Zurück   Trojaner-Board > Malware entfernen > Antiviren-, Firewall- und andere Schutzprogramme
ICQ Problem

ICQ Problem


Antiviren-, Firewall- und andere Schutzprogramme: ICQ Problem

Windows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen.

Antwort
Alt 29.04.2010, 16:34   #1
patrick007
 
ICQ Problem - Standard

ICQ Problem


Hallo,
ich habe auch dieses ICQ Problem, wo ICQ alleine Gespräche öffnet und dann Links verschickt.

Hier habe ich ein HijackThis Logfile

Zitat:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:06:24, on 29.04.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Users\Public\winsvcn.exe
D:\Programme\HiJackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [WindowsUpdateManager] C:\Users\Public\winsvcn.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: SMART board.txt
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix: 
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 5066 bytes
Hier der Malewarebytes Log

Zitat:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 4051

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

29.04.2010 17:20:58
mbam-log-2010-04-29 (17-20-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 284813
Laufzeit: 1 Stunde(n), 6 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files\Cryptload\ocr\filer.net\ocr_by_spider_b\Version4.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Cryptload\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
D:\Programme\Tune up\TuneUp.Utilities.2010.v9.0.2000.15.German.Keymaker.Only-CORE\keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

Hier sind die beiden OTL Logs

Zitat:
Code:
ATTFilter
OTL logfile created on: 29.04.2010 17:26:51 - Run 2
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\Patrick\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,72 Gb Total Space | 72,36 Gb Free Space | 52,92% Space Free | Partition Type: NTFS
Drive D: | 161,37 Gb Total Space | 72,08 Gb Free Space | 44,67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PATRICK-PC
Current User Name: Patrick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Patrick\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Public\winsvcn.exe ()
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Patrick\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (SMARTVHidMini2000x86) -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys (SMART Technologies ULC)
DRV - (SMARTVTabletPCx86) -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys (SMART Technologies ULC)
DRV - (SMARTMouseFilterx86) -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys (SMART Technologies ULC)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\Windows\System32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\Windows\System32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (RT73) -- C:\Windows\System32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {D6D05E6F-D5C1-4e03-8E33-73F92B05E262}:10.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.04 12:17:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.04 12:17:26 | 000,000,000 | ---D | M]

[2009.12.29 20:20:42 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\mozilla\Extensions
[2010.04.28 20:05:39 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\kpeo28yr.default\extensions
[2010.04.27 20:50:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\kpeo28yr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.11 14:54:18 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\kpeo28yr.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010.04.11 14:34:16 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\kpeo28yr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.03.18 14:56:51 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.03.18 14:56:51 | 000,000,000 | ---D | M] (SMART Notebook Extension) -- C:\Programme\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.02.06 15:21:06 | 000,378,514 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13045 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Programme\SMART Technologies\SMART Notebook\NotebookPlugin.dll (SMART Technologies ULC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [  Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [WindowsUpdateManager] C:\Users\Public\winsvcn.exe ()
O4 - Startup: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SMART board.txt ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{72baa097-0f52-11df-9b71-001a923be07a}\Shell - "" = AutoRun
O33 - MountPoints2\{72baa097-0f52-11df-9b71-001a923be07a}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\{7e997c1a-0049-11df-8be1-001a923be07a}\Shell - "" = AutoRun
O33 - MountPoints2\{7e997c1a-0049-11df-8be1-001a923be07a}\Shell\AutoRun\command - "" = J:\autorun.exe -- File not found
O33 - MountPoints2\{f25be648-0e4c-11df-a103-001a923be07a}\Shell - "" = AutoRun
O33 - MountPoints2\{f25be648-0e4c-11df-a103-001a923be07a}\Shell\AutoRun\command - "" = J:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.29 15:36:06 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Desktop\Musik-Test
[2010.04.29 15:10:52 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Malwarebytes
[2010.04.29 15:10:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:10:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.29 15:10:39 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.29 15:10:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.29 14:43:57 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.04.27 20:46:49 | 000,572,328 | ---- | C] (Ramsor) -- C:\Users\Patrick\Desktop\SimpleCSSHack.exe
[2010.04.27 19:32:26 | 000,000,000 | ---D | C] -- C:\Programme\Steamless CounterStrikeSource Pack
[2010.04.26 14:01:27 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Documents\Praktikumsfotos
[2010.04.21 15:16:45 | 000,000,000 | ---D | C] -- C:\Programme\TeamSpeak 3 Client
[2010.04.14 14:18:27 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.14 14:18:27 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.14 14:18:25 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.14 14:18:23 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010.04.14 14:18:23 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010.04.11 13:09:38 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Desktop\Musik
[2010.04.09 20:01:35 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Documents\Command & Conquer Generäle Stunde Null Data
[2010.03.31 17:02:44 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.03.31 17:02:43 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.03.31 17:02:43 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.03.31 17:02:42 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

