Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Malware Defense, Antivir Blocker, Kaspersky Blocker

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.01.2010, 14:25   #1
bibi68
 
Malware Defense, Antivir Blocker, Kaspersky Blocker - Icon16

Malware Defense, Antivir Blocker, Kaspersky Blocker



Hallo,
habe exakt das selbe Probl. und wollte nicht extra ein neues Thema eröffnen... habe durch ad aware den malware defense in quarantäne stecken können, habe nun den CCleaner benutzt, aber auch bei mir lässt sich antivir nicht öffnen, auch nicht nach neuinstall.
Habe nun den GMER scan benutzt (da sich kein anderer öffnen liess) und hoffe, mir kann jemand helfen.
...

P.S. kann die logdatei nicht hier einfügen, sind erstaunliche 749000 Zeichen
P.P.S
Auch Systemwiederherstellung und defrag funzen nicht.... konnte nun die log datei nicht abspeichern, da ich einen neustart machen musste, da sich nach dem scan kein prog. öffnen liess

Geändert von bibi68 (06.01.2010 um 14:40 Uhr)

Alt 06.01.2010, 14:49   #2
bibi68
 
Malware Defense, Antivir Blocker, Kaspersky Blocker - Standard

Malware Defense, Antivir Blocker, Kaspersky Blocker



Der OTL von der ersten Seite ging nun und ist nicht so lang: Datei1, OTL.Txt

OTL logfile created on: 06.01.2010 15:42:50 - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Dokumente und Einstellungen\Aschwege Clan\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

511,00 Mb Total Physical Memory | 102,00 Mb Available Physical Memory | 20,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 29,29 Gb Total Space | 7,29 Gb Free Space | 24,90% Space Free | Partition Type: NTFS
Drive D: | 42,97 Gb Total Space | 38,93 Gb Free Space | 90,60% Space Free | Partition Type: NTFS
Drive E: | 42,22 Gb Total Space | 9,56 Gb Free Space | 22,64% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BIANKA
Current User Name: Aschwege Clan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Aschwege Clan\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Dokumente und Einstellungen\Aschwege Clan\Lokale Einstellungen\Temp\settdebugx.exe (Microsoft Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\ThreatFire\TFTray.exe (PC Tools)
PRC - C:\Programme\ThreatFire\TFService.exe (PC Tools)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Corel\Corel MediaOne\CorelIOMonitor.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
PRC - C:\WINDOWS\system32\PSIService.exe ()
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Logitech\Video\LogiTray.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\Video\FxSvr2.exe (Logitech Inc.)
PRC - E:\alles_neu\installer\memturbo.exe (SharewareOnline.com, Inc.)
PRC - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\Aschwege Clan\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Programme\ThreatFire\TFWAH.dll (PC Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (ThreatFire) -- C:\Programme\ThreatFire\TFService.exe (PC Tools)
SRV - (Lavasoft Ad-Aware Service) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()
SRV - (NWCWorkstation) -- C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WMConnectCDS) -- C:\Programme\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (TfSysMon) -- C:\WINDOWS\system32\drivers\TfSysMon.sys (PC Tools)
DRV - (TfNetMon) -- C:\WINDOWS\system32\drivers\TfNetMon.sys (PC Tools)
DRV - (TfFsMon) -- C:\WINDOWS\system32\drivers\TfFsMon.sys (PC Tools)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys ()
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (PxHelp20) -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (ManyCam) -- C:\WINDOWS\system32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (NWRDR) -- C:\WINDOWS\system32\drivers\nwrdr.sys (Microsoft Corporation)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (CamDrL) Logitech QuickCam Pro 3000(CamDrl) -- C:\WINDOWS\system32\drivers\Camdrl.sys (Logitech Inc.)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (emu10kx) Creative EMU10K1/EMU10K2 Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\e10kx2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\EMUPIA2K.SYS (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\CTAC32K.SYS (Creative Technology Ltd)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (QCEmerald) -- C:\WINDOWS\system32\drivers\OVCE.sys (Microsoft Corporation)
DRV - (lusbaudio) -- C:\WINDOWS\system32\drivers\OVSound2.sys (Microsoft Corporation)
DRV - (PfModNT) -- C:\WINDOWS\system32\PfModNT.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Nachrichten - Service - Shopping bei t-online.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Nachrichten - Service - Shopping bei t-online.de
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.t-online.de/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.04.22 12:16:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\Mozilla [2008.07.28 12:54:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2009.12.16 12:46:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009.12.16 12:45:44 | 00,000,000 | ---D | M]

