| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Probleme nach Trojaner und SystemwiederherstellungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.03.2011, 11:57
| #31 |
 |  Probleme nach Trojaner und Systemwiederherstellung Es ist noch genauso, wie ich es im 1. Beitrag beschrieben habe... wenn ich einen Ordner auf dem Desktop oder bei den eigenen Dateien anklicke steht da " dieser Ordner ist leer". Habe aber wie gesagt bei einem von den Scans die ich gemacht habe gesehen, dass genau die Ordner durchsucht worden sind und auch die einzelnen Lieder/Bilder die in dem Ordner vorher( vor dem Trojaner) drin waren...deshalb meinte ich, dass die Bilder/Lieder doch eigentlich auch da sein müssten. Wenn ich jetzt den Ordner "Bilder anklicke, werden mir die ganzen Unterordner angezeigt, sogar mit den Vorschaubildern (hoffe du weißt was ich meine...), wenn ich dann aber einen von den Ordnern anklicke steht da "der Ordner ist leer"). Oder bei Winamp lassen sich auch die Lieder abspielen, die in der Playlist waren, die ich vor dem Trojaner zuletzt geladen hatte (ich kann aber keine andere Playlist laden, weil ich die unter "Dokumente" gespeichert hatte und auch da keine Dateien mehr sind/bzw nicht angezeigt werden). Youtube und alles andere geht. Deshalb frag ich mich jetzt, ob die Dateien gelöscht worden sind oder noch da sind, nur nicht sichtbar.Mit der Systemwiederherstellung kann es ja nichts zu tun haben, weil an dem Datum auf das ich wiederhergestellt habe waren die Dateien alle schon drauf. |
|
27.03.2011, 21:24
| #33 |
| | Probleme nach Trojaner und Systemwiederherstellung 1.OTL Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 27.03.2011 22:05:35 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
5,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 30,99 Gb Free Space | 32,91% Space Free | Partition Type: NTFS
Drive D: | 195,14 Gb Total Space | 195,05 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
Computer Name: ***C | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AC4EAF2-D30E-46B3-8E9C-8B6DC0230082}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0ACDB04C-BF68-4789-B6BC-6A9100684758}" = lport=137 | protocol=17 | dir=in | app=system |
"{10CEA79A-F75A-4118-9FCC-24FB14888D9F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{12C40389-F4AA-4B07-B02C-71B26DA9AC75}" = rport=137 | protocol=17 | dir=out | app=system |
"{1EB00D77-B053-4357-8433-40421ACCE722}" = rport=445 | protocol=6 | dir=out | app=system |
"{4208AA20-C8AA-4D7A-9D80-A746C7CAEBC7}" = lport=138 | protocol=17 | dir=in | app=system |
"{4AA1CB05-B3CA-4BD9-A523-977889C41162}" = rport=138 | protocol=17 | dir=out | app=system |
"{4C7DCADF-E56F-4865-A504-9B28B1BEA969}" = lport=445 | protocol=6 | dir=in | app=system |
"{616923DC-AE32-4305-8385-CECF20AF4A79}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7A0932FA-6D5B-4E68-8384-2FF0E0ED3E97}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BFD31C53-47F3-4387-B7CB-9AB5A8617A0C}" = lport=139 | protocol=6 | dir=in | app=system |
"{E20C5825-4B77-420B-942D-61F61F56DB6F}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{163157D8-8E3D-40CB-B4F7-AE93D618FD2F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1CBB2CED-69B0-493A-BD7D-920648EF69B3}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2A3EF047-B65D-4728-82B9-57C3261BC8AE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3F61C227-593F-4A0F-ADC9-1EED02710DC0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4534C903-2B06-40C7-9964-893C99854CCB}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{49D107F6-C253-4C94-8CA3-B46DB33F0FF8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{61774FA6-5012-4679-A245-12F9F08DDB82}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{7C354DA8-6EEA-44B4-8507-DDDA9F934635}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{8916AF0B-8B31-461B-8399-700EC4F0EE3F}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{918CAF29-587F-4087-A64B-FA1D9280566C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9910490A-4947-41C7-B5F8-E9288C828A34}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{A18683AC-84A4-49E9-8A8B-817917FD78FE}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{AA0F234E-020C-41D4-854A-61357E2EF01F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B3683B96-E77F-4B5F-8C4E-0D23C07F9B52}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B643CB92-F220-4325-A4DE-8AF1FEDCC623}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{BE5B488D-DEFB-42DA-ADB0-AD0D02913811}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{BFF05BA1-8F5D-450C-A12C-08B1A997C8F8}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C7C4D1D0-6209-4CFC-A2BD-90BB1E4D90EE}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{CB7CF885-7A90-432F-931D-2DF301EEF76C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{D2BE524F-3073-41E0-A2C6-81C5AC271662}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D475EA96-6740-42EE-9FF5-DA0329CC7358}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{DF946051-375D-489A-B1D1-D8548A68A569}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{E134DA2D-24CC-4DA2-820D-3A2F9142AA45}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{E5A728EA-7959-4B66-82B1-96E7192