer00000000000000000002.regtrans-ms [2010.06.28 14:29:19 | 000,524,288 | -HS- | C] () -- C:\Users\Anna\ntuser.dat{a6c20341-82a4-11df-87c1-002186d89243}.TMContainer00000000000000000001.regtrans-ms [2010.06.28 14:29:19 | 000,065,536 | -HS- | C] () -- C:\Users\Anna\ntuser.dat{a6c20341-82a4-11df-87c1-002186d89243}.TM.blf [2010.06.28 12:32:35 | 000,008,131 | ---- | C] () -- C:\Users\Anna\as.reg [2009.09.12 03:47:23 | 000,117,248 | ---- | C] () -- C:\windows\System32\EhStorAuthn.dll [2009.05.21 12:20:30 | 000,017,408 | ---- | C] () -- C:\windows\System32\rpcnetp.dll [2009.04.09 23:01:00 | 000,000,041 | ---- | C] () -- C:\windows\SIERRA.INI [2009.03.01 10:22:06 | 000,000,103 | ---- | C] () -- C:\windows\System32\hptrace.ini [2009.03.01 10:21:26 | 000,014,683 | ---- | C] () -- C:\windows\hplj1010.ini [2009.01.16 19:37:35 | 001,804,160 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys [2009.01.16 19:37:35 | 000,028,160 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys [2009.01.16 19:37:35 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini [2008.07.23 15:38:17 | 000,204,800 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll [2008.07.23 15:38:17 | 000,200,704 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll [2008.07.23 15:38:17 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll [2008.07.23 15:38:17 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll [2008.07.23 15:38:17 | 000,188,416 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll [2008.07.23 15:38:17 | 000,020,480 | ---- | C] () -- C:\windows\System32\IVIresize.dll [2008.07.23 15:07:46 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI [2008.05.30 18:36:58 | 000,108,752 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys [2008.05.21 11:38:12 | 000,159,744 | ---- | C] () -- C:\windows\System32\atitmmxx.dll [2007.11.15 03:24:14 | 000,003,584 | ---- | C] () -- C:\windows\System32\wceprv.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini [2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\windows\System32\WdfCoInstaller01000.dll [2005.04.04 00:30:00 | 000,110,592 | ---- | C] () -- C:\windows\System32\scardsyn.dll [2003.07.14 17:10:57 | 000,094,274 | ---- | C] () -- C:\windows\System32\HPBHEALR.DLL [2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll [1998.05.07 05:10:00 | 000,069,632 | ---- | C] () -- C:\windows\System32\ODMA32.dll < End of report > .daguru |
|
25.07.2010, 17:09
| #7 |
| | Autorun.inf entfernen Entschuldige, dass ich zweimal das gleiche gepostet hat, hier der 2. OTL Bericht: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 25.07.2010 12:21:01 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Anna\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 62,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,05 Gb Total Space | 98,36 Gb Free Space | 70,74% Space Free | Partition Type: NTFS
Drive D: | 7,91 Gb Total Space | 0,79 Gb Free Space | 10,00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1020,00 Mb Total Space | 1011,29 Mb Free Space | 99,15% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC-***
Current User Name: Anna
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01EB0AA5-1087-4F71-9224-361553E76752}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{070690FC-7696-4F55-9664-95B830F7CE19}" = lport=445 | protocol=6 | dir=in | app=system |
"{0D96BBBA-D81B-41E4-8803-2AAC412F630B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0F0DC0A4-B718-4A70-AB1D-E30DBCEADFFA}" = lport=139 | protocol=6 | dir=in | app=system |
"{191901B0-E995-4DF6-B616-30F5EE290F9A}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{19E5E98A-2798-4756-A9E2-FCB39F405524}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1E84BF5E-C6C0-4523-A764-065373C0AB5E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1FE970F2-3620-453D-AFFE-928790CEA15C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2DA0A080-B4EC-4F04-A571-95A5E3B3BF47}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3144D428-C9F8-46CE-A3E7-E10793A13975}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{37D00287-8AB3-4E6B-A7DC-F67642B5FB1E}" = lport=137 | protocol=17 | dir=in | app=system |
