Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn (https://www.trojaner-board.de/86800-virus-icq-gen-trojan-heur-cgw-tvczhan.html)

amanda_the_3 06.06.2010 14:39
Virus über icq: Gen:Trojan.Heur.cGW@tvCZhAn
 
Hallo,

ich bin neu, hab gesucht, aber noch nicht das richtige gefunden:

Erstmal, ich habe WindowsVista und benutze Avira AntiVir Personal als Antivirenprogramm, die spontan eingeleitete Suchaktion von diesem Programm war allerdings ohne Erfolg.

Also, eine Freundin wollte mir ein Bild schicken und dann kam ein Link, den ich leider angeklickt habe, weil ich einen sehr ähnlichen Link (imageshack) erwartet habe.

Es ist eine Bilddatei (glaube ich), die in meinem Downloads-Ordner steckte und bereits meinen Windows-Explorer lahmgelegt hat, das heißt, ich kann auf keinen Ordner mehr zugreifen, das Startmenü ist leer.
Die Datei heißt PIC0737830249202010.JPG.scr

Die Seite hxxp://virusscan.jotti.org hat folgendes Ergebnis geliefert: Gen:Trojan.Heur.cGW@tvCZhAn

Ich bin jetzt vollkommen planlos, sowas ist mir noch nie passiert, weil ich eigentlich sehr vorsichtig bin.

Was kann ich jetzt machen?

Liebe Grüße
Amanda

Edit: Habe eben mal den Thread etwas weiter undten zu einem ähnlichen Thema gelesen. Ich kann Malwarebytes Anti-Malware 1.46 nicht installieren, weil angeblich nicht genug System-Ressourcen zur Verfügung stehen...

amanda_the_3 06.06.2010 15:04
Mache jetzt einen OTL scan.

Ergebnis:

OTL logfile created on: 06.06.2010 15:59:47 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Amanda\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
6,00 Gb Paging File | 3,00 Gb Available in Paging File | 54,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 106,63 Gb Free Space | 47,84% Space Free | Partition Type: NTFS
Drive D: | 7,90 Gb Total Space | 0,79 Gb Free Space | 10,00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1021,00 Mb Total Space | 1016,38 Mb Free Space | 99,55% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AMANDA-PC
Current User Name: Amanda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Amanda\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Java\jre6\bin\jp2launcher.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira GmbH)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
PRC - c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International)
PRC - c:\Programme\Hewlett-Packard\IAM\Bin\asghost.exe (Bioscrypt Inc.)
PRC - C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
PRC - C:\Programme\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
PRC - c:\Programme\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
PRC - c:\Programme\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Modules (SafeList) ==========

MOD - C:\Users\Amanda\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (0095201239898690mcinstcleanup) McAfee Application Installer Cleanup (0095201239898690) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (HP ProtectTools Service) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (HpFkCryptService) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International)
SRV - (ASBroker) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.)
SRV - (ASChannel) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll (Bioscrypt Inc.)
SRV - (HPFSService) -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (accoca) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys ()

cosinus 06.06.2010 15:09
OTL dauert nicht lange. Grob geschätzt 5 Minuten.

amanda_the_3 06.06.2010 15:11
Bitte um weitere Anweisung.

LG amanda

cosinus 06.06.2010 15:15
Das Log ist unvollständig!!
Bitte pack beide Logfiles in eine ZIP-Datei und häng es hier an.

amanda_the_3 06.06.2010 15:18
Ich habe das Teil als eine Txt-Datei bekommen, die sich einfach geöffnet hat, und habe keine ahnung, wie ich das in eine zip-Datei rein bekomme...
Wo bekomme ich denn den zweiten logfile her?

cosinus 06.06.2010 15:24
Die OTL.txt und Extras.txt werden benötigt, die solltest Du direkt auf C: finden.
Beide Dateien markieren => Rechtsklick => Senden an ZIP komprimierter Ordner
Die dann erstellte ZIP-Datei dem nächsten Beitrag anhängen

amanda_the_3 06.06.2010 15:28
Ich kann auf C: nicht mehr zugreifen...

