Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Artemis Trojaner Beseitigung

Artemis Trojaner Beseitigung


Log-Analyse und Auswertung: Artemis Trojaner Beseitigung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 11.06.2012, 15:10   #1
JeS
 
Artemis Trojaner Beseitigung - Standard

Artemis Trojaner Beseitigung


Hallo,
ich versuche mich an die Checkliste zu halten, um Eure Geduld nicht unnötig zu strapazieren. Aber ich habe keine Ahnung von Trojanern & Co. und brauche daher Hilfe.

Ich hab Avira Free Antivirus als Virenschutzprogramm installiert, und hatte McAffee (war auf dem PC vorinstalliert, kostenfrei, Festplatte wurde regelmäßig automatisch gescannt). Letzteres gab mir eine Warnmeldung bei einem Scan, ich hätte einen Trojaner: Artemis und irgendeine Zahlenfolge. Und wenn ich mich recht erinnere, wurde folgender Link angegeben: C:\Users\Jessica\AppData\Local\Temp\1352388.dll
Ich hab die Warnmeldung leider nicht gespeichert und McAffee deinstalliert, da ich gelesen hab, zwei Programme können sich behindern.
Also erfolgte ein Update von Avira und ein Scan, der mir zwar 28 Warnungen zu kennwortgeschützten Datein gebracht hat (die nicht ich geschützt hab, soweit ich das sehe), aber keinen Trojaner anzeigte.

Also befolge ich jetzt ganz artig Eure Checkliste und Eure Ratschläge...

OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.06.2012 14:07:56 - Run 2
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Jessica\Desktop
Windows Vista Business Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
894,56 Mb Total Physical Memory | 267,91 Mb Available Physical Memory | 29,95% Memory free
2,00 Gb Paging File | 0,90 Gb Available in Paging File | 45,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 227,59 Gb Total Space | 106,15 Gb Free Space | 46,64% Space Free | Partition Type: NTFS
 
Computer Name: JESSICA-PC | User Name: Jessica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jessica\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - c:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\MobMapUpdater\MobMapUpdater.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\Programme\Common Files\Lenovo\Logger\logmon.exe ()
PRC - C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
PRC - C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
PRC - C:\Windows\System32\IPSSVC.EXE (Lenovo Group Limited)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Windows\System32\PELMICED.EXE (Primax Electronics Ltd.)
PRC - C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
PRC - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Jessica\AppData\Local\Temp\1352388.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxslt.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\ICQ7.2\MDb.dll ()
MOD - C:\Users\Jessica\AppData\Local\Temp\CmdLineExt03.dll ()
MOD - C:\Programme\MobMapUpdater\MobMapUpdater.exe ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\PSPad editor\PSPadShell.dll ()
MOD - C:\Programme\Common Files\Lenovo\CDRecord.dll ()
MOD - C:\Programme\Common Files\Lenovo\xml4cmessages5_5.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Windows\System32\DLAAPI_W.DLL ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (UMVPFSrv) -- C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (SUService) -- c:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TVT Backup Protection Service) -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (tvtnetwk) -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
SRV - (IPSSVC) -- C:\Windows\System32\IPSSVC.EXE (Lenovo Group Limited)
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (Diskeeper) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (LVUVC) Logitech HD Webcam C270(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ldiskl) -- C:\Users\Jessica\AppData\Local\Temp\ldiskl.sys ()
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
DRV - (PROCDD) -- C:\Windows\System32\drivers\PROCDD.SYS (Lenovo Group Limited)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV - (pelusblf) -- C:\Windows\System32\drivers\PELUSBLF.SYS (Primax Electronics Ltd.)
DRV - (pelmouse) -- C:\Windows\System32\drivers\PELMOUSE.SYS (Primax Electronics Ltd.)
DRV - (RT73) -- C:\Windows\System32\drivers\Dr71WU.sys (Ralink Technology, Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {D8994606-7F13-4A62-90A6-AD34D52079DB}
IE - HKLM\..\SearchScopes\{D8994606-7F13-4A62-90A6-AD34D52079DB}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.kaninchenschutzforum.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{D8994606-7F13-4A62-90A6-AD34D52079DB}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.06 17:44:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.05 16:02:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.18 09:21:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.04.22 21:30:35 | 000,000,000 | ---D | M]
 