"{44511208-0329-4EC5-B367-5574C3138068}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{4A693962-415F-4273-B27B-1F8516126FEB}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{59EAA3A5-2331-42A8-A4B6-2BB37E8AFD6E}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{6D1F786B-BF04-4B37-84A8-6A7D424B3A1D}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{7CA9E6A9-2D24-4120-A833-0B0655A33470}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{81AF5B28-3A39-4ACC-9566-A7BA4BD5F554}" = rport=445 | protocol=6 | dir=out | app=system |
"{82DE584D-D5AF-4456-9572-5EBE4675E393}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{8745D8A1-CE48-42B5-B6D6-3B3B63A2ABE2}" = lport=138 | protocol=17 | dir=in | app=system |
"{9C50733E-EFEA-40CA-AD7D-143F03740ACA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA435949-80D5-4762-B0B4-23439A17DA8F}" = rport=137 | protocol=17 | dir=out | app=system |
"{AF497C31-FD3D-42A3-9A6C-7C53835517BD}" = rport=138 | protocol=17 | dir=out | app=system |
"{B4860BD9-2144-4F05-AB62-2262EEBE359B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BDD87336-D9F2-4D00-91CA-AD6D1577BF34}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CB1BD86B-10F0-463E-92DD-7DB87D152D4E}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{CC9F27D7-E6B6-47FF-A69A-6D0E3D1E099E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CF83BC75-1358-42A5-95A9-F4CAB2906DEF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DA7764A3-844A-47E9-BEBC-7ECB11DF3B56}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EC6EFFB7-F954-466A-8637-100C800738EF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ECF6075D-7D1E-4708-A372-674C287B2520}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{EECAC15B-7FE9-4963-AC19-82E639250855}" = rport=139 | protocol=6 | dir=out | app=system |
"{F690926C-D506-42E2-B091-99A99C858857}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FD0A31E4-D31E-41D3-A80C-55CCF55ACE56}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C3E52A-A168-4E8F-AF24-6E8442C6D5A2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{08865EF1-C397-4262-90D7-6D443FE3FD66}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{15E990F8-5C74-4DC5-A419-BE90977E768F}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{1F62518C-2B33-4468-A730-66E32C38F928}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{24BAEA9B-AD2B-40C9-BC91-D22CF88468AE}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{24EF014B-2C64-4494-9850-46CA64F99C80}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{26821823-D706-4B19-868A-27A6059AC89B}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{2B6A6195-1C10-488D-A81E-8D76002DBD62}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{32CBE512-1358-4D54-B0C2-650DDD4EF849}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{35C490F7-8C05-4FEA-BF77-7F58CB763E33}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3CE19E13-45E1-4E99-9DEC-F35173F6C03F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3F789C86-0FE3-42CE-A802-6FA96487C274}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4C990088-2064-4A9C-9C6A-3C92C5C8049E}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{5052F62F-938E-409A-AC73-712485457A9D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{505F4F24-16AE-480C-8589-846BEA26E144}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{546308D4-D81D-4518-B5E4-7729B10F3BD7}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{5C59DDAA-0344-4CCA-97A7-1A5BB8AD29EF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{609EAB66-DD10-46F8-B628-0FB0C277CF2A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{64FB7F9F-0C21-486E-9824-18FFA33C9776}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{758713C4-92CE-401C-A4D8-03DE1BEFA236}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9095CC06-EE9C-4934-87DD-23DF3FEF806D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9105DEEB-B8EF-4BD4-92E3-310B4575B75D}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{9314F103-13F3-44E4-B3