cosinus 06.06.2010 15:37
Dann klick auf Start > Ausführen und tipp ein: notepad C:\OTL.txt
DasOTL-Log müsste sich zumindest wider öffnen. Markier dann mit STRG+A den gesamten Text und poste das Log komplett!

amanda_the_3 06.06.2010 15:43
Anhang 7055

Anhang 7056

so, die zip-datei geht leider nicht, ich hoffe, es reichen die txt datein

Es klappt heute wirklich gar nichts...

amanda_the_3 06.06.2010 15:52
Nochmal so:

OTL Logfile:
Code:
OTL logfile created on: 06.06.2010 15:59:47 - Run 1
OTL by OldTimer - Version 3.2.5.3    Folder = C:\Users\Amanda\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
6,00 Gb Paging File | 3,00 Gb Available in Paging File | 54,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 106,63 Gb Free Space | 47,84% Space Free | Partition Type: NTFS
Drive D: | 7,90 Gb Total Space | 0,79 Gb Free Space | 10,00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1021,00 Mb Total Space | 1016,38 Mb Free Space | 99,55% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: AMANDA-PC
Current User Name: Amanda
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Amanda\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Java\jre6\bin\jp2launcher.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira GmbH)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
PRC - c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International)
PRC - c:\Programme\Hewlett-Packard\IAM\Bin\asghost.exe (Bioscrypt Inc.)
PRC - C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
PRC - C:\Programme\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
PRC - c:\Programme\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
PRC - c:\Programme\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Amanda\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (0095201239898690mcinstcleanup) McAfee Application Installer Cleanup (0095201239898690) --  File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (HP ProtectTools Service) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (HpFkCryptService) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International)
SRV - (ASBroker) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.)
SRV - (ASChannel) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll (Bioscrypt Inc.)
SRV - (HPFSService) -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (accoca) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys ()
DRV - (SVKP) -- C:\Windows\System32\SVKP.sys (AntiCracking)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (Lbd) -- C:\windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (SbAlg) -- C:\Windows\System32\drivers\SbAlg.sys (SafeBoot N.V.)
DRV - (SbFsLock) -- C:\Windows\System32\drivers\SbFsLock.sys (SafeBoot International)
DRV - (RsvLock) -- C:\Windows\System32\drivers\rsvlock.sys (SafeBoot International)
DRV - (SafeBoot) -- C:\Windows\System32\drivers\SafeBoot.sys ()
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ADIHdAudAddService) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (hpdskflt) -- C:\windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (adpu320) -- C:\windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR) -- C:\windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu160m) -- C:\windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (HpCISSs) -- C:\windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_FC) -- C:\windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\windows\system32\drivers\elxstor.sys (Emulex)
DRV - (LSI_SCSI) -- C:\windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (nvraid) -- C:\windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (adp94xx) -- C:\windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (viaide) -- C:\windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ql40xx) -- C:\windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://de.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.80
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.12 11:30:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.22 18:46:32 | 000,000,000 | ---D | M]
 