[2010.08.27 00:59:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessica\AppData\Roaming\mozilla\Extensions
[2010.08.27 00:59:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessica\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.02 21:44:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\cct9xnkl.default\extensions
[2010.09.18 18:33:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\cct9xnkl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.24 00:17:45 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\cct9xnkl.default\extensions\2020Player_IKEA@2020Technologies.com
[2012.06.08 21:52:18 | 000,000,944 | ---- | M] () -- C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\cct9xnkl.default\searchplugins\icqplugin.xml
[2012.06.06 17:44:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.06 17:44:24 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.06.24 09:57:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.24 09:57:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.06.24 09:57:38 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.24 09:57:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.24 09:57:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.24 09:57:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe (lenovo)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [MobMapUpdater] C:\Program Files\MobMapUpdater\MobMapUpdater.exe ()
O4 - HKCU..\Run: [office] C:\Users\Jessica\AppData\Local\Temp\1352388.dll ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Programme\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57830F4C-ABCE-4441-8D3A-66A271F11368}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{874A84A7-FB13-4667-8D00-383368682399}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3ED041C-EEB7-4C10-8D21-76E3E83BF2F9}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img25.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img25.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.11 13:46:23 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Jessica\Desktop\OTL.exe
[2012.06.09 23:17:23 | 000,000,000 | ---D | C] -- C:\Users\Jessica\AppData\Local\Macromedia
[2012.06.05 16:02:04 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.06.05 16:02:03 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.06.05 16:02:03 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.06.05 16:02:02 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.12.19 10:31:25 | 001,159,680 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\ur.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.11 14:05:01 | 000,000,258 | ---- | M] () -- C:\Windows\tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2012.06.11 13:59:09 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.11 13:59:09 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.11 13:51:16 | 000,302,592 | ---- | M] () -- C:\Users\Jessica\Desktop\891g4vti.exe
[2012.06.11 13:46:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jessica\Desktop\OTL.exe
[2012.06.11 13:45:01 | 000,000,000 | ---- | M] () -- C:\Users\Jessica\defogger_reenable
[2012.06.11 13:42:50 | 000,050,477 | ---- | M] () -- C:\Users\Jessica\Desktop\Defogger.exe
[2012.06.11 13:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.11 09:01:38 | 000,025,269 | ---- | M] () -- C:\Windows\System32\PROCDB.INI
[2012.06.11 08:59:21 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.06.11 08:59:15 | 000,000,380 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI
[2012.06.11 08:59:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.11 08:58:52 | 938,663,936 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.09 22:09:41 | 000,708,082 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.09 22:09:41 | 000,664,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.09 22:09:41 | 000,144,434 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.09 22:09:41 | 000,124,938 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.09 21:54:41 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.09 21:54:41 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.05 16:01:42 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.06.05 16:01:42 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.06.05 16:01:42 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.06.05 16:01:42 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.06.05 16:01:42 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.05.28 10:17:16 | 000,001,356 | ---- | M] () -- C:\Users\Jessica\AppData\Local\d3d9caps.dat
[2012.05.24 15:18:53 | 000,025,715 | ---- | M] () -- C:\Users\Jessica\***.elfo
 
========== Files Created - No Company Name ==========
 
[2012.06.11 13:51:12 | 000,302,592 | ---- | C] () -- C:\Users\Jessica\Desktop\891g4vti.exe
[2012.06.11 13:45:01 | 000,000,000 | ---- | C] () -- C:\Users\Jessica\defogger_reenable
[2012.06.11 13:42:12 | 000,050,477 | ---- | C] () -- C:\Users\Jessica\Desktop\Defogger.exe
[2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012.01.18 07:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.11.13 15:19:26 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.06.17 23:05:52 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010.12.19 10:31:27 | 000,000,160 | ---- | C] () -- C:\Program Files\Common Files\c.reg
[2010.09.06 15:11:34 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.09.06 15:11:28 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
 