C2-29589C992D20}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9F6D2C6A-34CB-4AAF-B784-9E456C3E98EA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A0B40569-2E4F-4CA9-9A9D-5DF9CE83C0AC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A9F4182F-B422-4ADD-8F2A-908394C31A46}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AAE0D6AA-69A4-42B9-BF82-58185E1DF24E}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{AEA34A22-E2E8-48DB-BD9F-8D427610659B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B14389FA-F417-44A2-8A07-A46DB0C75102}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B26083DB-71CD-456A-AFD5-7EC719B3F5CB}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{B45E0FCF-5CE0-4474-8CBE-933CF8D0446E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B4B476CA-2FEE-4B2F-9D38-ADA98C331807}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B5FC8974-E5EE-4483-BB3D-972DA0826C2E}" = protocol=6 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{BAD59A36-61A8-47F1-BF29-EC6B6D948951}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{BB17B6E2-EE79-48EB-BD16-CA62E384664F}" = protocol=17 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{BFC1085C-F98C-45FC-8E6D-B9FF400BBC98}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{C9B839E8-ED9E-4F91-ABE0-658DCD0FC4F8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CCDB1448-0C03-4E2E-8C11-9F5DF48A9BE6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CD215E8A-08FB-4C6C-86B4-5932140E3446}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{CF3C19D2-B49C-4AC6-9AE7-EA3431990A7E}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{D500F3BE-551E-4627-AD06-BD4D025F7755}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D6C45989-EFF9-4FAF-99CD-9AEAE0F158C8}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{E1F2AD34-286E-4124-85E1-05ECDD65BC25}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE073A06-3DE5-40CC-AD87-04C96C485831}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{F1B8ECA6-DB38-423D-BD12-3D471E16FC0F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F73349C2-B0D6-4773-BCB9-3354CE63C277}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F820F7D6-567F-4777-9F19-2BC7EBAF75FF}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{F9E3400A-E1B7-400C-8B64-E5292506544E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{1305229E-714C-4D5F-8612-DB74AF4529A6}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{B947EE42-CD55-4402-8F50-257BB6502105}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{A61EEB63-BCA0-45E4-BE83-3E6D82652846}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{ACB6050D-4C0A-4E97-BA89-96458172BD2D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{01F81577-D786-49D7-BAAF-B8A8B44CE251}" = ESU for Microsoft Vista SP1
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6202
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{084D80A0-A897-F435-CE63-A3A7CDB46D9A}" = CCC Help Danish
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E485D10-139A-21B6-471C-7856AF893F42}" = Catalyst Control Center Localization Spanish
"{0F98662A-EA83-414F-8766-3FCE46A32641}" = Credential Manager for HP ProtectTools
"{12D61C9C-5E84-47F0-BD81-A48DF61A86D7}" = Vista Default Settings
"{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
"{196A2093-817C-7237-9FB8-7223FF8D3424}" = Catalyst Control Center Localization Portuguese
"{19C6BC99-B7D0-E36A-3F72-24501D2FF8F0}" = Catalyst Control Center Localization Thai
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2462B5A9-CDE0-A51C-5646-6863B445B717}" = CCC Help Dutch
"{2472CC23-7C6E-F1A5-F439-B93CC198D0E2}" = Catalyst Control Center Graphics Light
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 20
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{27AB9B63-70B4-3444-7FE7-EAAF837286B6}" = Catalyst Control Center Localization Turkish
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2ACA66D0-7C67-4235-90B5-7AB382FF8633}" = HP 3D DriveGuard
"{2B01122D-645A-7A29-5F98-025F3F920EEE}" = CCC Help Thai
"{2E8A56E1-8421-623F-7D27-5B0D64052D35}" = CCC Help Swedish
