Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: heur\html.malware woher weiß ich dass es entfernt ist?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.11.2010, 22:54   #1
nadine123456
 
heur\html.malware woher weiß ich dass es entfernt ist? - Standard

heur\html.malware woher weiß ich dass es entfernt ist?



Hallo, hoffe mir kann jmd helfen egal, was ich mache, auch wenn nichts geöffnet ist erscheint von antivir immer wieder als Anlage beigefügte Mitteilung.

Mache ich jedoch einen kompletten Scan findet kein Programm etwas!?
Anbei schon mal die erste Logfile:
OTL:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.11.2010 21:44:47 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\xxx\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 207,50 Gb Total Space | 134,09 Gb Free Space | 64,62% Space Free | Partition Type: NTFS
Drive D: | 25,37 Gb Total Space | 12,52 Gb Free Space | 49,35% Space Free | Partition Type: FAT32
 
Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.11.19 21:42:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
PRC - [2010.11.03 20:55:27 | 000,434,344 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avscan.exe
PRC - [2010.11.03 20:55:27 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.03 20:55:27 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.03 20:55:27 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.10.29 17:57:00 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\plugin-container.exe
PRC - [2010.10.29 17:56:59 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.10.19 19:42:38 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010.09.06 17:56:38 | 000,247,096 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.05.25 11:38:06 | 000,613,888 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010.05.25 11:37:12 | 000,138,240 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010.05.14 09:32:30 | 001,479,680 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2010.05.11 10:16:34 | 000,140,288 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2010.02.03 08:46:52 | 001,531,904 | ---- | M] (Nokia) -- C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010.01.14 20:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.10.27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.25 10:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.04.01 15:31:20 | 006,025,216 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.28 17:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008.01.21 03:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006.06.14 10:58:00 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.11.19 21:42:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.11.03 20:55:27 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.11.03 20:55:27 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.09.06 17:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.05.25 11:38:06 | 000,613,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.04.21 18:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.04.21 18:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.04.11 07:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.21 03:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 03:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.09.11 14:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Stopped] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2006.06.14 10:58:00 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\XXX\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010.11.03 20:55:27 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.03 20:55:27 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.03.04 12:50:14 | 000,261,152 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.02.26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.12.16 16:27:00 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Programme\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009.12.16 16:26:58 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009.12.16 16:26:56 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009.05.11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009.02.05 17:39:08 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2009.02.05 17:39:00 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2009.02.05 17:38:24 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Si3531.sys -- (Si3531)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.06.23 09:44:54 | 000,062,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008.04.01 17:07:02 | 002,113,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.03.25 08:44:24 | 002,307,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.01.21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.11.21 10:17:34 | 000,327,168 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28.sys -- (netr28)
DRV - [2007.09.29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007.08.31 11:42:06 | 000,192,688 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006.11.28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2003.04.28 10:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://maxdome.1und1.de/movieflat/index.php?mxdsid=7D1A91E066A51777FE5D811B2385D734.a01d11t11&y=0&x=0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 18:37:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.06.20 00:50:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.06.20 00:59:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.29 17:57:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.29 17:57:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.06.20 01:00:03 | 000,000,000 | ---D | M]
 