[2009.04.16 17:42:32 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\mozilla\Extensions
[2010.05.28 10:55:53 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\mozilla\Firefox\Profiles\s0a9cmbq.default\extensions
[2010.05.28 10:55:44 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Amanda\AppData\Roaming\mozilla\Firefox\Profiles\s0a9cmbq.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.05.28 10:55:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Amanda\AppData\Roaming\mozilla\Firefox\Profiles\s0a9cmbq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.03 16:04:27 | 000,000,950 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\FireFox\Profiles\s0a9cmbq.default\searchplugins\icqplugin-1.xml
[2010.04.05 20:59:21 | 000,000,950 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\FireFox\Profiles\s0a9cmbq.default\searchplugins\icqplugin-2.xml
[2010.04.12 11:31:53 | 000,000,950 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\FireFox\Profiles\s0a9cmbq.default\searchplugins\icqplugin-3.xml
[2010.05.05 21:24:12 | 000,000,950 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\FireFox\Profiles\s0a9cmbq.default\searchplugins\icqplugin-4.xml
[2010.03.17 12:45:01 | 000,000,955 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\FireFox\Profiles\s0a9cmbq.default\searchplugins\icqplugin.xml
[2009.12.06 16:41:27 | 000,001,996 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\FireFox\Profiles\s0a9cmbq.default\searchplugins\suche-in-wikipedia.xml
[2010.04.22 18:46:38 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.14 16:35:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPPDLicenseHelper.dll
[2010.04.12 11:30:15 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.12 11:30:15 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.12 11:30:15 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.12 11:30:15 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.12 11:30:15 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - No CLSID value found.
O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Programme\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (no name) - {F156768E-81EF-470C-9057-481BA8380DBA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v911/Navigram.cab (Navigram Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Amanda\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Amanda\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d4fabb52-ca08-11de-9839-002186e55935}\Shell - "" = AutoRun
O33 - MountPoints2\{d4fabb52-ca08-11de-9839-002186e55935}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found
O33 - MountPoints2\{d4fabb52-ca08-11de-9839-002186e55935}\Shell\setup\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\{e5e6e7e7-7785-11de-b961-002186e55935}\Shell - "" = AutoRun
O33 - MountPoints2\{e5e6e7e7-7785-11de-b961-002186e55935}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.06 15:58:36 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Amanda\Desktop\OTL.exe
[2010.06.06 15:51:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.06 15:47:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010.06.06 15:47:51 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2010.05.26 11:50:19 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\Meerschweinchen
[2010.05.26 09:08:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2010.05.25 10:08:19 | 000,000,000 | ---D | C] -- C:\ed489c9c21f4f0ce592776a9e7cc
[2010.05.23 22:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2009.04.16 15:01:53 | 000,180,224 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2009.04.16 15:01:52 | 000,176,128 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.06 15:59:57 | 002,883,584 | -HS- | M] () -- C:\Users\Amanda\NTUSER.DAT
[2010.06.06 15:58:42 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Amanda\Desktop\OTL.exe
[2010.06.06 14:12:19 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.06 14:12:19 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.06 06:53:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010.06.01 18:51:03 | 000,000,680 | ---- | M] () -- C:\Users\Amanda\AppData\Local\d3d9caps.dat
[2010.05.31 18:55:26 | 000,000,054 | ---- | M] () -- C:\windows\System32\rp_stats.dat
[2010.05.31 18:55:26 | 000,000,039 | ---- | M] () -- C:\windows\System32\rp_rules.dat
[2010.05.31 18:55:17 | 000,000,474 | ---- | M] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2010.05.28 10:44:59 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010.05.28 10:44:15 | 2947,432,448 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.28 09:42:10 | 000,002,140 | ---- | M] () -- C:\windows\bthservsdp.dat
[2010.05.28 09:41:58 | 000,524,288 | -HS- | M] () -- C:\Users\Amanda\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010.05.28 09:41:58 | 000,065,536 | -HS- | M] () -- C:\Users\Amanda\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010.05.28 09:41:39 | 002,377,639 | -H-- | M] () -- C:\Users\Amanda\AppData\Local\IconCache.db
[2010.05.27 17:45:37 | 000,000,326 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForAmanda.job
[2010.05.12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
 
========== Files Created - No Company Name ==========
 
[2010.02.24 20:50:40 | 000,047,104 | ---- | C] () -- C:\windows\System32\KMVIDC32.DLL
[2009.11.05 14:21:07 | 000,691,696 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys
[2009.10.22 12:38:44 | 000,117,248 | ---- | C] () -- C:\windows\System32\EhStorAuthn.dll
[2009.06.03 13:21:33 | 000,017,408 | ---- | C] () -- C:\windows\System32\rpcnetp.dll
[2009.04.16 15:01:53 | 001,804,160 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2009.04.16 15:01:53 | 000,028,160 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2009.04.16 15:01:53 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2009.02.28 01:18:28 | 000,003,584 | ---- | C] () -- C:\windows\System32\wceprv.dll
[2008.07.23 15:38:17 | 000,204,800 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll
[2008.07.23 15:38:17 | 000,200,704 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll
[2008.07.23 15:38:17 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll
[2008.07.23 15:38:17 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll
[2008.07.23 15:38:17 | 000,188,416 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll
[2008.07.23 15:38:17 | 000,020,480 | ---- | C] () -- C:\windows\System32\IVIresize.dll
[2008.07.23 15:07:46 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI
[2008.05.30 18:36:58 | 000,108,752 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2008.05.21 11:38:12 | 000,159,744 | ---- | C] () -- C:\windows\System32\atitmmxx.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini
[2005.04.04 00:30:00 | 000,110,592 | ---- | C] () -- C:\windows\System32\scardsyn.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll
[1998.05.07 05:10:00 | 000,069,632 | ---- | C] () -- C:\windows\System32\ODMA32.dll
< End of report >
--- --- ---