B6D20}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E931E7F7-B149-4384-8A93-D714C5A72BB9}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{EC4C3FFB-D19A-468D-AA38-E006DC883327}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{3C897222-2206-4562-ABB3-759E51823ECB}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{6DE602EA-0164-4373-90E2-B44F50B511E3}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{975A88E2-B638-4283-8837-FEB6CC48806A}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{B6AA7CA9-CDCC-43D0-B547-42BE95A75287}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{B8113162-5CFD-4869-A6F9-B1CFE5D8C8AC}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{CBE3F5DA-8755-468D-8ABD-65463EAC1537}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{EA52A18E-C3CA-43ED-AD6D-A3F013D08A0A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{6BB43954-7165-480E-8DA2-32E8ADEFFCF0}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{7946DD39-0D0D-4561-AB70-BA96422B1567}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{9C7ADB27-4DD1-4515-B8F8-3DE63E7CD578}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{B25D2DA6-9A0A-4160-8493-B3AA7E320D13}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{DD68C35D-D5D5-4843-BC3B-883DAC10D9F9}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{DF1684F1-BFE9-4455-9619-3F2AD0379F29}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{F057C794-5510-4600-8386-B0693D45B8FB}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{016F5FA1-FD85-FA69-885F-96A03EEEF9C1}" = CCC Help Dutch
"{017C6E75-766C-DE1C-1B48-D0230CB155BC}" = Catalyst Control Center Localization Korean
"{021C8270-F2A6-C941-3A19-EBE139C966E7}" = Catalyst Control Center Graphics Full Existing
"{04FC3DE9-BC19-E2A2-2FB9-24684DA82A36}" = CCC Help Spanish
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05DD3745-0898-FCA7-0A52-689F128B84F9}" = CCC Help French
"{0739951F-27F4-F7FF-C26D-3C44A681933F}" = ccc-utility
"{099F2D26-B862-F04A-FC7B-E7B0B6196CA7}" = CCC Help Chinese Standard
"{0C58BA84-88A3-39FD-61DB-4DF780D1E0B9}" = CCC Help Polish
"{0C8DFC9B-FB65-1444-3E12-9DF64270347A}" = CCC Help Korean
"{139B7164-4C7B-BF85-4CA6-0DD5C611179B}" = Catalyst Control Center Localization Turkish
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14D68B6D-4C3E-6771-1C77-4384BB653B9E}" = Catalyst Control Center Localization Chinese Traditional
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22E719FE-F76D-0BF3-229D-7A9337458CD0}" = CCC Help German
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{26D421BE-752E-1070-0C26-2DE993ED00B0}" = CCC Help Portuguese
"{2A63E819-5359-62CF-FCDB-3707391A08A0}" = CCC Help Chinese Traditional
"{2F926AE7-9FB7-4B34-906F-9C29A6D146A7}" = SystemDiagnostics
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31F2D65F-84A8-D3AD-E3AF-DF127860E39E}" = CCC Help Turkish
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F026B88-D153-93DB-A99B-2A78AFEFF813}" = Catalyst Control Center Localization Polish
"{3F03121C-CA62-D0E1-7957-5C82A4CF3C69}" = Catalyst Control Center Localization Norwegian
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45A34A3F-3597-AA37-E44B-9B95852055A9}" = CCC Help Swedish
"{4811A487-6830-E60D-CD37-816E46C8988D}" = Catalyst Control Center Localization Portuguese
"{49083280-8601-EF0D-EC78-6A8FD9C54172}" = CCC Help Thai
"{4A5DC837-AD1B-D80E-FDE5-4793DC47F695}" = CCC Help Finnish
"{4AAF1376-9CB5-B232-22EE-D0EE53ED9148}" = Catalyst Control Center Localization Danish
"{4EBE8518-B14F-B69E-082B-E6FB85F6B52E}" = CCC Help Italian
"{4F2E897D-39A4-73B7-6614-F1EC2B43A1B5}" = CCC Help Czech
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5413DF9C-4FCC-39A1-FB67-6945428DA718}" = Catalyst Control Center Localization Russian
"{55035C7B-61D2-1DC1-EC53-CFD01C3F82F9}" = CCC Help Hungarian
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B5A6B3A-9DF7-4B81-9F29-5CC668406904}" = Pixia
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DCEC40-8854-B0B5-7828-A6E14DBE71EC}" = Catalyst Control Center Graphics Previews Vista
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DC0B476-B032-83DE-9637-3F6809A344C1}" = Skins
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{766FF098-68AB-48BE-BF41-05708D178198}" = Wer wird Millionär
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774715EC-6B2F-092E-0221-B464A80F565A}" = Catalyst Control Center Localization Italian
"{78B1919F-EFDD-5A23-7393-7887C53BE013}" = CCC Help Danish
"{7E1043B7-AA4D-A877-9A26-D1B3E78DF051}" = CCC Help Norwegian
"{81758E18-D5EA-4049-844A-E2DDDDDA9798}" = CCC Help English
"{81794E08-21DA-189A-1DD5-AEDBBE0BE37B}" = CCC Help Russian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95104E32-1B84-0E33-14BE-BA115643629C}" = Catalyst Control Center Graphics Light
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9687697B-1055-E1E5-2D31-061CC502AB31}" = ATI Catalyst Install Manager
"{96AFCF8B-3C53-49A2-8456-E637021B1031}" = Nero 8 Essentials
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98383302-798D-2089-9143-D64E35D666BD}" = Catalyst Control Center Localization Greek
"{9860F761-0ADB-1149-1A0D-1CBBFD693A3D}" = Catalyst Control Center Localization Finnish