[2008.10.21 10:58:39 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions
[2010.11.19 20:38:16 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\fczas5ru.default\extensions
[2009.09.04 20:20:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\fczas5ru.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.17 00:11:16 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\fczas5ru.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.07.19 23:52:42 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\fczas5ru.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.10.26 21:31:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\fczas5ru.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.09.12 19:57:18 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\fczas5ru.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.10 23:21:03 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\fczas5ru.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010.10.26 21:31:49 | 000,000,168 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\FireFox\Profiles\fczas5ru.default\searchplugins\icqplugin.gif
[2010.10.26 21:31:49 | 000,000,618 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\FireFox\Profiles\fczas5ru.default\searchplugins\icqplugin.src
[2010.11.19 20:38:16 | 000,001,056 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\FireFox\Profiles\fczas5ru.default\searchplugins\icqplugin.xml
[2009.07.26 20:27:25 | 000,002,271 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\FireFox\Profiles\fczas5ru.default\searchplugins\surf-canyon.xml
[2010.10.29 19:42:57 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.05.08 21:43:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.07.19 23:52:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.29 19:42:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2007.06.01 22:23:40 | 000,266,240 | ---- | M] (SumTotal Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\np32neur.dll
[2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.10.22 20:57:40 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.22 20:57:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.22 20:57:40 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.22 20:57:40 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.22 20:57:40 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Frangipani Flowers.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Frangipani Flowers.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8e48fba3-f0d1-11de-9d25-000ae4cf0531}\Shell - "" = AutoRun
O33 - MountPoints2\{8e48fba3-f0d1-11de-9d25-000ae4cf0531}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.19 21:46:22 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\xxx\Desktop\mbam-setup.exe
[2010.11.19 21:41:58 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2010.11.19 21:28:04 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\TFC.exe
[2010.11.19 21:24:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\x
[2010.10.29 19:42:55 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.10.29 19:42:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.10.29 19:42:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.10.26 21:31:57 | 000,000,000 | ---D | C] -- C:\Programme\ICQ6Toolbar
[2010.10.26 21:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2010.10.26 21:31:10 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2
[2010.10.26 18:41:21 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010.10.26 18:41:20 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010.10.26 18:41:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.19 21:47:29 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.19 21:47:04 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.19 21:46:23 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\xxx\Desktop\mbam-setup.exe
[2010.11.19 21:42:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2010.11.19 21:40:17 | 000,091,722 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.19 21:40:17 | 000,039,164 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.19 21:40:17 | 000,029,730 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.19 21:40:17 | 000,018,902 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.11.19 21:32:56 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.19 21:32:47 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.19 21:32:47 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.19 21:32:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.19 21:32:32 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.19 21:31:40 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.11.19 21:29:10 | 000,026,112 | ---- | M] () -- C:\Users\xxx\Desktop\http.doc
[2010.11.19 21:28:57 | 000,002,631 | ---- | M] () -- C:\Users\xxx\Desktop\Microsoft Office Word 2007.lnk
[2010.11.19 21:28:09 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\TFC.exe
[2010.11.19 21:26:19 | 000,030,842 | ---- | M] () -- C:\Users\xxx\Desktop\Avira.jpg
[2010.11.18 21:17:09 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E7C6EB18-C0EC-4F1E-8325-1B1A3480F72E}.job
[2010.11.18 20:45:10 | 000,023,552 | ---- | M] () -- C:\Users\xxx\Desktop\FLUG TFS.doc
[2010.11.03 20:55:27 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.11.03 20:55:27 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.10.29 19:25:26 | 000,027,648 | ---- | M] () -- C:\Users\Desktop\ICQ7.2.lnk

========== Files Created - No Company Name ==========
 
[2010.11.19 21:47:29 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.19 21:29:09 | 000,026,112 | ---- | C] () -- C:\Users\xxx\Desktop\http.doc
[2010.11.19 21:26:16 | 000,030,842 | ---- | C] () -- C:\Users\xxx\Desktop\Avira.jpg
[2010.01.02 03:07:55 | 000,004,096 | -H-- | C] () -- C:\Users\xxx\AppData\Local\keyfile3.drm
[2010.01.02 01:55:13 | 000,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll
[2009.12.03 08:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.09.17 23:16:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.02.09 21:15:57 | 000,000,018 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\sys386lk.dat
[2009.02.09 21:15:00 | 000,000,010 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\hhxprot4
[2009.01.21 13:41:50 | 000,003,584 | ---- | C] () -- C:\Windows\System32\CNCFLdNL.DLL
[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.10.09 23:05:28 | 000,000,019 | ---- | C] () -- C:\Windows\geo.ini
[2008.09.30 23:29:43 | 001,689,817 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\UserTile.png
[2008.09.22 22:12:45 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2008.09.16 18:26:44 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2008.09.16 18:26:44 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar3.dll
[2008.09.16 18:26:44 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2008.09.16 18:26:44 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2008.09.15 01:02:37 | 000,000,680 | ---- | C] () -- C:\Users\xxx\AppData\Local\d3d9caps.dat
[2008.08.17 14:03:44 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008.08.07 20:47:52 | 000,004,182 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008.08.07 20:47:52 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\081FDFC4B4.sys
[2008.08.07 19:52:56 | 000,002,510 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\wklnhst.dat
[2008.08.07 19:49:58 | 000,029,696 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.07 19:02:37 | 000,000,094 | ---- | C] () -- C:\Users\xxx\AppData\Local\fusioncache.dat
[2008.05.12 14:44:59 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.05.06 09:11:33 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.05.06 09:11:33 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.05.06 09:11:33 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.05.06 09:11:33 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.05.06 09:11:32 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.05.06 09:11:32 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008.04.22 09:43:52 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.04.22 09:43:52 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.04.21 08:37:37 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2008.04.18 10:23:45 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2008.04.18 06:16:58 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