"{3032FE9D-1EF0-2B28-E28F-D14123A54091}" = CCC Help Norwegian
"{30BF4E6C-D866-46F7-A4F6-81A45E97706E}" = Catalyst Control Center - Branding
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32D95F2D-17A3-9457-667D-DC603227295F}" = ATI Catalyst Install Manager
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 E1
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FE45683-E0A6-8887-BA46-93846D76A571}" = Catalyst Control Center Localization Japanese
"{420BBA1D-B275-4891-838C-EA88FE87A632}" = HP Customer Experience Enhancements
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B8CE04B-567D-A6D1-C8C3-55151585051A}" = Catalyst Control Center Localization Hungarian
"{4BBB1697-A0C0-C00D-CC3B-2A3D8D7ED8E1}" = CCC Help Czech
"{4BDBFEB0-784B-8FBB-E323-17F4B8C3450D}" = Catalyst Control Center Core Implementation
"{4DEB1738-EE2D-9415-B1F3-99FE75519BB8}" = Catalyst Control Center Localization Norwegian
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5FEB063B-B9A0-7677-8D4B-5DE1397BBC7F}" = Catalyst Control Center Localization Swedish
"{6079977A-C216-0ED5-7E82-5E94A7683EB1}" = Catalyst Control Center Localization Chinese Traditional
"{609C59C0-2920-B88F-AC4E-8434CEEA093F}" = CCC Help Chinese Standard
"{62A07DAC-EE36-7C2D-28D4-18A4B8F55EC9}" = Catalyst Control Center Localization Greek
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6716796A-DD6E-8B10-AF22-D30ECB25C682}" = CCC Help Portuguese
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F854740-01D1-46A4-C809-D73B14F9FAA2}" = ccc-utility
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools
"{7BE6A272-9078-5035-FB61-D2D1C15D1EA0}" = Catalyst Control Center Localization Russian
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{8253DB6F-C883-93A4-435F-9526DC07C17F}" = CCC Help Italian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BB128BE-2670-485D-A221-B00715BCEBCF}" = HP Easy Setup - Frontend
"{8EC7AB5C-7128-B1CD-CA1D-74190D31313E}" = Catalyst Control Center Localization Chinese Standard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9320B364-EF7F-90E6-63F8-C58EEB9AE517}" = Catalyst Control Center Graphics Full New
"{959B8759-D31A-CE42-6BA1-A8F7812C040B}" = CCC Help Finnish
"{959BAC64-7722-EBD6-660E-C74ED44CA0D3}" = Catalyst Control Center Localization Danish
"{99A5C123-2741-45BA-276A-8BDA52303CAD}" = CCC Help German
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9CDB5063-D699-42BA-9135-7B8C4ECAC856}" = BIOS Configuration for HP ProtectTools
"{9DEE62F7-3C8A-A6E8-6D00-99BB99B0A19C}" = CCC Help French
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A3EB6C7C-F959-9258-3A35-2A6EDB9CA176}" = CCC Help Hungarian
"{A4B50564-9B8D-49DF-4A90-C6EC349A6538}" = Catalyst Control Center Localization Korean
"{A55C2FF6-4217-F05B-E603-0544CB9EBD93}" = Catalyst Control Center Localization French
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B076BAB8-B78C-053A-FAC2-0A9CCD802E0A}" = CCC Help Korean
"{B1508FDD-AFC7-373B-8B96-6A6BEC48A9A8}" = Catalyst Control Center Localization Polish
"{B3B36E34-2E5A-20E8-AF99-A2D40E84CC6F}" = CCC Help Turkish
"{B57BC333-F983-C25E-4C04-834548DF8607}" = Catalyst Control Center Localization Italian
"{B79DB290-9F72-4B20-9776-848D7832705B}" = HP User Guides 0108
"{BECF6C08-ED85-7F05-E2CD-43A18DA0B3D7}" = CCC Help Spanish
"{BEEA5BCB-CCA1-6FBA-764C-625239FE0F50}" = CCC Help Polish
"{C09C13C7-B636-01CC-D5A1-A7411F858891}" = Catalyst Control Center Localization Czech
"{C19BD21C-AF1A-CBC1-3B73-938B37F6B0E6}" = CCC Help Chinese Traditional
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C9EF2D75-ECB0-602D-6700-977702AD7CCF}" = Catalyst Control Center Graphics Full Existing
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBC24502-5EB5-45B6-9E56-E6A2F6AFA367}" = HP JavaCard for HP ProtectTools
"{CC8128C5-EC9A-0167-65F5-305E78F1A535}" = CCC Help Russian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D0FF1E97-85BA-C735-1D4C-636293B0E9F0}" = CCC Help Greek
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D405A9E1-5D02-46FB-A2B3-796F1F218B32}" = HP ProtectTools Security Manager