========== LOP Check ==========
 
[2010.02.17 18:12:41 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Buhl Data Service
[2012.05.06 14:16:54 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\elsterformular
[2012.02.23 23:53:57 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\FileZilla
[2012.06.11 09:02:21 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\ICQ
[2010.08.22 14:27:13 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\InterTrust
[2009.08.22 22:06:26 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\InterVideo
[2008.07.14 00:35:14 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Lenovo
[2009.05.03 13:38:24 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\MobMapUpdater
[2009.03.25 00:28:44 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Nvu
[2011.12.07 20:56:14 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\OpenOffice.org
[2010.04.30 20:55:45 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\ScummVM
[2010.07.03 10:46:19 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\T-Online
[2010.08.27 00:58:23 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Thunderbird
[2012.06.11 14:05:01 | 000,000,258 | ---- | M] () -- C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2012.06.10 23:00:57 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
< End of report >
--- --- ---

Extras.txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11.06.2012 14:07:56 - Run 2
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Jessica\Desktop
Windows Vista Business Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
894,56 Mb Total Physical Memory | 267,91 Mb Available Physical Memory | 29,95% Memory free
2,00 Gb Paging File | 0,90 Gb Available in Paging File | 45,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 227,59 Gb Total Space | 106,15 Gb Free Space | 46,64% Space Free | Partition Type: NTFS
 