< End of report >
         
--- --- ---
[/code]


OTL Extras

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 19.11.2010 21:44:47 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\xxxxDesktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 207,50 Gb Total Space | 134,09 Gb Free Space | 64,62% Space Free | Partition Type: NTFS
Drive D: | 25,37 Gb Total Space | 12,52 Gb Free Space | 49,35% Space Free | Partition Type: FAT32
 
Computer Name: xxx-PC | User Name: xxxx| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11A74EA1-841A-451B-86EB-28F6E3D256E3}" = rport=138 | protocol=17 | dir=out | app=system | 
"{2358160A-E353-4667-BA34-DAC6BA606D27}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{23FD954E-39D1-4504-9080-FEA7028E142C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2620DA80-FF0C-41E6-A86F-215979A93B89}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2AADB02A-440F-4023-A918-5F8B910380FE}" = lport=443 | protocol=6 | dir=in | app=system | 
"{3FD499D0-77A4-4B0F-9CBB-E683BF9BDB09}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5F199FA4-BA6A-455D-A564-41CAF1015A57}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{61BD42DB-0742-4A0B-B5A0-59799C600D64}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{71EF62A8-8593-442D-B233-FD3D587154AA}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7773C818-5387-468B-AAA1-A84D2F260CF8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{86AF70C4-D5D5-4B4D-85E2-C44A34C0CCD7}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{A164AB35-39C9-4E46-9A01-C79FDBE4B8C5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A92AA73A-FED4-4955-8769-3B05E2B46E83}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B2142A83-D9ED-4011-A748-779CB2C95BAC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B4DAC1F9-C0E1-4041-8378-7EB3C9A2B4CC}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BC285526-2F74-4CF2-ABED-4FFFF45591B0}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C272BE5E-B235-4F72-A8C0-9D278DC431AD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C6F86FF2-A07B-43C0-9B92-1DFD112E97D4}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{D1EE5631-BC22-4D13-AE4E-D330DDB08583}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D354084C-105F-43A1-BE41-96FEF404D95F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D5C58D06-D384-483C-B47F-2E8EEFB5B3A8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D868B43F-614D-445A-9F50-635C503A1CD6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E0F122C9-564E-4403-8437-678B7D68D76A}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{EF12828D-6E7F-4E07-9E47-564D17B4C2ED}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F08369C0-F007-478C-8536-C62C56920198}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{F8FF858A-5C94-4F09-9E91-F0CC7DA2F0F6}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FA3FA5E1-9BA7-47A0-AAFF-6F14EE36A576}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FB08E90F-4A67-4F66-9AC9-052D879C85A4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{FB6BE64D-6AA7-429F-9564-2336191BF8C3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{FBC7B731-FB04-485F-B722-5C358628647E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BA4B00-AE38-4633-91AE-718B751BFD75}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{015E4808-2F25-4CB7-AF8A-4E976051D212}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{033B8F14-941D-4BD2-AB32-1642ECFE9554}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{09294453-04BD-4BCB-BDC4-785BC31FBC96}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0CAC65BA-A9C1-4F63-966D-2D02F8BA09B8}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{14BA903C-00D6-4B11-8BA2-30516BC00E45}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{1E4DAA5F-B371-4B75-B8B1-F9F141C7114D}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{240BB392-260D-4AFA-9AD4-613602C40F2E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2E9FF5EA-BBC9-4A6D-85CD-9ED0F4F113D3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3AEDA408-7060-4255-86ED-18EB5781516A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{3F3AE636-FE52-4F4C-817E-51672E882209}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{3F4735A4-E8DB-4808-B813-869839F2A54C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{44D92A5E-8A47-46AA-89E5-DBF4644449A5}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{4DDEE50E-5ED0-4318-96E8-7EB541862757}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{5234A64C-C56D-4F8E-B9DE-62019EA281AA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{55311603-4F9C-4736-89A3-0D6E11B2A953}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{5D30CCBD-7F98-4001-9E4A-E5C4D2EF0D97}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5F9F3EE1-DC9E-4ADA-B4BC-65C0356929D6