"{D4C5185C-A8DF-8466-FE8A-1692E08ECBF7}" = Skins
"{D7FD9036-5EE1-A970-B981-BF46AF433380}" = Catalyst Control Center Localization German
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EF3C3C9A-C96B-051E-99D1-72D7CE823DA8}" = ccc-core-static
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F46CBAC2-20F4-98DA-D890-81F4DE2BF3BA}" = Catalyst Control Center Localization Finnish
"{F545FAC8-4D05-229A-E1A3-3DF671518DC3}" = CCC Help English
"{F657EF23-08BB-4C8D-B688-78C20FA657EA}" = Drive Encryption for HP ProtectTools
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
"{FF165D48-1562-B757-E006-69197226E903}" = CCC Help Japanese
"{FFCA8569-F139-54BF-A9EF-092A3DFDFB4B}" = Catalyst Control Center Localization Dutch
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AVG9Uninstall" = AVG Free 9.0
"Byki Express" = Byki Express
"Canon LBP3010/LBP3018/LBP3050" = Canon LBP3010/LBP3018/LBP3050
"EasyBCD" = EasyBCD 1.7.2
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"ifolor-OrderClient21" = ifolor Designer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"PDF Complete" = PDF Complete
"PROHYBRIDR" = 2007 Microsoft Office system
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WinGimp-2.0_is1" = GIMP 2.6.7
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.07.2010 09:44:40 | Computer Name = PC-*** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.07.2010 02:35:28 | Computer Name = PC-*** | Source = WinMgmt | ID = 10
Description =
Error - 23.07.2010 03:54:11 | Computer Name = PC-*** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.07.2010 03:54:12 | Computer Name = PC-*** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.07.2010 07:21:24 | Computer Name = PC-*** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.07.2010 07:21:24 | Computer Name = PC-*** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.07.2010 08:00:23 | Computer Name = PC-*** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.07.2010 08:00:24 | Computer Name = PC-*** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.07.2010 10:29:34 | Computer Name = PC-*** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.07.2010 10:29:35 | Computer Name = PC-*** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 24.07.2010 05:04:19 | Computer Name = PC-*** | Source = Service Control Manager | ID = 7000
Description =
Error - 24.07.2010 05:04:19 | Computer Name = PC-*** | Source = Service Control Manager | ID = 7000
Description =
Error - 24.07.2010 05:06:12 | Computer Name = PC-*** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 24.07.2010 17:42:00 | Computer Name = PC-*** | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.3 für die Netzwerkkarte mit der Netzwerkadresse
0021008A13B4 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 24.07.2010 17:43:05 | Computer Name = PC-*** | Source = Service Control Manager | ID = 7000
Description =
Error - 24.07.2010 17:43:05 | Computer Name = PC-*** | Source = Service Control Manager | ID = 7000
Description =
Error - 24.07.2010 17:45:16 | Computer Name = PC-*** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 25.07.2010 02:51:37 | Computer Name = PC-***| Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.4 für die Netzwerkkarte mit der Netzwerkadresse
0021008A13B4 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 25.07.2010 02:52:00 | Computer Name = PC-*** | Source = DCOM | ID = 10010
Description =
Error - 25.07.2010 02:52:03 | Computer Name = PC-*** | Source = DCOM | ID = 10010
Description =
< End of report >
|
|
26.07.2010, 15:29
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Autorun.inf entfernen Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
SRV - (myAgtSvc) -- File not found
SRV - (EngineServer) -- File not found
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Playdom Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2464976&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://www.myvideo.de/watch/7571052/Folge_13_Jorge_flippt_aus_Germanys_next_Topmodel_GNTM_GNT"
FF - prefs.js..network.proxy.backup.ftp: "192.109.135.142"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "192.109.135.142"