[2009.12.16 12:46:17 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aschwege Clan\Anwendungsdaten\Mozilla\Extensions
[2009.12.16 12:46:17 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aschwege Clan\Anwendungsdaten\Mozilla\Firefox\Profiles\c71mht36.default\extensions
[2009.12.16 12:45:44 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.12.02 09:31:53 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.12.02 09:31:53 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.12.02 09:31:53 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.12.02 09:31:53 | 00,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.12.02 09:31:53 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: (901 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Programme\Corel\Corel MediaOne\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [CTStartup] C:\Programme\Creative\Splash Screen\CTEaxSpl.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Jet Detection] C:\Programme\Creative\SBAudigy\Program\ADGJDet.exe ()
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Programme\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [ManyCam] C:\Programme\ManyCam 2.4\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [settdebugx.exe] C:\Dokumente und Einstellungen\Aschwege Clan\Lokale Einstellungen\Temp\settdebugx.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpySweeper] C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Aschwege Clan\Startmenü\Programme\Autostart\MemTurbo.lnk = E:\alles_neu\installer\memturbo.exe (SharewareOnline.com, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Aschwege Clan\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programme\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Programme\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1224703622 (Image Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211469163220 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} http://www.schueler.cc/uploader/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOKUME~1/ASCHWE~1/LOKALE~1/Temp/msoclip1/01/clip_image001.jpg
O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002.12.31 22:48:31 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{90f84b77-e712-11de-8b42-000d615d585e}\Shell - "" = AutoRun
O33 - MountPoints2\{90f84b77-e712-11de-8b42-000d615d585e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{90f84b77-e712-11de-8b42-000d615d585e}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk /p \??\C - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.01.06 14:06:18 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.01.06 14:06:18 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010.01.06 14:06:18 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010.01.06 14:06:16 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010.01.06 14:06:11 | 00,000,000 | ---D | C] -- C:\Programme\Avira
[2010.01.06 14:06:11 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2010.01.06 14:02:46 | 00,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Aschwege Clan\Recent
[2010.01.06 13:04:38 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010.01.06 11:33:55 | 00,059,664 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2010.01.06 11:33:55 | 00,051,984 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2010.01.06 11:33:55 | 00,033,552 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2010.01.06 11:33:54 | 00,000,000 | ---D | C] -- C:\Programme\ThreatFire
[2010.01.06 11:33:54 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
[2010.01.02 17:48:54 | 00,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Aschwege Clan\Anwendungsdaten\SecuROM
[2010.01.02 17:48:44 | 00,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010.01.02 17:24:14 | 00,000,000 | ---D | C] -- C:\Programme\UbiSoft
[2009.12.17 14:25:36 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Aschwege Clan\Eigene Dateien\Downloads
[2009.12.16 12:45:57 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Aschwege Clan\Lokale Einstellungen\Anwendungsdaten\Mozilla
[2009.12.16 12:45:39 | 00,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2009.12.13 00:36:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009.12.12 13:44:16 | 00,000,000 | ---D | C] -- C:\Sounds
[2009.12.12 13:40:37 | 00,000,000 | ---D | C] -- C:\Programme\LG Electronics
[2009.12.12 13:38:37 | 01,164,728 | ---- | C] (NuMedia Soft, Inc.) -- C:\WINDOWS\System32\NMSDVDXU.dll
[2009.12.12 13:38:37 | 00,630,784 | ---- | C] (ComponentOne) -- C:\WINDOWS\System32\vsflex8u.ocx
[2009.12.12 13:38:37 | 00,419,240 | ---- | C] (VideoSoft) -- C:\WINDOWS\System32\Vsflex7L.ocx
[2009.12.12 13:38:37 | 00,244,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msflxgrd.ocx