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{61576647-288C-4110-AE52-3DE10D5A86FA}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{748E7403-5389-4A6D-A8B2-48E60D895443}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{7D293CAC-C97D-4CE4-854B-3976B8E8A7B2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{885A22CF-B302-4492-ADB0-D02791772078}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{93EFD39E-4F72-45B6-BBB1-272AE298A43D}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{A4D5E1D8-46C9-4145-A723-23CA132702F0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B0A47993-4291-417B-9B26-2959C18B8BC8}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{BA7B7F15-78F4-4F85-BADE-5E593DF3829C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{BB895811-5C95-40B6-B4EE-E7A56842FBE9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{BE698B3F-DC01-4F79-9E6B-3AA57F6AAC0C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{E017352A-D14E-4CF2-8538-3C5F88819E8E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{E3EC6AE9-9CC5-47DE-8109-E9A73024F85E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{F26F6FDB-C70B-4A6A-932A-4005E0AF5BFC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F3F5B721-9D84-4048-B78E-599D16CE7281}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FA071085-86C4-43FD-B722-AB5A462F77D5}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{FDF450C9-D184-4553-ADC1-C68D90298CEE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{0AAABBD2-59DF-417F-8F5E-D9F9F8747A49}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{63EEA42E-F7A2-4B87-8809-624BBD667B6C}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"TCP Query User{64DE4876-E28D-4360-8877-10474D596B27}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{66BE1F57-75BC-4037-BFBB-F7BF9A547F7D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{69B9DEEE-5589-44CD-805D-802D482F3C1E}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{A20E27F1-B1B8-4A1F-BCCC-37BD2BE42CA5}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"TCP Query User{AF891D16-1576-4A18-A7AE-A6D789412549}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{CC2499FB-EA76-4E6A-933C-5B8C886DA070}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"TCP Query User{D11699AD-DCDC-4B4E-A82B-700C96775936}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{EE8AB01F-75F7-40C7-B115-BB8CDD67DD82}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{FF3334FE-B78C-40CC-B1E7-8D9D8D9B262F}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{0DF3ABCC-A18E-4D1A-8AE0-8AFAE2457A41}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{26B3B788-06C6-4534-9C91-A219E494E620}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"UDP Query User{3DF33143-2E3B-4E54-BA06-5721F6D19850}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{6C33F6FC-68FB-472C-B735-95140A8D9425}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{6EA040DE-A336-4549-B30B-0C8FE08BF557}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{719B5E57-2EEF-4245-B2B2-743A975FF8A2}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"UDP Query User{7B22B597-73BC-4C49-86E7-CD8EA92F134F}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{8C4E3409-8B44-4C10-9AED-4641B6D4895D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{AD1E9787-1F7D-49D8-8887-699355F21BB6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{D3E8A80D-256C-4C92-A629-5DE89C53130E}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"UDP Query User{E73C6A49-2083-4A28-AA0D-EFA09B9A9802}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{18756A46-652E-4ED4-A029-C4940D59F09B}" = Nokia PC Suite
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23CE4550-F67C-4114-88DF-FE923BC13E7F}" = Medion Media Center 0
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C91D53E-0C23-4A79-A480-68A443D80100}" = PC Connectivity Solution
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink Wireless LAN
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.5 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A81300000003}_814" = KB408682
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF0038DC-A9B7-4F52-8CA4-C79A3CA631FA}" = ToolBook Neuron
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF164702-AF8B-4F2F-8038-74A4C536866B}" = Ulead DVD MovieFactory 5
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ExpressBurn" = Express Burn
"geotrainer_is1" = Geographie Trainer
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ICQToolbar" = ICQ Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Nokia PC Suite" = Nokia PC Suite
"RealPlayer 6.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Videoload Manager" = Videoload Manager 2.0.2200
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 10.12.2009 16:23:17 | Computer Name = xxx-PC | Source = PerfNet | ID = 2002
Description = 
 