========== Files - Modified Within 30 Days ==========

[2010.04.29 17:28:52 | 006,029,312 | -HS- | M] () -- C:\Users\Patrick\NTUSER.DAT
[2010.04.29 17:25:36 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.29 17:25:36 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.29 17:25:08 | 000,102,217 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.04.29 17:25:07 | 000,102,217 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.04.29 17:24:34 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.29 17:24:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.29 17:24:22 | 000,252,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.04.29 17:24:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.29 17:23:45 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.29 17:22:37 | 000,524,288 | -HS- | M] () -- C:\Users\Patrick\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.04.29 17:22:37 | 000,065,536 | -HS- | M] () -- C:\Users\Patrick\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.04.29 17:22:35 | 006,291,456 | -H-- | M] () -- C:\Users\Patrick\AppData\Local\IconCache.db
[2010.04.29 17:17:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.29 17:07:27 | 000,001,051 | ---- | M] () -- C:\Users\Patrick\Desktop\Counter-Strike Source - Verknüpfung.lnk
[2010.04.29 16:09:37 | 001,418,612 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.29 16:09:37 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.29 16:09:37 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.29 16:09:37 | 000,122,442 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.29 16:09:37 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.29 15:10:47 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.29 14:43:58 | 000,001,874 | ---- | M] () -- C:\Users\Patrick\Desktop\HijackThis.lnk
[2010.04.28 14:47:58 | 000,032,350 | ---- | M] () -- C:\Users\Patrick\Desktop\screen.jpg
[2010.04.21 15:16:47 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010.04.21 11:25:56 | 000,004,571 | ---- | M] () -- C:\Users\Patrick\Desktop\gentri. Patrick.notebook
[2010.04.18 21:12:59 | 000,027,648 | ---- | M] () -- C:\Users\Patrick\Desktop\Aufteilung Gentrification.doc
[2010.04.14 20:48:34 | 000,008,111 | ---- | M] () -- C:\Users\Patrick\Desktop\bild34.jpg
[2010.04.14 14:43:27 | 000,002,073 | ---- | M] () -- C:\Users\Patrick\Desktop\Google Earth.lnk
[2010.04.14 14:23:23 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.04.12 21:09:23 | 000,017,706 | ---- | M] () -- C:\Users\Patrick\Desktop\....notebook
[2010.04.12 21:03:57 | 000,006,064 | ---- | M] () -- C:\Users\Patrick\Desktop\steffen.notebook
[2010.04.11 20:01:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.04.11 20:01:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010.04.09 20:26:36 | 000,000,991 | ---- | M] () -- C:\Windows\eReg.dat
[2010.04.09 19:52:44 | 000,012,288 | ---- | M] () -- C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2010.04.29 17:07:27 | 000,001,051 | ---- | C] () -- C:\Users\Patrick\Desktop\Counter-Strike Source - Verknüpfung.lnk
[2010.04.29 15:10:47 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.29 14:43:58 | 000,001,874 | ---- | C] () -- C:\Users\Patrick\Desktop\HijackThis.lnk
[2010.04.28 14:47:58 | 000,032,350 | ---- | C] () -- C:\Users\Patrick\Desktop\screen.jpg
[2010.04.27 20:40:22 | 000,345,088 | ---- | C] () -- C:\Users\Patrick\Desktop\SchoolHackCSS.exe
[2010.04.21 15:16:47 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010.04.21 15:16:10 | 000,004,571 | ---- | C] () -- C:\Users\Patrick\Desktop\gentri. Patrick.notebook
[2010.04.18 21:12:58 | 000,027,648 | ---- | C] () -- C:\Users\Patrick\Desktop\Aufteilung Gentrification.doc
[2010.04.14 20:48:33 | 000,008,111 | ---- | C] () -- C:\Users\Patrick\Desktop\bild34.jpg
[2010.04.14 14:43:27 | 000,002,073 | ---- | C] () -- C:\Users\Patrick\Desktop\Google Earth.lnk
[2010.04.14 14:23:23 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.04.12 21:09:23 | 000,017,706 | ---- | C] () -- C:\Users\Patrick\Desktop\....notebook
[2010.04.12 21:03:57 | 000,006,064 | ---- | C] () -- C:\Users\Patrick\Desktop\steffen.notebook
[2010.04.11 20:01:00 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010.04.11 20:01:00 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010.02.26 19:07:00 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2010.01.29 19:08:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.01.13 15:40:28 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.01.11 15:50:56 | 000,073,728 | ---- | C] () -- C:\Windows\System32\vbzlib1.dll
[2009.12.30 14:17:29 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004.08.13 10:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
< End of report >
und der andere