Computer Name: JESSICA-PC | User Name: Jessica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AAFB2F5-D408-434C-83D5-E2A6C9206AEF}" = lport=6897 | protocol=6 | dir=in | name=warcraft | 
"{10FA7BB8-4C69-43C5-AA68-5F890A65F0C7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{15C811C1-A9AD-492A-8BEF-863C43AFE70E}" = lport=6892 | protocol=6 | dir=in | name=warcraft | 
"{22762B39-1792-4341-9CF8-4DC1E141D5D9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{246642D0-4D51-4AC1-AB57-55496A2838E1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{27282EAB-4EA8-4A21-BF52-0F6DF67BA6E2}" = lport=6888 | protocol=6 | dir=in | name=warcraft | 
"{2C228E56-96DC-4FBA-9A8C-15BE2AE60D7E}" = lport=6894 | protocol=6 | dir=in | name=warcraft | 
"{3E4A2641-1175-47C6-9E16-832F3C5FEDE7}" = lport=6893 | protocol=6 | dir=in | name=warcraft | 
"{437863D8-6B00-4923-A83A-4DC583987F79}" = lport=6886 | protocol=6 | dir=in | name=warcraft | 
"{49356645-1649-4D03-ADDB-8CAE64F1F913}" = lport=6883 | protocol=6 | dir=in | name=warcraft | 
"{4A496971-899A-44A2-B58E-BA55ACE467FA}" = lport=6884 | protocol=6 | dir=in | name=warcraft | 
"{5E17228D-7E86-4797-A73F-AEC8C5545C83}" = lport=6899 | protocol=6 | dir=in | name=warcraft | 
"{660F5554-49FA-4619-BC07-F63F0FAD33CF}" = lport=6881 | protocol=6 | dir=in | name=warcraft | 
"{6D334C3B-0D71-4A5F-BCF1-117E3A717272}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8AFBCBF2-BD62-4F57-9075-AF492954643B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{92D753DF-977E-4378-8687-6AC3BCADDCD6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{94B031A5-EA29-4247-B433-4555C157DD39}" = lport=6890 | protocol=6 | dir=in | name=warcraft | 
"{9932D11E-662F-4A4A-8A77-F7FBB5BF59A1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{A33C714E-AD18-4E85-9981-A1CAF35C4519}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AB842988-FF42-4F00-9218-16BA0EEA62E4}" = lport=6112 | protocol=6 | dir=in | name=warcraft | 
"{AE32C075-DA3E-4F2E-94D5-A1240D4A3AC8}" = lport=6882 | protocol=6 | dir=in | name=warcraft | 
"{AF7933E8-D474-446C-982B-388A5C8B130C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B1C5C629-2347-452E-BD8C-781E56391C1D}" = lport=6891 | protocol=6 | dir=in | name=warcraft | 
"{BA01FEBC-CD6B-49A4-B831-A2A99CD3791D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{BB22EEB1-C811-4E9B-946C-E0E53A0790C2}" = lport=6885 | protocol=6 | dir=in | name=warcraft | 
"{BD84D130-1116-4D2F-9F1F-01A92710EC2B}" = lport=6889 | protocol=6 | dir=in | name=warcraft | 
"{D2C70930-1E2C-4F77-ADA2-5A39802276A8}" = lport=6895 | protocol=6 | dir=in | name=warcraft | 
"{EEA0F502-B91E-42CC-90B9-CCD4B746A543}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F1423DA7-062A-4290-9A5C-4CAAD49C29B0}" = lport=6887 | protocol=6 | dir=in | name=warcraft | 
"{F59A84AB-24EB-4518-AC10-D7A144A70F4F}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05C6D7A6-0F1F-49E2-93E8-57F54E50E319}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{075CF213-6C01-42B7-A1B0-225FEEDE7D88}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{0EE319CD-0A1E-4F8E-A3F8-BBCC3D46EBF3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{13138912-F394-4822-9F2F-A1E75D5E78D5}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{198469BF-6B0C-4BD2-ABF3-0C970598A13E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{204F7AED-0ACE-401E-BCCA-D38A1373B054}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-2.4.3-to-3.0.2-dede-win-final-downloader.exe | 
"{295A28D6-DF41-49C6-B5D3-0EA703C06487}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{2B6948DD-549B-4D4A-9E51-B66B8A09B1B8}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{3D5A5FF0-6C6E-4454-A2A9-F1DD94ACD500}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{3E629453-8473-4D33-9D75-93534B4F586C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{44172A52-621A-4978-9F73-5D578F279267}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{49564934-380A-4A94-9604-AE6970A0886A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5875837D-A59C-41E6-9439-14728629BA75}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{703848E8-905E-4D3E-84C3-FDF8D273E120}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"{729DDD11-15C2-4FDF-B603-93EED0BA58E4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{854FFD66-C394-4DFF-AD3F-23C74D7CBFBF}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{8857D513-2047-478F-9273-BD2CE08F912F}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"{8D294E9E-5B34-4DE7-B417-BEBF27EED3B3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9178168A-A80F-46B9-AA6E-1B9E5F5FC843}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{9FFF7299-6617-4CF8-8DD6-4111B9D533B6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A378D293-46EC-46C2-ADE0-D3D33977B8AE}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{A61D0354-9328-4E41-A5FC-E8CE835BAD1D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B6C38F84-7D66-4C54-B252-A820369C95C3}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-2.4.3-to-3.0.2-dede-win-final-downloader.exe | 