Error - 10.12.2009 16:23:18 | Computer Name = xxx-PC | Source = Perflib | ID = 1008
Description = 
 
Error - 11.12.2009 02:19:03 | Computer Name = xxx-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.12.2009 15:29:18 | Computer Name = xxx-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.12.2009 20:59:05 | Computer Name = xxx-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.12.2009 21:19:29 | Computer Name = xxx-PC | Source = Perflib | ID = 1010
Description = 
 
Error - 11.12.2009 21:19:31 | Computer Name = xxx-PC | Source = PerfNet | ID = 2002
Description = 
 
Error - 11.12.2009 21:19:31 | Computer Name = xxx-PC | Source = Perflib | ID = 1008
Description = 
 
Error - 12.12.2009 12:06:59 | Computer Name = xxx-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.12.2009 07:35:48 | Computer Name = xxx-PC | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 12.01.2009 09:05:25 | Computer Name = xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2437
 seconds with 720 seconds of active time.  This session ended with a crash.
 
Error - 12.01.2009 09:07:23 | Computer Name = xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 19.08.2010 07:07:48 | Computer Name = xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 741
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 06.09.2010 16:18:34 | Computer Name = xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 28
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 25.09.2010 14:44:47 | Computer Name = xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 44
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 17.11.2010 15:04:52 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 18.11.2010 03:20:52 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 18.11.2010 03:20:52 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 18.11.2010 13:57:01 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 18.11.2010 13:57:01 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.11.2010 15:27:20 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 19.11.2010 15:27:20 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.11.2010 16:33:11 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 19.11.2010 16:33:11 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.11.2010 16:38:19 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7022
Description = 
 
 
< End of report >
         
--- --- ---

Geändert von nadine123456 (19.11.2010 um 23:04 Uhr)

Alt 19.11.2010, 23:12   #2
nadine123456
 
heur\html.malware woher weiß ich dass es entfernt ist? - Standard

heur\html.malware woher weiß ich dass es entfernt ist?



anhang hat wohl nicht funktioniert
Antivir sagt dass in der Datei C:\Users\XXX\AppData\Local\Mozilla\...\_CACHE_002_wurden ein Virus oder unerwünschtes Programm "HEUR/HTML.Malware" gefunden.

Der Zugriff auf diese Datei wurde verweigert.


Bitte wählen sie weitere Aktion und das kommt immer wieder!
__________________


Alt 20.11.2010, 16:21   #3
nadine123456
 
heur\html.malware woher weiß ich dass es entfernt ist? - Standard

heur\html.malware woher weiß ich dass es entfernt ist?



MBAM:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5154

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

20.11.2010 00:22:00
mbam-log-2010-11-20 (00-22-00).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 287335
Laufzeit: 1 Stunde(n), 29 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
der alarm von antivir kommt heute nicht mehr hier scheint ja auch nichts zu sein ist das denn jetzt weg oder sollte ich besser noch was anderes machen!?

wäre Dankbar über eine meinung dazu
__________________

Alt 20.11.2010, 16:34   #4
markusg
/// Malware-holic
 
heur\html.malware woher weiß ich dass es entfernt ist? - Standard

heur\html.malware woher weiß ich dass es entfernt ist?



hast du die datei in der avira quarantäne? schau mal unter avira, verwaltung.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.11.2010, 18:45   #5
nadine123456
 
heur\html.malware woher weiß ich dass es entfernt ist? - Standard

heur\html.malware woher weiß ich dass es entfernt ist?



Nein da ist nichts unter verwaltung, meinst du es könnte auch schon weg sein? Wo kann ich das denn sonst noch überprüfen?