FF - prefs.js..network.proxy.backup.gopher_port: 80
FF - prefs.js..network.proxy.backup.socks: "192.109.135.142"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "192.109.135.142"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "89.248.172.146"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "89.248.172.146"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "89.248.172.146"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "89.248.172.146"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "89.248.172.146"
FF - prefs.js..network.proxy.ssl_port: 3128
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
26.07.2010, 16:38
| #9 |
| | Autorun.inf entfernen Vielen Dank soweit schon mal, hier das Logfile: All processes killed ========== OTL ========== Service myAgtSvc stopped successfully! Service myAgtSvc deleted successfully! File File not found not found. Service EngineServer stopped successfully! Service EngineServer deleted successfully! File File not found not found. Prefs.js: "ICQ Search" removed from browser.search.defaultenginename Prefs.js: "Playdom Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2464976&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "ICQ Search" removed from browser.search.selectedEngine Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=" removed from keyword.URL Prefs.js: "hxxp://www.myvideo.de/watch/7571052/Folge_13_Jorge_flippt_aus_Germanys_next_Topmodel_GNTM_GNT" removed from network.proxy.autoconfig_url Prefs.js: "192.109.135.142" removed from network.proxy.backup.ftp Prefs.js: 80 removed from network.proxy.backup.ftp_port Prefs.js: "192.109.135.142" removed from network.proxy.backup.gopher Prefs.js: 80 removed from network.proxy.backup.gopher_port Prefs.js: "192.109.135.142" removed from network.proxy.backup.socks Prefs.js: 80 removed from network.proxy.backup.socks_port Prefs.js: "192.109.135.142" removed from network.proxy.backup.ssl Prefs.js: 80 removed from network.proxy.backup.ssl_port Prefs.js: "89.248.172.146" removed from network.proxy.ftp Prefs.js: 3128 removed from network.proxy.ftp_port Prefs.js: "89.248.172.146" removed from network.proxy.gopher Prefs.js: 3128 removed from network.proxy.gopher_port Prefs.js: "89.248.172.146" removed from network.proxy.http Prefs.js: 3128 removed from network.proxy.http_port Prefs.js: true removed from network.proxy.share_proxy_settings Prefs.js: "89.248.172.146" removed from network.proxy.socks Prefs.js: 3128 removed from network.proxy.socks_port Prefs.js: "89.248.172.146" removed from network.proxy.ssl Prefs.js: 3128 removed from network.proxy.ssl_port ========== COMMANDS ========== C:\windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Anna ->Temp folder emptied: 50714385 bytes ->Temporary Internet Files folder emptied: 180720046 bytes ->Java cache emptied: 43176964 bytes ->FireFox cache emptied: 89638328 bytes ->Flash cache emptied: 40953 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 115708563 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 458,00 mb OTL by OldTimer - Version 3.2.9.1 log created on 07262010_171850 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
26.07.2010, 17:12
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Autorun.inf entfernen Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.07.2010, 19:12
| #11 |
| | Autorun.inf entfernen Combofix Logfile: Code:
ATTFilter ComboFix 10-07-24.06 - Anna 26.07.2010 19:30:17.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.49.1031.18.1788.954 [GMT 2:00]
ausgeführt von:: c:\users\Anna\Desktop\cofi.exe
AV: Total Protection *On-access scanning enabled* (Updated) {8C354827-2F54-4E28-90DC-AD391E77808C}
FW: Total Protection *disabled* {259FBE35-46BE-45F3-8F2F-4DB67BBBC614}
SP: Total Protection *enabled* (Updated) {DEBE977C-6A5A-49CC-937A-9E8BB3202260}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Internet Explorer\qiPSearchbar.dll
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
----- BITS: Eventuell infizierte Webseiten -----
hxxp://wsus.gbaships.com:8530
.