"{C0E2CB13-A0B4-498A-AD8F-C43E1767902E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{C2DD66A3-9721-4F4E-828D-27C8DACB50A9}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{C3BD7305-BF33-4EA7-8B95-559645C60D46}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{CC0DF373-D7F3-494A-BF98-F219885EA173}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{CE330FD6-F45E-4D35-AAF3-8D135C3428DA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CF708E4B-D9B1-481C-A55C-8BC4CD0D3850}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D3CA65A2-AC64-4923-8CC7-D4478A2F64CD}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{D7E9BE23-C362-45F6-960D-150493F19322}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe | 
"{DC29BEF7-4AF6-4D8B-AD12-3CCADCA2E343}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe | 
"{DC743195-E2C4-49DC-B60A-F05B3310CFA0}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{DF89C6CB-37D2-49DA-8EE0-7AB15C3D1860}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{EB411E9D-AE42-4373-A40F-43FC4A0DAB43}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{0B34EFED-4B03-40D8-A8B9-20FD3E07C830}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{220D1776-6D98-4EB0-9B0E-2E5DE7170312}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{2DD5C03D-C785-4B59-96DE-BEFC45D07CC8}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{4160B1CA-7358-415C-AF3C-AC95114CC81D}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{456A1574-6DB4-4EBA-84E9-C76E97236599}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{4AEC7DAD-DBD2-405A-99BD-2C032CE965A0}C:\program files\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\repair.exe | 
"TCP Query User{638F524B-1DF0-4891-AF45-4BBAA93EE7D9}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"TCP Query User{643F4490-9C67-4400-A193-E4386E3525DE}C:\users\jessica\appdata\local\temp\blizzard launcher temporary - 81801d68\launcher.exe" = protocol=6 | dir=in | app=c:\users\jessica\appdata\local\temp\blizzard launcher temporary - 81801d68\launcher.exe | 
"TCP Query User{98D15096-E473-4482-A186-A929D4AE0102}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"TCP Query User{D2FB90AD-4B1D-4B87-9A31-C8E569070EFB}C:\program files\curse\curseclient.exe" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe | 
"UDP Query User{13D85FE1-A0EB-4504-A8F9-F17649BFB8CD}C:\program files\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\repair.exe | 
"UDP Query User{2ECD4D4D-FD31-454B-9B50-0716CF65D4BA}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{310BAF31-4AC4-4EB6-84BC-93127E8A047A}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{82E6B1C7-3B31-4226-9B50-2CB9CAC49BBE}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"UDP Query User{D1BE3847-3BE6-41F4-A06D-70FB3807F8A1}C:\users\jessica\appdata\local\temp\blizzard launcher temporary - 81801d68\launcher.exe" = protocol=17 | dir=in | app=c:\users\jessica\appdata\local\temp\blizzard launcher temporary - 81801d68\launcher.exe | 
"UDP Query User{DD60E07A-7DDD-46EC-B28F-0AEDAC87583F}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{E23F7932-99F2-414B-9799-34CF0BDF125C}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{F131CD71-0BF1-4E4F-B2C7-D6B1893328DD}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"UDP Query User{F95FFA84-DD72-4974-A38B-A6AE2D394A2D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{FFCF7A4F-AFC0-47E5-ABC7-5ED17237EBC9}C:\program files\curse\curseclient.exe" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06973580-503D-B2F8-B932-C6FFF6DE7615}" = CCC Help Chinese Traditional
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0ADB6A81-F35D-4040-36CE-C50206F09737}" = CCC Help Japanese
"{0F4EFCE8-E358-4430-A504-F55F32BA1816}" = Client Security Solution
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{10DDCDDD-9A59-4496-9371-C17F1668D433}" = Windows Live Toolbar
"{1438FB49-8B53-D209-2B32-B0F33DA65336}" = Catalyst Control Center Localization Thai
"{18B9E358-08D9-0955-2FF3-EA15FF11DF02}" = Catalyst Control Center Localization Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{27A7337A-765F-AA01-7115-06C3023E88E1}" = CCC Help Czech
"{2A73DA05-35C1-AA35-07D5-36C077D3183F}" = Catalyst Control Center Core Implementation
"{2AFE1AE5-1828-E0AE-B067-6B71620AF388}" = Catalyst Control Center Localization German
"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{3184A571-E021-817E-378D-9EC6EE412E09}" = Catalyst Control Center Graphics Light
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{36249169-E3FC-6737-9FA7-9BA520BE0DB2}" = CCC Help French
"{37652D83-7BDC-4735-8954-3FE0C2F2AD18}" = ccc-Branding
"{40BCF117-291F-BA1E-FC3E-C5C80F061641}" = CCC Help Hungarian
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4654A4C6-B8C4-CC1C-91C3-2D938EFD12E8}" = Catalyst Control Center Localization Polish
"{46A62B59-10D1-46B9-C32A-D5CA90899A8B}" = Catalyst Control Center Graphics Full Existing
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{47229A8F-CB6D-E104-412D-206B0D68E02A}" = Catalyst Control Center Localization Turkish
"{476796E1-CD51-1300-F212-15B10724A91F}" = CCC Help Russian
"{48B0DEBB-4A67-0523-0DBB-E82D88FA333D}" = Catalyst Control Center Localization Spanish