OTL Logfile:
Code:
OTL Extras logfile created on: 06.06.2010 16:21:55 - Run 1
OTL by OldTimer - Version 3.2.5.3    Folder = C:\Users\Amanda\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
6,00 Gb Paging File | 3,00 Gb Available in Paging File | 53,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 106,63 Gb Free Space | 47,84% Space Free | Partition Type: NTFS
Drive D: | 7,90 Gb Total Space | 0,79 Gb Free Space | 10,00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1021,00 Mb Total Space | 1016,38 Mb Free Space | 99,55% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: AMANDA-PC
Current User Name: Amanda
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.jse [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.pif [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.wsf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.wsh [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FB5ED61-1530-4297-86A0-6843A3E540AF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1BFA1A1D-B0C6-4DEB-9A7F-9ED32242634F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{207E302F-76FF-4BFC-977A-DE014BEF164C}" = lport=445 | protocol=6 | dir=in | app=system |
"{2668E148-6073-4985-ADE6-4FCC058F8B6D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2AB8C25A-E1ED-4180-8560-3390A9EEA070}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{44511208-0329-4EC5-B367-5574C3138068}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{46C2894E-E496-4425-8299-65B4F3902EA1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6DD1C650-DB1E-425D-BE0F-0D37402B4155}" = lport=139 | protocol=6 | dir=in | app=system |
"{7A8F35FF-91BC-4D1D-BE89-085BAF77E1E6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7D4DD2A4-E582-44C4-9CC8-6965372D9663}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8336126B-7940-4317-A05D-31825DEBB22A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{93688B8B-0D98-4E67-AB1B-61CFEB1D67AE}" = rport=139 | protocol=6 | dir=out | app=system |
"{9C93ABF5-5D8B-43A1-BED9-4C6F9D773B4D}" = lport=138 | protocol=17 | dir=in | app=system |
"{A87B9D60-E027-4D08-BA9F-22986310D585}" = rport=137 | protocol=17 | dir=out | app=system |
"{BF85BCEA-6DDB-4EFB-9692-5FA15CBD0482}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C0C05712-0820-4AEF-B4B2-2D4AD2222DD1}" = lport=137 | protocol=17 | dir=in | app=system |
"{D65C45C0-F1E1-416A-BFF2-BD4005C0B880}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DC92C7FF-09B3-4D48-BF1B-DD1AD8883079}" = rport=445 | protocol=6 | dir=out | app=system |
"{EB68D4CF-FC6D-43EE-AE2E-8296405BCD42}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EC07229E-0D24-40DA-AF20-F8F09840FE3D}" = rport=138 | protocol=17 | dir=out | app=system |
"{F5450EB1-C1E1-442D-B047-A4F3094E2A57}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{019BCCEE-B0A6-43A6-A8C4-5266C3A30193}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0B0F32B9-566F-4B00-BF0A-1E8F040EDD8E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1AD35ED0-A4B0-4B03-A914-2724B25DF6C5}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{1BD696C1-FA30-4314-B631-D5EDCFB08477}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{22B84974-1EBE-47BF-89A0-BCEE41F4EE2B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{3959E5C4-93D5-4FE1-806F-3AAE73A1CD55}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