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{9D26F264-EFA2-31BB-D49F-380FD60207FA}" = Catalyst Control Center Core Implementation
"{A777FF2A-942F-CBB0-C36B-F9B72E95B7D9}" = Catalyst Control Center Localization Czech
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFC454ED-A26F-4816-826B-C35129D82E1F}" = Fujitsu Siemens Computers Recovery
"{B1EEB795-48EE-AA3B-7CF9-5CE4B7883792}" = Catalyst Control Center Localization German
"{B3905755-64EC-422E-A4D9-644D6D8FDE5E}" = ccc-core-static
"{B3D068F7-34DD-2BB7-6F2F-D67274819ACC}" = Catalyst Control Center Localization Swedish
"{C698749A-7BB4-BE2A-9551-EC85C8A65E2F}" = CCC Help Greek
"{CA45B622-88F9-4836-A529-DBF14698498D}" = Catalyst Control Center - Branding
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF06DB43-2F14-EA98-AB1B-124FD65A8AEE}" = Catalyst Control Center InstallProxy
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.4
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D21E879C-8400-BEE3-23AB-9399DEF9F7D1}" = Catalyst Control Center Localization Hungarian
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DCA2E1BC-7FB4-217C-54C6-B99D4EA7FFCF}" = Catalyst Control Center Localization Dutch
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E7B4D6A2-D6B1-29A3-7720-C35599A8718B}" = Catalyst Control Center Localization Thai
"{EBFD0EFA-9AEF-D432-9330-717FE34FB717}" = Catalyst Control Center Localization French
"{ED3B736A-7C2E-35DB-0F33-E8C9CF101662}" = Catalyst Control Center Localization Chinese Standard
"{EECA2BE9-BB32-8E29-3293-536B600B04B4}" = Catalyst Control Center Localization Spanish
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2E272DA-CB23-936D-268E-030DE425AD11}" = Catalyst Control Center Graphics Full New
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F87C6FBE-FBD2-CC11-FF28-AC687D08EDF0}" = CCC Help Japanese
"{FD65BBF8-5EEB-BE96-44E8-5887B035E0F6}" = Catalyst Control Center Localization Japanese
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"Blue Byte Game Channel" = Blue Byte Game Channel
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX100_TX100 Benutzerhandbuch" = EPSON Stylus SX100_TX100 Handbuch
"EPSON SX100 Series" = EPSON SX100 Series Printer Uninstall
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.30
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Picasa 3" = Picasa 3
"PokerStars" = PokerStars
"Skinamp" = Skinamp for Winamp 2.x (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
2.OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.03.2011 22:05:35 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free 5,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 94,16 Gb Total Space | 30,99 Gb Free Space | 32,91% Space Free | Partition Type: NTFS Drive D: | 195,14 Gb Total Space | 195,05 Gb Free Space | 99,95% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Winamp\winamp.exe (Nullsoft) PRC - C:\Programme\Winamp\winampa.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron) PRC - C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) PRC - C:\Programme\Launch Manager\WisKeyState.exe (Wistron Corp.) PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.) PRC - C:\Programme\Launch Manager\OSDCtrl.exe () PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.) ========== Driver Services (SafeList) ========== DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.24 20:15:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 20:15:27 | 000,000,000 | ---D | M] [2009.09.12 19:45:26 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2009.04.22 16:46:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2011.03.24 20:41:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zf8kf1a0.default\extensions [2011.03.24 14:35:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zf8kf1a0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.03.24 14:35:47 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zf8kf1a0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.03.24 14:35:47 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zf8kf1a0.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.03.24 20:12:42 | 000,002,349 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zf8kf1a0.default\searchplugins\icq-search.xml [2011.03.23 13:26:33 | 000,000,961 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zf8kf1a0.default\searchplugins\icqplugin-1.xml [2010.12.11 11:07:23 | 000,000,961 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zf8kf1a0.default\searchplugins\icqplugin-2.xml [2010.12.17 14:03:21 | 000,000,961 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zf8kf1a0.default\searchplugins\icqplugin-3.xml [2011.03.14 18:56:30 | 000,000,961 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zf8kf1a0.default\searchplugins\icqplugin-4.xml [2011.03.24 20:17:26 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zf8kf1a0.default\searchplugins\icqplugin-5.xml [2011.03.24 20:23:11 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zf8kf1a0.default\searchplugins\icqplugin-6.xml [2010.05.12 18:40:48 | 000,001,042 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zf8kf1a0.default\searchplugins\icqplugin.xml [2011.03.24 20:14:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.07.17 19:00:01 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} File not found (No name found) -- () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZF8KF1A0.