[2009.12.12 13:38:29 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Aschwege Clan\Anwendungsdaten\LG Electronics
[2009.12.12 13:38:28 | 00,000,000 | ---D | C] -- C:\Programme\LG PC Suite II
[2009.12.10 15:47:03 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Aschwege Clan\Lokale Einstellungen\Anwendungsdaten\ManyCam
[2009.12.07 19:05:09 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Aschwege Clan\Desktop\sniper
[2009.09.19 01:24:46 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2009.09.19 01:19:26 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2008.02.08 21:52:08 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Apple
[2002.12.31 23:04:20 | 00,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft
[2002.12.31 23:04:13 | 00,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft
[2002.12.31 23:04:13 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2001.09.11 13:05:52 | 00,049,152 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[117 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.01.06 15:34:01 | 00,000,557 | ---- | M] () -- C:\Dokumente und Einstellungen\Aschwege Clan\Startmenü\Programme\Autostart\MemTurbo.lnk
[2010.01.06 15:33:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.01.06 15:33:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.01.06 15:33:18 | 53,640,3968 | -HS- | M] () -- C:\hiberfil.sys
[2010.01.06 15:31:52 | 13,893,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Aschwege Clan\ntuser.dat
[2010.01.06 15:31:52 | 00,023,196 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000A-00001102-00000004-00531102}.rfx
[2010.01.06 15:31:52 | 00,023,196 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000A-00001102-00000004-00531102}.rfx
[2010.01.06 15:31:52 | 00,018,560 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000A-00001102-00000004-00531102}.rfx
[2010.01.06 15:31:52 | 00,018,560 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000A-00001102-00000004-00531102}.rfx
[2010.01.06 15:31:52 | 00,001,072 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010.01.06 15:31:52 | 00,001,072 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010.01.06 15:31:52 | 00,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000004-00531102}.dat
[2010.01.06 15:31:52 | 00,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000A-00001102-00000004-00531102}.dat
[2010.01.06 14:07:02 | 00,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010.01.06 13:56:20 | 00,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Aschwege Clan\ntuser.ini
[2010.01.06 13:39:43 | 00,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Aschwege Clan\Desktop\cwprmimf.exe
[2010.01.06 11:33:56 | 00,000,601 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ThreatFire.lnk
[2010.01.06 11:22:19 | 03,778,236 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000004-00531102}.CDF
[2010.01.05 19:29:15 | 00,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2010.01.05 17:46:28 | 00,000,880 | ---- | M] () -- C:\WINDOWS\System32\krl32mainweq.dll
[2010.01.05 17:42:38 | 00,000,008 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini
[2010.01.05 13:21:13 | 00,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.01.04 21:57:40 | 00,138,240 | ---- | M] () -- C:\Dokumente und Einstellungen\Aschwege Clan\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.04 17:32:16 | 00,000,997 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.01.04 17:32:16 | 00,000,293 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.01.04 15:19:30 | 00,304,128 | -H-- | M] () -- C:\Dokumente und Einstellungen\Aschwege Clan\Eigene Dateien\photothumb.db
[2010.01.03 10:46:45 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.01.02 23:35:51 | 00,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.01.02 17:48:44 | 00,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010.01.02 17:45:38 | 00,001,976 | ---- | M] () -- C:\Dokumente und Einstellungen\Aschwege Clan\Desktop\Horsez - Abenteuer auf dem Reiterhof 5.lnk
[2010.01.01 17:15:01 | 00,000,412 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2009.12.17 21:01:45 | 00,031,814 | ---- | M] () -- C:\Dokumente und Einstellungen\Aschwege Clan\Eigene Dateien\4BC82F~1.jpg
[2009.12.17 18:29:06 | 00,013,413 | ---- | M] () -- C:\Dokumente und Einstellungen\Aschwege Clan\Desktop\last christmas.docx
[2009.12.17 15:05:03 | 00,491,161 | ---- | M] () -- C:\Dokumente und Einstellungen\Aschwege Clan\Eigene Dateien\11876_the_supremes.jpg
[2009.12.17 15:04:39 | 00,023,087 | ---- | M] () -- C:\Dokumente und Einstellungen\Aschwege Clan\Eigene Dateien\supremes3.jpg