"{49850071-F9BA-1736-29B8-3B663CE7738C}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BAB05AF-F263-D3FC-217B-33B0F1B9D118}" = Catalyst Control Center Localization Hungarian
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007
"{4CFA2AC8-FE0B-C8F8-4C3C-73EC24CD52C8}" = CCC Help German
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51242B4E-E559-29D1-F01C-FAD101303CD3}" = CCC Help Italian
"{53A363EF-AC2C-ED65-7011-8F21641E5FAB}" = Catalyst Control Center Localization Portuguese
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{56AA716F-007D-66D2-EC91-9A4C48947E00}" = CCC Help Swedish
"{577E5938-7280-43C8-6585-CCE7CC0B286C}" = Catalyst Control Center Localization Norwegian
"{5967C9BB-1F4D-AAD2-2EDB-93B57376ECD5}" = Catalyst Control Center Localization Danish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{689C7F35-3627-E074-E17B-A03DC82DF234}" = Catalyst Control Center Localization Japanese
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{6BA6EB17-ABA5-32E6-FD02-618F39E07347}" = Catalyst Control Center Localization Czech
"{7104189A-C592-4A56-AC9E-7C0CA135DA3C}" = AGEIA PhysX v6.10.25
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{747B2C81-B13B-F720-9DDC-C31BF1D492DF}" = Catalyst Control Center Localization Korean
"{76A0AADC-437C-10ED-7210-9B9FC38EACE6}" = CCC Help Korean
"{76AB986D-421F-B618-F738-028626176904}" = CCC Help Danish
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Home
"{7B462657-E26A-BB05-1064-A3A94D84583D}" = CCC Help Polish
"{7C032D1E-DD75-6856-2F78-1FF1FE3712DB}" = CCC Help Norwegian
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{818EA00F-8D02-671E-FE70-C2377EE4F24C}" = Catalyst Control Center Localization Dutch
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8FC6E83A-EE8C-88D6-7C7B-74E6BE7C8667}" = CCC Help Thai
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Multimedia Center For Think Offerings
"{949997C4-6532-8E7A-A1A0-AACBC665123E}" = Catalyst Control Center Localization French
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A6700AA-8775-4DAB-6284-771145BAA661}" = Catalyst Control Center Graphics Full New
"{9AFF5F50-1936-8859-AF93-5F66F785EE63}" = CCC Help Dutch
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E478F3F-7A7B-42C5-BE9C-40FC0E07665F}" = Die Spur der Erwachten
"{A1A84D7F-3C2E-1255-2469-8175F972AB58}" = CCC Help Greek
"{A682297F-4CA6-A1EE-D68B-06A3EB847255}" = ccc-core-static
"{A6C2B54A-5D1C-45DE-0FD1-2C3A200163A4}" = CCC Help Turkish
"{A88852F0-1790-1E1D-9164-95FFCF435E97}" = Catalyst Control Center Localization Chinese Traditional
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AE6D88D5-9064-84EA-C9DD-AC5927C44AA1}" = CCC Help Finnish
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B346EA79-BF20-5BE1-E599-45EEFB0CB3BD}" = Catalyst Control Center Localization Greek
"{B460F0C7-98ED-9B55-6D24-E54E98A89A78}" = Skins
"{B4B5E290-81EF-A724-E52C-DE05DC85B2E6}" = Catalyst Control Center Graphics Previews Vista
"{B4BCBF59-3F39-1F6D-2ED2-72198CC7AC49}" = Catalyst Control Center Localization Russian
"{B84B5373-AAC0-07AD-38A0-C44AAA4BD82F}" = CCC Help Spanish
"{BF0B0BF5-366A-6B6E-5718-A98E2E845322}" = ccc-utility
"{C0D49C3F-237B-94C7-EECD-10D22851C76E}" = CCC Help English
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C9521CC8-D7EC-145F-33B7-B27BFF631715}" = CCC Help Portuguese
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkCentre
"{D7A2D358-B2BB-691E-EAD7-E95CDAE9842F}" = Catalyst Control Center Localization Swedish
"{DB6B6CCF-D509-C223-D06E-1D2118ECD193}" = Catalyst Control Center Localization Finnish
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E048D0DC-7419-7867-FCD2-CF176C73E629}" = Catalyst Control Center Localization Chinese Standard
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"5991C8EB35AA0A2B41B0060067BD0DA30E877FFF" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (10/22/2007 6.0.1.5499)
"89838CF0B3DF29FE9FFF8893ACB04964C75A6F1E" = Windows Driver Package - ATI Technogies Inc (pci) System  (11/02/2006 1.00.0000.1)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ATI Uninstaller" = ATI Uninstaller
"Avira AntiVir Desktop" = Avira Free Antivirus
"AwayTask" = Maintenance Manager
"Business Contact Manager für Outlook 2007" = Business Contact Manager für Outlook 2007
"C16E2639B8851B54030DE09318A01581A8096E29" = Windows Driver Package - Marvell (yukonwlh) Net  (09/18/2007 10.24.1.3)
"D4B97D41574F60753BAE597542C02A55D48392C9" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (10/22/2007 6.0.1.5499)
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"FileZilla Client" = FileZilla Client 3.2.5
"HijackThis" = HijackThis 2.0.2
"Lenovo Registration" = Lenovo Registration
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MouseSuite98" = Mouse Suite
"Mozilla Firefox 13.0 (x86 de)" = Mozilla Firefox 13.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nvu_is1" = Nvu 1.0
"PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows
"PROHYBRIDR" = 2007 Microsoft Office system
"PSPad editor_is1" = PSPad editor
"Windows Live Toolbar" = Windows Live Toolbar
"World of Warcraft" = World of Warcraft
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.05.2012 08:41:31 | Computer Name = Jessica-PC | Source = VSS | ID = 8194
Description = 
 