Zitat:
Code:
ATTFilter
OTL Extras logfile created on: 29.04.2010 17:26:51 - Run 2
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\Patrick\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,72 Gb Total Space | 72,36 Gb Free Space | 52,92% Space Free | Partition Type: NTFS
Drive D: | 161,37 Gb Total Space | 72,08 Gb Free Space | 44,67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PATRICK-PC
Current User Name: Patrick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 1
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{03BBA020-711A-462A-99A2-AF37E2757FD0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1CF7E248-B806-4FA7-9362-14E8970DE2FB}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1EF5C130-6A0A-4A9F-AA2E-65E71108E555}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{269AC267-F7A3-4DBF-93F8-8F3561D2373B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{29C2F5E7-B538-4F8B-A5F3-3911D8F24968}" = rport=445 | protocol=6 | dir=out | app=system | 
"{305ACDDC-F87A-43E3-887D-8A37DE10E34C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{33E3B683-D3E3-4DB9-9FCD-056C693DA492}" = rport=138 | protocol=17 | dir=out | app=system | 
"{37215E9F-052C-4557-A456-4CFC83A945E1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{5B7D9FB7-A059-4CB8-962A-092630A4F89B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{95B0CCD2-D38B-41B0-8C01-5EFFB55C4908}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9BCB0B3E-ADA2-4119-B5C2-5AF1C95AEA0B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9CA54C8C-51E1-4A3D-A2B6-D6C75BDE183E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A0231888-D747-44F3-8674-1E90255AF54C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BC6BA903-D1CE-478A-98C2-43BF0FB46FA5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C1E3BCCE-5174-4078-929B-46C069FE523D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C88418CF-3894-45A2-B8C4-F88B4DA20475}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CB704816-00A6-4DF3-B291-6B9D0DA70EAC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D524843D-41FE-42C3-8C0A-AEBCD5F2CCE7}" = lport=139 | protocol=6 | dir=in | app=system | 