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}.XPI () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZF8KF1A0.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI [2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.03.24 20:20:50 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O4 - HKLM..\Run: [FSCRecovery] c:\Programme\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe (Fujitsu Siemens Computers GmbH) O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( ) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe () O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKLM..\Run: [WisKeyState] C:\Program Files\Launch Manager\WisKeyState.exe (Wistron Corp.) O4 - HKCU..\Run: [fsc-reg] C:\fsc-reg\fscreg.exe (Fujitsu Siemens) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.03.27 13:05:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars [2011.03.27 13:05:29 | 000,000,000 | ---D | C] -- C:\Programme\PokerStars [2011.03.26 13:17:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PokerStars.NET [2011.03.25 17:59:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com [2011.03.25 17:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011.03.25 17:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2011.03.25 17:58:55 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2011.03.25 17:58:29 | 010,687,672 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\***\Desktop\SUPERAntiSpyware.exe [2011.03.25 16:22:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Online Solutions [2011.03.25 00:22:55 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\osam_autorun_manager_5_0_portable [2011.03.25 00:22:32 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2011.03.25 00:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2011.03.24 23:18:04 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.03.24 22:20:18 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\tdsskiller [2011.03.24 20:55:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.03.24 20:48:25 | 000,000,000 | ---D | C] -- C:\Cofi [2011.03.24 20:48:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011.03.24 20:40:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.03.24 20:40:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.03.24 20:40:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.03.24 20:40:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.03.24 20:36:30 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.03.24 20:08:56 | 000,000,000 | ---D | C] -- C:\_OTL [2011.03.24 17:01:51 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.03.24 16:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.03.24 16:59:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.03.24 16:59:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.03.24 16:59:34 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.03.24 14:09:50 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2011.03.24 14:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.03.24 04:41:07 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.03.24 04:17:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011.03.24 04:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.03.24 04:16:47 | 000,000,000 | ---D | C] -- C:\Programme\herbert [2011.03.24 03:59:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\TEMP [2011.03.24 03:59:26 | 000,000,000 | -H-D | C] -- C:\Users\***\Documents\Simply Super Software [2011.03.24 03:59:17 | 000,000,000 | -H-D | C] -- C:\Programme\Trojan Remover [2011.03.24 03:59:17 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Simply Super Software [2011.03.24 03:59:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Simply Super Software [2011.03.24 03:41:40 | 000,000,000 | ---D | C] -- C:\sh4ldr [2011.03.24 03:41:40 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group [2011.03.14 18:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.4 [2011.03.14 18:54:43 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\ICQ [2011.03.14 18:54:29 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.4 [2011.03.10 13:27:50 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\TDSSKiller.exe [2011.03.09 16:50:46 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\AVS4YOU [2011.03.09 16:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU [2011.03.09 16:49:37 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\AVSMedia [2011.03.09 16:48:57 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GdiPlus.dll [2011.03.09 16:48:57 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll [2011.03.09 16:48:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\AVS4YOU [2011.03.09 16:48:57 | 000,000,000 | ---D | C] -- C:\Programme\AVS4YOU [2011.03.08 22:33:42 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.03.08 22:33:42 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.03.08 22:33:42 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.03.08 22:33:42 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll ========== Files - Modified Within 30 Days ========== [2011.03.27 