{47515DC5-40E3-4C75-979B-4DD18926717B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{62ED8F0B-D4BB-47C9-96F9-B60F70930ABB}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{63B08FCB-497E-43AD-A734-69F2491F1E71}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{73A82066-F7E7-4F77-9903-8834AE14ACF5}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{80D9562D-E161-45A8-835B-E546DECCB1A4}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{90CA9CB9-F0C9-4BD2-8F55-FB8DB136B208}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9FC76D00-3F99-45CE-BFEB-957F4D60E00C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D6AF44FA-74F3-4C4B-B044-E2E0AD036954}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E3366F78-2071-4CE2-9166-03467CF9BE8B}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{0992A499-F3CA-48CF-AF74-77D92526F9E6}C:\program files\steam\steamapps\mehrtuerer@farcryhq.com\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mehrtuerer@farcryhq.com\team fortress 2\hl2.exe |
"TCP Query User{414F725F-A982-409E-803D-910EBBBD6180}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{48A4F89D-3B74-4320-9075-E75C7579EEBD}C:\program files\steam\steamapps\mehrtuerer@farcryhq.com\half-life\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mehrtuerer@farcryhq.com\half-life\hl.exe |
"TCP Query User{4EA86154-E6B7-45DC-BA5A-31C2A24CDB9E}C:\program files\steam\steamapps\mehrtuerer@farcryhq.com\opposing force\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mehrtuerer@farcryhq.com\opposing force\hl.exe |
"TCP Query User{626DF298-EB9D-4DCD-A0F2-8EBECD006AF0}C:\program files\java\jre1.6.0_06\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\java.exe |
"TCP Query User{839A5E70-D6C6-45A8-8A16-76EF80718DC8}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{9AA8787F-AB68-4FD4-80B4-32F1A5CCDDBC}C:\program files\surfmusik 3.1\surfmusik.exe" = protocol=6 | dir=in | app=c:\program files\surfmusik 3.1\surfmusik.exe |
"TCP Query User{B420E171-A468-4E71-8DCC-60A891A3DFBD}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{F853BB57-F280-4F8E-BEDB-00BA08C78031}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe |
"UDP Query User{07EA5787-E37F-4D4C-9DAF-C2386CB719F3}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe |
"UDP Query User{21DB01A9-5043-4CED-AC45-B05C401081B4}C:\program files\surfmusik 3.1\surfmusik.exe" = protocol=17 | dir=in | app=c:\program files\surfmusik 3.1\surfmusik.exe |
"UDP Query User{231C54D6-EB00-4134-B7C7-4E9DFF7C85CD}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
"UDP Query User{5FC8C5CE-4929-4D51-A40E-12137EBD82D1}C:\program files\steam\steamapps\mehrtuerer@farcryhq.com\half-life\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mehrtuerer@farcryhq.com\half-life\hl.exe |
"UDP Query User{7A8290F5-50A2-4770-96C5-32B021DFD0C7}C:\program files\java\jre1.6.0_06\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\java.exe |
"UDP Query User{A0BC9741-788E-4617-828A-EFD9A616A582}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
"UDP Query User{A4B76C91-591A-422C-AB0D-F30FB5868A99}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{AF70D0F2-2585-423E-9356-9DC77F214FE4}C:\program files\steam\steamapps\mehrtuerer@farcryhq.com\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mehrtuerer@farcryhq.com\team fortress 2\hl2.exe |