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{004C9B88-9FDB-4E88-A42C-1DB279E1F851}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{0DB483A4-1B47-4F77-9D94-7D42E3C91B8E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{16792C45-F6AC-418A-A71C-FBF2627031E3}" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucgui.exe | 
"{1E943C23-ABB2-4DCF-8B81-0CF73E8199B7}" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucservice.exe | 
"{1E94919B-D2B0-4B86-A768-1F366D100D90}" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\smartsnmpagent.exe | 
"{27DD22C2-D7B2-4D6E-94E6-3A6F1B1892A1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{29CB672E-57F2-4584-BD1D-E510801A2AAA}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{30702351-34CE-4A83-A7BE-9186A0435815}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{340D3B6C-8968-4EA4-A6AE-A54F33AF41D0}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{35A0FF95-BFA4-44CF-A1AD-3AA84245D9C7}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{3AAA450A-6051-4F36-A4A1-D46B4BA232F9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3B92582B-D6DC-4DC6-B432-BE3F0425E0C8}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{46A47CFE-B73A-4FF3-8D2B-41FB7A359067}" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucservice.exe | 
"{53B697D8-FD6C-4B55-9AE5-1C82EE6A3817}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{55F64BFA-A345-4E3A-B770-DF5D0EF0C96C}" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucgui.exe | 
"{5BB41705-94D8-4A2D-9024-649BE7BA4CA8}" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\smartsnmpagent.exe | 
"{5C5621A6-6F6C-48A1-96B4-E09CC49244B6}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold\stronghold.exe | 
"{6F3E5786-D0D3-43FD-B986-67B8483AEA4B}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{752BDC28-6931-4DF6-8EAB-541B7B703B71}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{8726FB67-8367-4139-9E24-2AD6BB5E4BAC}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader extreme.exe | 
"{95D3597C-437D-4C26-940B-1CD7D1D392F3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A6642E0A-99C3-4B2B-BA2F-CB781CCD19FD}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{A7C86B56-FE8C-4607-B485-F5CE121EA113}" = protocol=6 | dir=in | app=c:\program files\steamless counterstrikesource pack\counter-strike source.exe | 
"{AA5CBE17-CC6A-4F7C-BDB7-59AF689D2080}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{CFD8AA43-AACC-49B4-8988-F21425DFB15A}" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\webserver.exe | 
"{E2B991C5-F83A-4CB0-8080-D7FBBC3D0E51}" = protocol=17 | dir=in | app=c:\program files\steamless counterstrikesource pack\counter-strike source.exe | 
"{E974A73D-7953-4600-B002-F0B36F0658D5}" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\webserver.exe | 
"{EDF2C480-065F-4DB8-B38B-54FCBC3B291B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F10C08C1-ADAE-40B0-BD47-A77BEB554BE2}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold\stronghold.exe | 
"{F363D40E-393C-44C2-A512-512D2B6910B5}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{F47CBAD6-CCE7-471F-AAEF-5D74A5D794B7}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader extreme.exe | 
"TCP Query User{48629F9E-5555-493D-9695-93A44DE19E71}C:\program files\ea games\command & conquer generäle stunde null\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer generäle stunde null\game.dat | 
"TCP Query User{4CB00D87-8F66-4A9E-9E2C-F0C14351FCEA}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{576EF316-87BE-48E4-8DBF-D1C6FC17B9A6}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{59397BE8-EEC7-4EFF-875F-5CAE568E3017}C:\program files\steamless counterstrikesource pack\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steamless counterstrikesource pack\hl2.exe | 
"TCP Query User{733F6058-4824-430B-9457-E71F245670E8}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{90115CF0-9A81-46B8-8EE2-A527C6AEE0FA}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{A7D8DBCB-0E6C-4462-B22A-60E41CC58806}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"TCP Query User{B4477EEE-BE25-454B-9EF4-425106A838E7}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"TCP Query User{C850D1E8-4C4D-48F2-9FF9-31436AB475FB}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe | 