22:00:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.03.27 20:34:30 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.27 20:34:30 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.27 13:05:37 | 000,000,864 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.lnk [2011.03.27 12:40:37 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.03.27 12:40:37 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.03.27 12:40:37 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.03.27 12:40:37 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.03.27 12:36:30 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.03.27 12:34:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.27 12:34:25 | 2380,316,672 | -HS- | M] () -- C:\hiberfil.sys [2011.03.25 17:59:01 | 000,001,806 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.03.25 17:58:41 | 010,687,672 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Ani\Desktop\SUPERAntiSpyware.exe [2011.03.25 16:29:56 | 000,311,296 | ---- | M] () -- C:\Windows\System32\drivers\ohekbae.sys [2011.03.25 00:26:28 | 000,080,384 | ---- | M] () -- C:\Users\***\Desktop\MBRCheck.exe [2011.03.25 00:09:55 | 004,272,474 | ---- | M] () -- C:\Users\***\Desktop\osam_autorun_manager_5_0_portable.rar [2011.03.25 00:03:29 | 276,551,926 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.03.24 23:44:55 | 000,301,568 | ---- | M] () -- C:\Users\***\Desktop\qygfgi4t.exe [2011.03.24 20:48:01 | 004,301,567 | R--- | M] () -- C:\Users\***\Desktop\Cofi.exe [2011.03.24 20:20:50 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2011.03.24 20:14:15 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.03.24 17:01:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.03.24 16:59:38 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.23 16:21:50 | 000,016,478 | -H-- | M] () -- C:\Users\***\Documents\Summer.m3u [2011.03.22 00:11:37 | 000,049,040 | -H-- | M] () -- C:\Users\***\Documents\feb11.m3u [2011.03.14 18:56:24 | 000,001,615 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.4.lnk [2011.03.13 13:36:01 | 000,009,241 | ---- | M] () -- C:\Users\***\Desktop\Anleitung.html [2011.03.10 13:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\TDSSKiller.exe ========== Files Created - No Company Name ========== [2011.03.27 13:05:37 | 000,000,864 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.lnk [2011.03.25 17:59:01 | 000,001,806 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.03.25 16:29:56 | 000,311,296 | ---- | C] () -- C:\Windows\System32\drivers\ohekbae.sys [2011.03.25 00:26:09 | 000,080,384 | ---- | C] () -- C:\Users\***\Desktop\MBRCheck.exe [2011.03.25 00:07:35 | 004,272,474 | ---- | C] () -- C:\Users\***i\Desktop\osam_autorun_manager_5_0_portable.rar [2011.03.24 23:44:50 | 000,301,568 | ---- | C] () -- C:\Users\***\Desktop\qygfgi4t.exe [2011.03.24 20:47:30 | 004,301,567 | R--- | C] () -- C:\Users\***\Desktop\Cofi.exe [2011.03.24 20:40:31 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.03.24 20:40:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.03.24 20:40:31 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.03.24 20:40:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.03.24 20:40:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.03.24 20:14:15 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.03.24 20:14:15 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.03.24 16:59:38 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.14 18:56:24 | 000,001,615 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.4.lnk [2011.03.13 13:41:20 | 000,009,241 | ---- | C] () -- C:\Users\***\Desktop\Anleitung.html [2009.09.01 13:41:39 | 000,000,680 | -H-- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2009.05.04 14:59:16 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2009.05.04 14:59:16 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2009.05.04 14:59:16 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2009.05.04 14:59:16 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2009.05.04 14:59:16 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2009.05.04 14:59:16 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2009.05.04 14:59:16 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2009.05.04 14:59:16 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2009.05.04 14:59:16 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2009.05.04 14:59:16 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2009.05.04 14:59:16 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2009.05.04 14:59:16 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2009.05.04 14:59:16 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2009.05.04 14:59:16 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2009.05.04 14:59:16 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2009.05.04 14:59:16 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2009.05.04 14:59:16 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2009.05.04 14:59:16 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2009.05.04 14:59:16 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2009.05.04 14:56:57 | 000,000,025 | ---- | C] () -- C:\Windows\CDESX100DEFGIPS.ini [2009.04.23 10:15:21 