"UDP Query User{FA9F8FDC-6731-49CE-A7CA-25C2D431943F}C:\program files\steam\steamapps\mehrtuerer@farcryhq.com\opposing force\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mehrtuerer@farcryhq.com\opposing force\hl.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3600_series" = Canon iP3600 series Printer Driver
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{27AB9B63-70B4-3444-7FE7-EAAF837286B6}" = Catalyst Control Center Localization Turkish
"{2ACA66D0-7C67-4235-90B5-7AB382FF8633}" = HP 3D DriveGuard
"{2B01122D-645A-7A29-5F98-025F3F920EEE}" = CCC Help Thai
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2E8A56E1-8421-623F-7D27-5B0D64052D35}" = CCC Help Swedish
"{3032FE9D-1EF0-2B28-E28F-D14123A54091}" = CCC Help Norwegian
"{30BF4E6C-D866-46F7-A4F6-81A45E97706E}" = Catalyst Control Center - Branding
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{32D95F2D-17A3-9457-667D-DC603227295F}" = ATI Catalyst Install Manager
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 E1
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{3FE45683-E0A6-8887-BA46-93846D76A571}" = Catalyst Control Center Localization Japanese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B8CE04B-567D-A6D1-C8C3-55151585051A}" = Catalyst Control Center Localization Hungarian
"{4BBB1697-A0C0-C00D-CC3B-2A3D8D7ED8E1}" = CCC Help Czech
"{4BDBFEB0-784B-8FBB-E323-17F4B8C3450D}" = Catalyst Control Center Core Implementation
"{4DEB1738-EE2D-9415-B1F3-99FE75519BB8}" = Catalyst Control Center Localization Norwegian
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{5FEB063B-B9A0-7677-8D4B-5DE1397BBC7F}" = Catalyst Control Center Localization Swedish
"{6079977A-C216-0ED5-7E82-5E94A7683EB1}" = Catalyst Control Center Localization Chinese Traditional
"{609C59C0-2920-B88F-AC4E-8434CEEA093F}" = CCC Help Chinese Standard
"{62A07DAC-EE36-7C2D-28D4-18A4B8F55EC9}" = Catalyst Control Center Localization Greek
"{6716796A-DD6E-8B10-AF22-D30ECB25C682}" = CCC Help Portuguese
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{6F854740-01D1-46A4-C809-D73B14F9FAA2}" = ccc-utility
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{8253DB6F-C883-93A4-435F-9526DC07C17F}" = CCC Help Italian
"{8BB128BE-2670-485D-A221-B00715BCEBCF}" = HP Easy Setup - Frontend
"{8EC7AB5C-7128-B1CD-CA1D-74190D31313E}" = Catalyst Control Center Localization Chinese Standard
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{938DB54D-B302-4594-A782-32219F1734AB}" = Canon Camera WIA Driver
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{BBF10B37-4ED3-11D5-A818-00500435FC18}" = Gothic
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"7-Zip" = 7-Zip 4.65
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Dorgem_is1" = Dorgem 2.1.0
"DVD Flick_is1" = DVD Flick 1.3.0.7
"Gothic II" = Gothic II
"InstallShield_{938DB54D-B302-4594-A782-32219F1734AB}" = Canon PowerShot S45 WIA-Treiber
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Steam App 220" = Half-Life 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"SurfMusik 3.1a_is1" = SurfMusik 3.1a
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Sweet Home 3D" = Sweet Home 3D
"uTorrent" = µTorrent
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.06.2010 10:01:44 | Computer Name = Amanda-PC | Source = Windows Search Service | ID = 3100
Description =
 