[2009.12.17 14:26:37 | 00,020,753 | ---- | M] () -- C:\Dokumente und Einstellungen\Aschwege Clan\Eigene Dateien\supremes-2.jpg
[2009.12.16 12:46:03 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009.12.16 12:45:48 | 00,001,566 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2009.12.15 11:19:20 | 00,000,952 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009.12.13 16:30:18 | 00,552,671 | ---- | M] () -- C:\Dokumente und Einstellungen\Aschwege Clan\Eigene Dateien\screensh.matrix.2009.JPG
[2009.12.12 13:39:00 | 00,001,431 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\LG PC Suite II.lnk
[2009.12.10 15:47:49 | 00,001,532 | ---- | M] () -- C:\Dokumente und Einstellungen\Aschwege Clan\Desktop\ManyCam 2.4.lnk
[117 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.01.06 14:07:02 | 00,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010.01.06 13:39:43 | 00,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Aschwege Clan\Desktop\cwprmimf.exe
[2010.01.06 11:33:56 | 00,000,601 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ThreatFire.lnk
[2010.01.05 17:46:28 | 00,000,880 | ---- | C] () -- C:\WINDOWS\System32\krl32mainweq.dll
[2010.01.05 17:42:38 | 00,000,008 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini
[2010.01.02 17:45:38 | 00,001,976 | ---- | C] () -- C:\Dokumente und Einstellungen\Aschwege Clan\Desktop\Horsez - Abenteuer auf dem Reiterhof 5.lnk
[2009.12.17 21:01:45 | 00,031,814 | ---- | C] () -- C:\Dokumente und Einstellungen\Aschwege Clan\Eigene Dateien\4BC82F~1.jpg
[2009.12.17 18:29:05 | 00,013,413 | ---- | C] () -- C:\Dokumente und Einstellungen\Aschwege Clan\Desktop\last christmas.docx
[2009.12.17 15:05:02 | 00,491,161 | ---- | C] () -- C:\Dokumente und Einstellungen\Aschwege Clan\Eigene Dateien\11876_the_supremes.jpg
[2009.12.17 15:04:39 | 00,023,087 | ---- | C] () -- C:\Dokumente und Einstellungen\Aschwege Clan\Eigene Dateien\supremes3.jpg
[2009.12.17 14:25:59 | 00,020,753 | ---- | C] () -- C:\Dokumente und Einstellungen\Aschwege Clan\Eigene Dateien\supremes-2.jpg
[2009.12.16 12:46:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.12.16 12:45:48 | 00,001,566 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2009.12.13 16:30:18 | 00,552,671 | ---- | C] () -- C:\Dokumente und Einstellungen\Aschwege Clan\Eigene Dateien\screensh.matrix.2009.JPG
[2009.12.12 13:39:00 | 00,001,431 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\LG PC Suite II.lnk
[2009.05.16 17:07:51 | 00,006,812 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008.12.20 10:26:47 | 00,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008.11.25 16:33:01 | 00,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI
[2008.10.06 19:10:31 | 00,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI
[2008.08.06 14:37:19 | 00,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.07.28 12:54:37 | 00,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Aschwege Clan\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008.07.23 17:50:52 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.07.23 17:47:34 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008.07.23 17:47:34 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008.07.23 17:46:38 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008.07.01 15:59:36 | 00,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008.02.26 15:48:12 | 00,157,032 | ---- | C] () -- C:\WINDOWS\System32\TwnPRO20.dll
[2008.02.26 15:48:09 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\TlxDlgUtil.dll
[2008.01.25 15:13:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\YaIgno.ini
[2008.01.25 15:10:48 | 00,000,498 | ---- | C] () -- C:\WINDOWS\YaChat.ini
[2007.12.18 22:24:10 | 00,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.12.18 21:56:56 | 00,000,084 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005.02.05 20:46:00 | 00,004,608 | ---- | C] () -- C:\WINDOWS\fgexec.dll
[2004.07.17 11:36:38 | 00,011,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003.01.01 00:34:35 | 00,138,240 | ---- | C] () -- C:\Dokumente und Einstellungen\Aschwege Clan\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002.12.31 23:54:04 | 00,000,021 | ---- | C] () -- C:\Programme\AVPersonalAVWIN.INI
[2002.12.31 23:51:09 | 00,024,992 | ---- | C] () -- C:\WINDOWS\Ctres.dll
[2002.12.31 23:51:09 | 00,000,231 | ---- | C] () -- C:\WINDOWS\ac3api.ini
[2002.12.31 23:48:44 | 00,000,132 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2001.09.14 02:00:00 | 00,029,851 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2001.07.19 17:15:24 | 00,000,166 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[1999.01.22 19:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMPFC5A2B2
< End of report >
__________________