Error - 06.05.2012 08:46:48 | Computer Name = Jessica-PC | Source = VSS | ID = 8194
Description = 
 
Error - 06.05.2012 08:49:32 | Computer Name = Jessica-PC | Source = VSS | ID = 8194
Description = 
 
Error - 06.05.2012 08:51:19 | Computer Name = Jessica-PC | Source = VSS | ID = 8194
Description = 
 
Error - 06.05.2012 09:04:30 | Computer Name = Jessica-PC | Source = VSS | ID = 8194
Description = 
 
Error - 06.05.2012 09:10:05 | Computer Name = Jessica-PC | Source = VSS | ID = 8194
Description = 
 
Error - 06.05.2012 10:58:18 | Computer Name = Jessica-PC | Source = VSS | ID = 8194
Description = 
 
Error - 25.05.2012 14:57:34 | Computer Name = Jessica-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 12.0.0.4493 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: 31c  Anfangszeit: 01cd3aa7d6bc41c3  Zeitpunkt der
 Beendigung: 1716
 
Error - 07.06.2012 09:33:23 | Computer Name = Jessica-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung thunderbird.exe, Version 12.0.0.4501, Zeitstempel
 0x4f9c5917, fehlerhaftes Modul dbghelp.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x4549bcc9, Ausnahmecode 0xc0000005, Fehleroffset 0x6bcfb614,  Prozess-ID 0x1250,
 Anwendungsstartzeit 01cd4481c05b6d5b.
 
Error - 09.06.2012 18:23:59 | Computer Name = Jessica-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 13.0.0.4535, Zeitstempel
 0x4fc8def7, fehlerhaftes Modul xul.dll, Version 13.0.0.4535, Zeitstempel 0x4fc8dda6,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000e4238,  Prozess-ID 0xe84, Anwendungsstartzeit
 01cd468e03a14668.
 
[ System Events ]
Error - 11.06.2012 07:01:28 | Computer Name = Jessica-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 11.06.2012 07:01:28 | Computer Name = Jessica-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 11.06.2012 07:01:28 | Computer Name = Jessica-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 11.06.2012 07:01:28 | Computer Name = Jessica-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 11.06.2012 07:01:28 | Computer Name = Jessica-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 11.06.2012 07:01:28 | Computer Name = Jessica-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 11.06.2012 07:01:28 | Computer Name = Jessica-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 11.06.2012 07:01:28 | Computer Name = Jessica-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 11.06.2012 07:01:28 | Computer Name = Jessica-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 11.06.2012 07:01:28 | Computer Name = Jessica-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
 
< End of report >
--- --- ---
Da mein PC ein 32 bit System hat, wollte ich noch GMER anwenden, aber das funktioniert nicht. Nach dem Start des Scanvorgangs kommt nach wenigen Sekungen eine DOS Oberfläche mit dem Textbeginn "Problem has been detected..." und dann ist der PC auch schon aus und startet neu. Das Programm GMER ist danach nicht mehr aktiv.

Woran kann das liegen?

Krieg ich den Trojaner trotzdem weg?

Ich danke Euch schon jetzt für Eure Hilfe!