Alt 20.11.2010, 19:12   #6
markusg
/// Malware-holic
 
heur\html.malware woher weiß ich dass es entfernt ist? - Standard

heur\html.malware woher weiß ich dass es entfernt ist?



scanne mal mit avira wie folgt
avira
http://www.trojaner-board.de/54192-a...tellungen.html
avira 10 so instalieren bzw. dann konfigurieren. wenn du die konfiguration übernommen hast, update das programm.
klicke dann auf "lokaler schutz" "lokale laufwerke" eventuelle funde in quarantäne, log posten.
bitte auch unter verwaltung, planer, scan auftrag, darauf achten, das dieser über lokale laufwerke läuft! sonst werden die einstellungen nicht gültig.
den update auftrag auf 1x pro tag einstellen.
__________________
--> heur\html.malware woher weiß ich dass es entfernt ist?

Antwort

Themen zu heur\html.malware woher weiß ich dass es entfernt ist?
anlage, antivir, avgntflt.sys, avira, bho, combofix, corp./icp, error, euro, excel.exe, firefox, flash player, fontcache, google, heur, hijack, home, home premium, hotkey.sys, iastor.sys, iexplore.exe, launch, limewire, location, logfile, media center, microsoft office word, mozilla, nodrives, nvstor.sys, office 2007, oldtimer, plug-in, programdata, programm, realtek, registry, saver, scan, searchplugins, security, security scan, security update, senden, shell32.dll, skype.exe, software, svchost.exe, system restore, uleadburninghelper, usb 2.0, vista



Ähnliche Themen: heur\html.malware woher weiß ich dass es entfernt ist?


  1. Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?
    Log-Analyse und Auswertung - 20.06.2012 (23)
  2. AntiVir hat Malware gefunden; HEUR/HTML.Malware
    Plagegeister aller Art und deren Bekämpfung - 17.12.2011 (3)
  3. Malware Trace, HEUR/HTML.Malware
    Log-Analyse und Auswertung - 02.12.2011 (30)
  4. HEUR/HTML.Malware gefunden
    Plagegeister aller Art und deren Bekämpfung - 06.06.2011 (28)
  5. HEUR/HTML.Malware von AV bei IE
    Plagegeister aller Art und deren Bekämpfung - 08.07.2010 (1)
  6. TR/Agent.AR,TR/Click.Klik,HEUR/HTML.Malware,HTML/Crypted.Gen, dwwin.exe, drwtsu32.exe
    Plagegeister aller Art und deren Bekämpfung - 25.05.2010 (1)
  7. werde Malware nicht los z.B. HEUR/HTML.Malware [heuristic
    Log-Analyse und Auswertung - 31.03.2010 (10)
  8. Malware Problem HEUR/HTML.Malware
    Log-Analyse und Auswertung - 29.03.2010 (1)
  9. HEUR/HTML.Malware
    Plagegeister aller Art und deren Bekämpfung - 20.11.2009 (28)
  10. heur/html.malware
    Plagegeister aller Art und deren Bekämpfung - 05.08.2009 (1)
  11. TR/Rootkit.Gen & HTML/Infected.WebPage.Gen' & HEUR/HTML.Malware gefunden
    Log-Analyse und Auswertung - 25.06.2009 (31)
  12. EXP/ASF.GetCodec.Gen,HEUR/HTML.Malware,TR/Dropper.Gen,HEUR/HTML.Malware
    Plagegeister aller Art und deren Bekämpfung - 10.04.2009 (17)
  13. HEUR/HTML.Malware
    Plagegeister aller Art und deren Bekämpfung - 19.01.2009 (1)
  14. HEUR.HTML/Malware
    Mülltonne - 15.12.2008 (0)
  15. HEUR/HTML.Malware
    Mülltonne - 10.12.2008 (2)
  16. HEUR/HTML Malware, .vbs ????
    Plagegeister aller Art und deren Bekämpfung - 22.06.2008 (4)
  17. Heur/HTML Malware
    Log-Analyse und Auswertung - 28.05.2008 (12)

Zum Thema heur\html.malware woher weiß ich dass es entfernt ist? - Hallo, hoffe mir kann jmd helfen egal, was ich mache, auch wenn nichts geöffnet ist erscheint von antivir immer wieder als Anlage beigefügte Mitteilung. Mache ich jedoch einen kompletten Scan - heur\html.malware woher weiß ich dass es entfernt ist?...
Archiv
Du betrachtest: heur\html.malware woher weiß ich dass es entfernt ist? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.