Alt 06.01.2010, 14:50   #3
bibi68
 
Malware Defense, Antivir Blocker, Kaspersky Blocker - Standard

Malware Defense, Antivir Blocker, Kaspersky Blocker



Datei2: Extras.Txt

OTL Extras logfile created on: 06.01.2010 15:42:50 - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Dokumente und Einstellungen\Aschwege Clan\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

511,00 Mb Total Physical Memory | 102,00 Mb Available Physical Memory | 20,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 29,29 Gb Total Space | 7,29 Gb Free Space | 24,90% Space Free | Partition Type: NTFS
Drive D: | 42,97 Gb Total Space | 38,93 Gb Free Space | 90,60% Space Free | Partition Type: NTFS
Drive E: | 42,22 Gb Total Space | 9,56 Gb Free Space | 22,64% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BIANKA
Current User Name: Aschwege Clan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 File not found
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programme\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"4100:UDP" = 4100:UDP:*:Enabled:uPNP Router Control Port
"86:TCP" = 86:TCP:*:Enabled:BroadCam Video Streaming Server Web Server
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\FlashFXP\FlashFXP.exe" = C:\Programme\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\IncrediMail\bin\IMApp.exe" = C:\Programme\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Programme\IncrediMail\bin\IncMail.exe" = C:\Programme\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Programme\IncrediMail\bin\ImpCnt.exe" = C:\Programme\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\T-Online\Browser\Browser.exe" = C:\T-Online\Browser\Browser.exe:*:Enabled:T-Online Browser -- File not found
"C:\T-Online\Browser\dlman.exe" = C:\T-Online\Browser\dlman.exe:*:Enabled:T-Online Downloadmanger -- File not found
"C:\Dokumente und Einstellungen\Aschwege Clan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\7S1SSK9J\incredimail_install[1].exe" = C:\Dokumente und Einstellungen\Aschwege Clan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\7S1SSK9J\incredimail_install[1].exe:*:Enabled:IncrediMail Installer -- File not found
"C:\Dokumente und Einstellungen\Aschwege Clan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\LBG01SRO\incredimail_install[1].exe" = C:\Dokumente und Einstellungen\Aschwege Clan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\LBG01SRO\incredimail_install[1].exe:*:Enabled:IncrediMail Installer -- File not found
"C:\Programme\Yahoo!\Messenger\YPager.exe" = C:\Programme\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Programme\Yahoo!\Messenger\YServer.exe" = C:\Programme\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Programme\LimeWire\LimeWire.exe" = C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Programme\Shareaza\Shareaza.exe" = C:\Programme\Shareaza\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing -- File not found
"C:\Programme\Internet Explorer\iexplore.exe" = C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Programme\Paltalk Messenger\paltalk.exe" = C:\Programme\Paltalk Messenger\paltalk.exe:*:Enabled:PaltalkScene -- (AVM Software Inc.)
"C:\Programme\YaChat Messenger\YaChat.exe" = C:\Programme\YaChat Messenger\YaChat.exe:*:Enabled:YaChat Messenger -- (YaChat)
"C:\Programme\YaChat Messenger\Radio.exe" = C:\Programme\YaChat Messenger\Radio.exe:*:Enabled:YaChat Radio -- (YaChat)
"C:\Programme\YaChat Messenger\update\update.exe" = C:\Programme\YaChat Messenger\update\update.exe:*:Enabled:YaChat Update -- (YaChat)
"C:\Programme\FlashFXP\FlashFXP.exe" = C:\Programme\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Programme\Shareaza Applications\Shareaza\Shareaza.exe" = C:\Programme\Shareaza Applications\Shareaza\Shareaza.exe:*:Enabled:Shareaza -- File not found