Error - 06.06.2010 10:03:42 | Computer Name = Amanda-PC | Source = Windows Search Service | ID = 3100
Description =
 
Error - 06.06.2010 10:03:51 | Computer Name = Amanda-PC | Source = Windows Search Service | ID = 3083
Description =
 
Error - 06.06.2010 10:03:52 | Computer Name = Amanda-PC | Source = Windows Search Service | ID = 3100
Description =
 
Error - 06.06.2010 10:05:52 | Computer Name = Amanda-PC | Source = Windows Search Service | ID = 3100
Description =
 
Error - 06.06.2010 10:07:51 | Computer Name = Amanda-PC | Source = Windows Search Service | ID = 3100
Description =
 
Error - 06.06.2010 10:08:11 | Computer Name = Amanda-PC | Source = Windows Search Service | ID = 3083
Description =
 
Error - 06.06.2010 10:08:14 | Computer Name = Amanda-PC | Source = Windows Search Service | ID = 3100
Description =
 
Error - 06.06.2010 10:10:12 | Computer Name = Amanda-PC | Source = Windows Search Service | ID = 3100
Description =
 
Error - 06.06.2010 10:12:12 | Computer Name = Amanda-PC | Source = Windows Search Service | ID = 3100
Description =
 
[ Credential Manager Events ]
Error - 13.06.2009 07:03:23 | Computer Name = Amanda-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.  Benutzer:
 Amanda@Amanda-PC  Client-GUID: {Password}  Fehler: 0xC516020B  Client-Host: localhost

Client-Adresse:
 127.0.0.1  Authentifizierungsstelle: HP  Server-Host: localhost  Protokoll: HTTP
 
Error - 13.06.2009 07:03:23 | Computer Name = Amanda-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Amanda@Amanda-PC
Anmeldeinformationen:
 Kennwort  Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 28.06.2009 05:34:33 | Computer Name = Amanda-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.  Benutzer:
 Amanda@Amanda-PC  Client-GUID: {Password}  Fehler: 0xC516020B  Client-Host: localhost

Client-Adresse:
 127.0.0.1  Authentifizierungsstelle: HP  Server-Host: localhost  Protokoll: HTTP
 
Error - 28.06.2009 05:34:33 | Computer Name = Amanda-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Amanda@Amanda-PC
Anmeldeinformationen:
 Kennwort  Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 29.06.2009 10:28:27 | Computer Name = Amanda-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.  Benutzer:
 Amanda@Amanda-PC  Client-GUID: {Password}  Fehler: 0xC516020B  Client-Host: localhost

Client-Adresse:
 127.0.0.1  Authentifizierungsstelle: HP  Server-Host: localhost  Protokoll: HTTP
 
Error - 29.06.2009 10:28:27 | Computer Name = Amanda-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Amanda@Amanda-PC
Anmeldeinformationen:
 Kennwort  Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 03.07.2009 13:44:21 | Computer Name = Amanda-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Amanda@Amanda-PC
Anmeldeinformationen:
 Kennwort  Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 03.07.2009 13:44:21 | Computer Name = Amanda-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.  Benutzer:
 Amanda@Amanda-PC  Client-GUID: {Password}  Fehler: 0xC516020B  Client-Host: localhost

Client-Adresse:
 127.0.0.1  Authentifizierungsstelle: HP  Server-Host: localhost  Protokoll: HTTP
 
Error - 08.07.2009 13:48:41 | Computer Name = Amanda-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.  Benutzer:
 Amanda@Amanda-PC  Client-GUID: {Password}  Fehler: 0xC516020B  Client-Host: localhost

Client-Adresse:
 127.0.0.1  Authentifizierungsstelle: HP  Server-Host: localhost  Protokoll: HTTP
 
Error - 08.07.2009 13:48:41 | Computer Name = Amanda-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Amanda@Amanda-PC
Anmeldeinformationen:
 Kennwort  Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
[ OSession Events ]
Error - 23.08.2009 15:46:33 | Computer Name = Amanda-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 47
 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---

amanda_the_3 06.06.2010 16:24
Arne, lass mich jetzt nicht im Stich...

Meinst du, man kann da noch was retten oder sollte ich lieber direkt alles platt machen? :(

cosinus 06.06.2010 19:33
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O33 - MountPoints2\{d4fabb52-ca08-11de-9839-002186e55935}\Shell - "" = AutoRun
O33 - MountPoints2\{d4fabb52-ca08-11de-9839-002186e55935}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found
O33 - MountPoints2\{d4fabb52-ca08-11de-9839-002186e55935}\Shell\setup\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\{e5e6e7e7-7785-11de-b961-002186e55935}\Shell - "" = AutoRun
O33 - MountPoints2\{e5e6e7e7-7785-11de-b961-002186e55935}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found
[2010.02.24 20:50:40 | 000,047,104 | ---- | C] () -- C:\windows\System32\KMVIDC32.DLL
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

amanda_the_3 07.06.2010 20:46
All processes killed
Error: Unable to interpret <[emptytemp]> in the current context!

OTL by OldTimer - Version 3.2.5.3 log created on 06072010_181731

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 07.06.2010 21:36
Funktioniert Malwarebytes jetzt?
Wenn nicht mit dieser Methode? => http://www.trojaner-board.de/82699-m...tet-nicht.html


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:18 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129