((((((((((((((((((((((( Dateien erstellt von 2010-06-26 bis 2010-07-26 ))))))))))))))))))))))))))))))
.
2010-07-26 17:49 . 2010-07-26 17:53 -------- d-----w- c:\users\Anna\AppData\Local\temp
2010-07-26 17:49 . 2010-07-26 17:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-26 17:09 . 2010-07-26 17:09 -------- d-----w- c:\program files\CCleaner
2010-07-26 15:18 . 2010-07-26 15:18 -------- d-----w- C:\_OTL
2010-07-24 09:39 . 2010-07-24 09:39 -------- d-----w- c:\users\Anna\AppData\Roaming\Malwarebytes
2010-07-24 09:38 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-24 09:38 . 2010-07-24 09:38 -------- d-----w- c:\programdata\Malwarebytes
2010-07-24 09:38 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-24 09:38 . 2010-07-24 09:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-16 19:09 . 2010-07-16 19:09 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 16:21 . 2010-07-20 07:03 -------- d-----w- c:\users\Anna\AppData\Roaming\HpUpdate
2010-07-14 16:17 . 2010-07-14 16:18 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-07-13 16:09 . 2010-07-14 05:52 -------- d-----w- c:\users\Anna\AppData\Roaming\dvdcss
2010-07-08 08:59 . 2010-07-08 08:59 -------- d-----w- c:\programdata\Canon
2010-07-08 08:57 . 2008-03-17 15:00 217088 ----a-w- c:\windows\system32\CNAP2LMK.DLL
2010-07-08 08:57 . 2008-03-17 15:00 385024 ----a-w- c:\windows\system32\CNAB8EMK.DLL
2010-07-08 08:56 . 2010-07-08 08:58 -------- d-----w- c:\program files\Canon
2010-06-28 13:02 . 2010-06-28 13:41 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-06-28 10:32 . 2010-06-28 10:32 8131 ----a-w- c:\users\Anna\as.reg
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-26 17:21 . 2010-02-03 11:26 -------- d-----w- c:\users\Anna\AppData\Roaming\Skype
2010-07-26 15:42 . 2009-02-07 12:27 1 ----a-w- c:\users\Anna\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-26 15:31 . 2010-03-14 09:17 0 ----a-w- c:\users\Anna\AppData\Local\prvlcl.dat
2010-07-26 15:12 . 2010-02-03 11:33 -------- d-----w- c:\users\Anna\AppData\Roaming\skypePM
2010-07-23 11:19 . 2008-04-16 15:03 718042 ----a-w- c:\windows\system32\perfh007.dat
2010-07-23 11:19 . 2008-04-16 15:03 167308 ----a-w- c:\windows\system32\perfc007.dat
2010-07-16 19:09 . 2010-02-14 14:39 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 19:07 . 2010-02-14 14:39 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-15 16:22 . 2008-07-23 13:49 -------- d-----w- c:\program files\HP
2010-07-14 14:36 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-14 14:27 . 2008-07-23 13:16 -------- d-----w- c:\programdata\Microsoft Help
2010-07-13 16:25 . 2009-06-15 12:39 -------- d-----w- c:\users\Anna\AppData\Roaming\vlc
2010-07-04 16:03 . 2009-12-18 12:30 -------- d-----w- c:\users\Anna\AppData\Roaming\gtk-2.0
2010-07-03 18:52 . 2009-07-27 18:37 -------- d-----w- c:\users\Anna\AppData\Roaming\ICQ
2010-06-28 09:43 . 2008-07-23 13:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-25 19:47 . 2010-04-05 09:38 -------- d-----w- c:\program files\ICQ7.1
2010-06-24 13:49 . 2009-09-11 21:45 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-24 13:28 . 2008-07-23 13:22 -------- d-----w- c:\program files\Microsoft.NET
2010-06-20 13:31 . 2009-01-31 09:00 680 ----a-w- c:\users\Anna\AppData\Local\d3d9caps.dat
2010-06-03 07:46 . 2010-02-14 14:39 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-01 17:37 . 2009-10-03 19:05 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-26 17:06 . 2010-06-10 08:51 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 08:51 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-04 17:24 . 2009-01-16 16:17 1076 ----a-w- c:\windows\bthservsdp.dat
2010-05-04 17:00 . 2009-01-16 17:44 121184 ----a-w- c:\users\Anna\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-04 05:59 . 2010-06-10 08:45 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 08:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 08:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 08:45 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-10 08:39 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-30 16:36 . 2010-04-30 16:36 5113 ----a-w- c:\users\Anna\AppData\Roaming\mdbu.bin