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\TeamViewer\Version4\TeamViewer.exe" = C:\Programme\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\WinMX\WinMX.exe" = C:\Programme\WinMX\WinMX.exe:*:Enabled:WinMX Application -- (Frontcode Technologies)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\Aschwege Clan\Lokale Einstellungen\Temp\ImInstaller\photomail_installer.exe" = C:\Dokumente und Einstellungen\Aschwege Clan\Lokale Einstellungen\Temp\ImInstaller\photomail_installer.exe:*:Enabled:IncrediMail Installer -- File not found
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00040407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{15382D89-6EF6-4D21-9484-B500F2B10E46}" = PhotoMail Maker
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C569633-C8DE-46E2-BB8F-F65198681C2F}" = Corel MediaOne
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{49B6F667-76EB-4E9D-ACD2-84B7437901C0}" = LG PC Suite II
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5AE68DC3-F16E-457D-947A-092D614C7ABD}_is1" = Spy Sweeper
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6059C682-4C5F-4106-8487-943E98225D3B}" = LG MC USB Modem driver
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{AC76BA86-7AD7-1031-7B44-A00000000001}" = Adobe Reader 6.0.1 - Deutsch
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam-Software
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Horsez - Abenteuer auf dem Reiterhof 5" = Horsez - Abenteuer auf dem Reiterhof 5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IncrediMail" = IncrediMail 2.0
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"IrfanView" = IrfanView (remove only)
"LimeWire" = LimeWire PRO 4.9.33
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PalTalk8.2" = PaltalkScene
"PhotoMail" = PhotoMail Maker
"PhotoScape" = PhotoScape
"QcDrv" = Logitech® Camera-Treiber
"RealPlayer 6.0" = RealPlayer
"Sound Blaster Audigy" = Sound Blaster Audigy
"TeamViewer 4" = TeamViewer 4
"Trellix2DeinstKey9" = Trellix Web
"UltraSnap Trial_is1" = UltraSnap Trial 1.8
"WebGraphics Optimizer Professional 4.2" = WebGraphics Optimizer Professional 4.2
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMX" = WinMX
"WinRAR archiver" = WinRAR Archivierer
"WinZip" = WinZip
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xara3D5" = Xara3D 5
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30.12.2009 15:34:03 | Computer Name = BIANKA | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.1.3622, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 02.01.2010 12:20:38 | Computer Name = BIANKA | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung msiexec.exe, Version 3.1.4000.1823, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 02.01.2010 14:23:55 | Computer Name = BIANKA | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Skype.exe, Version 4.1.0.166, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 02.01.2010 14:37:00 | Computer Name = BIANKA | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 7.0.5730.13, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 02.01.2010 14:58:20 | Computer Name = BIANKA | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung QuickTimePlayer.exe, Version 7.55.90.70, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 02.01.2010 15:10:38 | Computer Name = BIANKA | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.1.3622, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 02.01.2010 16:14:26 | Computer Name = BIANKA | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung realplay.exe, Version 11.0.0.446, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 06.01.2010 08:31:10 | Computer Name = BIANKA | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung _iu14D2N.tmp, Version 51.49.0.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 06.01.2010 08:53:59 | Computer Name = BIANKA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.2649, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.