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.04.23 10:15:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.01.31 16:31:59 | 000,000,104 | -H-- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2008.12.12 20:54:29 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.12.12 20:54:28 | 000,033,280 | ---- | C] () -- C:\Users\Ani\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.12 20:51:24 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini [2008.09.05 06:03:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.09.05 05:44:46 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys [2008.09.05 05:43:56 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.09.05 05:37:01 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008.09.05 05:37:01 | 000,172,033 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008.09.05 05:37:01 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.09.05 05:37:01 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2008.04.25 15:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2008.01.21 09:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,296,064 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2011.03.24 14:35:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus [2010.12.03 16:54:54 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2009.08.05 14:17:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EPSON [2011.03.24 14:35:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo [2011.03.15 19:46:21 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\ICQ [2011.03.25 16:32:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Online Solutions [2011.03.24 03:59:17 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Simply Super Software [2010.10.04 15:49:42 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Template [2011.03.27 02:46:33 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
|
27.03.2011, 21:35
| #34 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Probleme nach Trojaner und Systemwiederherstellung Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
[2011.03.25 16:29:56 | 000,311,296 | ---- | C] () -- C:\Windows\System32\drivers\ohekbae.sys
[2011.03.24 03:41:40 | 000,000,000 | ---D | C] -- C:\sh4ldr
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
28.03.2011, 11:41
| #35 |
| | Probleme nach Trojaner und Systemwiederherstellung All processes killed ========== OTL ========== C:\Windows\System32\drivers\ohekbae.sys moved successfully. C:\sh4ldr folder moved successfully. Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" removed from keyword.URL Prefs.js: "ICQ Search" removed from browser.search.defaultenginename Prefs.js: "ICQ Search" removed from browser.search.selectedEngine ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: *** ->Temp folder emptied: 20179401 bytes ->Temporary Internet Files folder emptied: 34734931 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 389992247 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 2978 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 31201 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 424,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 03282011_123602 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
28.03.2011, 13:00
| #36 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme nach Trojaner und Systemwiederherstellung Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
__________________ --> Probleme nach Trojaner und Systemwiederherstellung |
|
28.03.2011, 13:12
| #37 |
| | Probleme nach Trojaner und Systemwiederherstellung Super,hat geklappt Muss ich jetzt noch irgendwas machen? |
|
28.03.2011, 13:24
| #38 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme nach Trojaner und Systemwiederherstellung Kannst zur nochmaligen Kontrolle Malwarebytes ausführen, ist aber nicht unbedingt nötig. Eigentlich wäre wir durch - ist denn jetzt alles paletti bei deinem Rechner?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.03.2011, 14:01
| #39 |
| | Probleme nach Trojaner und Systemwiederherstellung Okay, habe nochmal einen Quickscan gemacht- wurde nichts gefunden! Ja ist alles wieder in Ordnung, Programme laufen wieder und die Dateien sind auch alle wieder sichtbar...Soll ich die Programme (OTL usw) mal drauflassen oder muss ich was löschen? |
|
28.03.2011, 18:27
| #40 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme nach Trojaner und Systemwiederherstellung Kann wieder alles runter. Malwarebytes kann hin und wieder aber sinnvoll sein. Dann wären wir durch!  Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink: Mozilla und andere Browser => http://filepony.de/?q=Flash+Player Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.03.2011, 19:43
| #41 |
| | Probleme nach Trojaner und Systemwiederherstellung Alles klar, hab alle Updates installiert! Vielen, vielen Dank für die Hilfe, ohne dich wär ich wohl verloren gewesen  |
|
| Themen zu Probleme nach Trojaner und Systemwiederherstellung |
| dateien, desktop, error, folge, folgende, hören, icons, internet, klicke, leer, meldung, neu, nicht mehr, plötzlich, probleme, programm, ram memory failure, recovery, server, software, systemwiederherstellung, trojaner, version, windows, überhaupt, öffnen |
Linear-Darstellung