Malwarebytes Anti-Malware Logfile:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.12.05

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
Jessica :: JESSICA-PC [Administrator]

12.06.2012 16:08:59
mbam-log-2012-06-12 (18-26-40).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 343463
Laufzeit: 1 Stunde(n), 39 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|office (Trojan.Agent) -> Daten: "C:\Windows\system32\rundll32.exe" C:\Users\Jessica\AppData\Local\Temp\1352388.dll,S -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Jessica\AppData\Local\Temp\arp.bat (Spyware.OnLineGames) -> Keine Aktion durchgeführt.
C:\Program Files\Common Files\c.reg (Malware.Trace) -> Keine Aktion durchgeführt.
C:\Program Files\Common Files\ur.dll (Malware.Trace) -> Keine Aktion durchgeführt.

(Ende)


Gmer kann ich im abgesicherten Modus durchführen, das hat aber zuletzt nicht mit dem speichern geklappt (leere Textdatei), ich versuche es erneut und füge es dann ebenfalls ein.

 

Themen zu Artemis Trojaner Beseitigung
32 bit, antivirus, avira, beseitigung, bho, checkliste, curse, dateisystem, downloader, error, festplatte, firefox, flash player, format, ftp, heuristiks/extra, heuristiks/shuriken, hijack, hijackthis, install.exe, lenovo, logfile, microsoft office 2003, microsoft office word, object, office 2007, plug-in, realtek, registry, rundll, searchscopes, security, server, software, sparbuch, spyware.onlinegames, trojaner, vista, wiso


« brauche hilfe gegen bundestrojaner..... | Verschlüsselungs-Trojaner »


Ähnliche Themen: Artemis Trojaner Beseitigung


  1. Windows 7: Trojaner artemis!E* wird bei fast jedem Scan auf meinem PC gefunden
    Log-Analyse und Auswertung - 20.04.2015 (20)
  2. Trojaner Artemis!29760C4C151F eingefangen
    Plagegeister aller Art und deren Bekämpfung - 25.08.2014 (15)
  3. Trojaner Artemis in C:\Windows\System32\microsoft.com
    Log-Analyse und Auswertung - 08.08.2014 (41)
  4. McAfee meldet Trojaner Artemis!88866BFA9466, entfernt ihn aber nicht
    Log-Analyse und Auswertung - 13.04.2014 (43)
  5. Email von Michael Friedrich<sonnengitta@web.de> enthält Anhang Rechnung-April.exe mit Trojaner Artemis!
    Plagegeister aller Art und deren Bekämpfung - 06.04.2014 (5)
  6. Email von Michael Friedrich<sonnengitta@web.de> enthält Anhang Rechnung-April.exe mit Trojaner Artemis!
    Plagegeister aller Art und deren Bekämpfung - 04.04.2014 (1)
  7. Artemis-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 20.01.2014 (3)
  8. Mcafee findt mehrere Artemis Trojaner was tun???
    Plagegeister aller Art und deren Bekämpfung - 07.06.2013 (15)
  9. Trojaner Artemis!817BCA3E74AF
    Log-Analyse und Auswertung - 30.03.2013 (10)
  10. Trojaner: Artemis!697E81D4CFBD
    Log-Analyse und Auswertung - 05.02.2013 (1)
  11. Beseitigung GVU-Trojaner 2.07
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (4)
  12. Trojaner beseitigung
    Plagegeister aller Art und deren Bekämpfung - 17.09.2012 (1)
  13. artemis 6.xxxxxxxxx dringend trojaner
    Plagegeister aller Art und deren Bekämpfung - 30.04.2012 (7)
  14. Mcafee findet Artemis!4B3812C4890C ( Trojaner ) in einer E-mail Anlage
    Plagegeister aller Art und deren Bekämpfung - 29.10.2011 (6)
  15. McAfee meldet Trojaner-Befall Artemis!317AB1B0B53C
    Log-Analyse und Auswertung - 26.10.2010 (8)
  16. trojaner beseitigung
    Log-Analyse und Auswertung - 08.09.2010 (19)
  17. Trojaner namens Generic/Artemis
    Log-Analyse und Auswertung - 26.02.2009 (17)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Artemis Trojaner Beseitigung - Hallo, ich versuche mich an die Checkliste zu halten, um Eure Geduld nicht unnötig zu strapazieren. Aber ich habe keine Ahnung von Trojanern & Co. und brauche daher Hilfe. Ich - Artemis Trojaner Beseitigung...
Archiv
Du betrachtest: Artemis Trojaner Beseitigung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131