Error - 06.01.2010 08:55:43 | Computer Name = BIANKA | Source = pctsSvc.exe | ID = 0
Description =

[ OSession Events ]
Error - 12.08.2009 13:59:42 | Computer Name = PRIVAT-CC654E57 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 19.11.2009 14:35:57 | Computer Name = PRIVAT-CC654E57 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 06.01.2010 09:08:18 | Computer Name = BIANKA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Planer" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 06.01.2010 09:22:09 | Computer Name = BIANKA | Source = Service Control Manager | ID = 7034
Description = Dienst "ThreatFire" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.

Error - 06.01.2010 09:22:40 | Computer Name = BIANKA | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst ThreatFire.

Error - 06.01.2010 09:22:40 | Computer Name = BIANKA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ThreatFire" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error - 06.01.2010 10:35:08 | Computer Name = BIANKA | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Avira
AntiVir Planer.

Error - 06.01.2010 10:35:08 | Computer Name = BIANKA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Planer" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 06.01.2010 10:35:08 | Computer Name = BIANKA | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Avira
AntiVir Guard.

Error - 06.01.2010 10:35:08 | Computer Name = BIANKA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Guard" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 06.01.2010 10:35:37 | Computer Name = BIANKA | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst IMAPI-CD-Brenn-COM-Dienste.

Error - 06.01.2010 10:35:37 | Computer Name = BIANKA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053


< End of report >
__________________

Antwort

Themen zu Malware Defense, Antivir Blocker, Kaspersky Blocker
ad aware, log datei, nicht öffnen



Ähnliche Themen: Malware Defense, Antivir Blocker, Kaspersky Blocker


  1. AntiVir Blocker
    Log-Analyse und Auswertung - 09.02.2015 (9)
  2. firefox31: pop-up-blocker
    Log-Analyse und Auswertung - 24.09.2014 (7)
  3. Pop ups trotz Pop up Blocker
    Plagegeister aller Art und deren Bekämpfung - 31.07.2014 (6)
  4. Pop up trotz pop up Blocker
    Plagegeister aller Art und deren Bekämpfung - 17.07.2014 (5)
  5. Chrome Javascript blocker
    Antiviren-, Firewall- und andere Schutzprogramme - 10.09.2013 (1)
  6. Wöchentlicher AntiVir-Lauf findet TR/Ransom.Blocker.cafz
    Log-Analyse und Auswertung - 19.08.2013 (4)
  7. TR/Ransom.Blocker.cafz
    Plagegeister aller Art und deren Bekämpfung - 14.08.2013 (3)
  8. TR/Ransom.Blocker mein OTL-Log
    Log-Analyse und Auswertung - 29.07.2013 (15)
  9. Trojan/Win32.Blocker
    Plagegeister aller Art und deren Bekämpfung - 01.04.2013 (3)
  10. Internetseiten Blocker
    Plagegeister aller Art und deren Bekämpfung - 20.03.2013 (19)
  11. Windows Blocker 50 Euro
    Plagegeister aller Art und deren Bekämpfung - 26.02.2012 (12)
  12. Windows 50 Euro blocker
    Log-Analyse und Auswertung - 11.02.2012 (1)
  13. Malware Defense,Antivir Blocker,Kaspersky Blocker
    Plagegeister aller Art und deren Bekämpfung - 18.01.2010 (19)
  14. Malware Defense und Antivir wird geblockt
    Log-Analyse und Auswertung - 07.01.2010 (10)
  15. Google.de Blocker
    Plagegeister aller Art und deren Bekämpfung - 28.09.2005 (22)
  16. Ip Blocker
    Antiviren-, Firewall- und andere Schutzprogramme - 21.11.2004 (1)
  17. Dialer Blocker bei Conrad
    Plagegeister aller Art und deren Bekämpfung - 03.08.2003 (14)

Zum Thema Malware Defense, Antivir Blocker, Kaspersky Blocker - Hallo, habe exakt das selbe Probl. und wollte nicht extra ein neues Thema eröffnen... habe durch ad aware den malware defense in quarantäne stecken können, habe nun den CCleaner benutzt, - Malware Defense, Antivir Blocker, Kaspersky Blocker...
Archiv
Du betrachtest: Malware Defense, Antivir Blocker, Kaspersky Blocker auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.