2008-07-23 13:00 . 2008-07-23 13:00 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-05-12 318488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2008-05-14 10244096]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-05-24 197904]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE" [2007-09-05 406944]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-5-13 727592]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-7-23 197904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\avgrsstx.dll c:\windows\System32\APSHook.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2008-06-02 17:57 238984 ----a-w- c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):0d,24,58,8d,e3,33,ca,01
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2008-05-14 77824]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-06-02 18944]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-16 243024]
S1 RsvLock;RsvLock; [x]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-05-30 256512]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-04-07 24936]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-05-12 576024]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
2010-07-26 c:\windows\Tasks\User_Feed_Synchronization-{4DCD1850-20F2-4073-9DE7-718395FF870A}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\2vwcq99q.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\2vwcq99q.default\extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}\components\FFExternalAlert.dll
FF - component: c:\users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\2vwcq99q.default\extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-07-26 19:54
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(216)
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\AEADISRV.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-07-26 20:03:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-07-26 18:03
Vor Suchlauf: 8 Verzeichnis(se), 105.978.855.424 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 105.729.646.592 Bytes frei
- - End Of File - - DAE554523C1C30D2E289C45B17495FB8
|
|
26.07.2010, 22:39
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Autorun.inf entfernen Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Registry::
[-HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[-HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
Driver::
SafeBoot
SbAlg
SbFsLock
RsvLock
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.07.2010, 15:25
| #13 |
| | Autorun.inf entfernen Der Computer konnte nicht richtig neustarten und nachm neustart wurde auch nicht gefragt, was hab ich falsch gemacht? |
|
27.07.2010, 15:35
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Autorun.inf entfernen Bitte so formulieren, dass ich nicht herumraten muss was Du meinst.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.07.2010, 15:53
| #15 |
| | Autorun.inf entfernen Entschuldige, also ich hab das Notepad geöffnet, den Text eingefügt, auf dem Desktop gespeichert und auf das OTL Symbol gezogen. Dann hat ein OTL Scan gestartet und der Computer wurde neu gestartet, beim hochfahren kam dann aber die Meldung, dass der Computer Probleme beim starten hatte und ob ich den Computer im normalen Modus starten möchte oder im abgesicherten (ich bin nicht genau ob das abgesicherter war oder ein anderes Wort). Im normalen Modus konnte ich den Computer nicht starten, nur in dem anderen, an dessen Namen ich mich nicht mehr erinnern kann. Vom OTL Scan hab ich also auch keine Datei, kein Ergebnis, was ich hier posten kann. Macht das jetzt mehr Sinn? |
|
| Themen zu Autorun.inf entfernen |
| anderen, antivirenprogramm, autorun.inf, avg, befallen, betriebssystem, datei, dateien, einfach, entfernen, foren, löschen, namens, neu, programm, stick, trojaner, usb, usb stick, verschiedene, virus, vista, windows, windows vista, wurm |
Linear-Darstellung