"TCP Query User{D7275F33-8063-433E-AC39-CFDD2B137BAB}C:\program files\ea games\command and conquer generals\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command and conquer generals\game.dat | 
"TCP Query User{E0554505-76D0-45E1-981F-FF60121EF5D3}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{00D5EE9F-7484-434F-B72A-217297BC4159}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"UDP Query User{1A1902EE-94C2-4226-A3F9-F567B298DF9E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{1A772393-234B-446F-A60E-E9AAA25E8905}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{2E0D21C0-0EC6-4487-8FCC-C8F0113591A6}C:\program files\ea games\command & conquer generäle stunde null\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer generäle stunde null\game.dat | 
"UDP Query User{2EE17EF0-0CFA-47DB-842F-4FA797DDA316}C:\program files\steamless counterstrikesource pack\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steamless counterstrikesource pack\hl2.exe | 
"UDP Query User{648FB524-A753-4EA6-A742-772971F4980B}C:\program files\ea games\command and conquer generals\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command and conquer generals\game.dat | 
"UDP Query User{64F8A100-A206-4D79-8B7C-8DDF156A0F4D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{6A56C714-C155-49D7-BC74-5914DFB4F489}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"UDP Query User{891FC9D0-02E3-4E1C-8EDC-32672A57393F}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{C4236580-2B47-4D75-86E1-252747F63512}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{CCEA24D2-FDF7-4980-BD16-3D244B8DAB10}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe | 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0A0719F0-AD56-42BA-B68C-EFFC330B6F13}" = SMART Notebook
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{2623A1E3-478A-4F4A-A522-3A3D784A0C9C}" = SMART Product Drivers
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{415CD877-0970-4CB6-B178-1E72F7DC60E7}" = MyScript HWR (German)
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EBA4A9-25D7-4F86-AB6D-0848C74CC3F8}" = Conceptronic 54Mbps Wireless Utility
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C69405BB-27AF-4940-B3DA-04910B4DFD23}_is1" = aTube Catcher 1.0
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"HijackThis" = HijackThis 2.0.2
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{72EBA4A9-25D7-4F86-AB6D-0848C74CC3F8}" = Conceptronic 54Mbps Wireless Utility
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 12.0" = RealPlayer
"Steamless Counter Strike Source Pack" = Steamless Counter Strike Source Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TmNationsForever_is1" = TmNationsForever
"Totalcmd" = Total Commander (Remove or Repair)
"TuneUp Utilities" = TuneUp Utilities
"VLC media player" = VLC media player 1.0.3
"WinRAR archiver" = WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12.04.2010 07:26:46 | Computer Name = Patrick-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung hl2.exe, Version 0.0.0.0, Zeitstempel 0x4445c334,
fehlerhaftes Modul scenefilecache.dll, Version 0.0.0.0, Zeitstempel 0x4474ce19,
Ausnahmecode 0xc0000005, Fehleroffset 0x00003e2c, Prozess-ID 0x744, Anwendungsstartzeit
01cada32e3af1990.

Error - 12.04.2010 08:03:48 | Computer Name = Patrick-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung hl2.exe, Version 0.0.0.0, Zeitstempel 0x4445c334,
fehlerhaftes Modul scenefilecache.dll, Version 0.0.0.0, Zeitstempel 0x4474ce19,
Ausnahmecode 0xc0000005, Fehleroffset 0x00003e2c, Prozess-ID 0xbcc, Anwendungsstartzeit
01cada382b244660.

Error - 16.04.2010 08:17:32 | Computer Name = Patrick-PC | Source = Windows Search Service | ID = 3024
Description = 

Error - 21.04.2010 14:17:05 | Computer Name = Patrick-PC | Source = Google Update | ID = 20
Description = 

Error - 27.04.2010 14:06:46 | Computer Name = Patrick-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung hl2.exe, Version 0.0.0.0, Zeitstempel 0x4445c334,
fehlerhaftes Modul filesystem_steam.dll_unloaded, Version 0.0.0.0, Zeitstempel 
0x47e2d72b, Ausnahmecode 0xc0000005, Fehleroffset 0x00a3553e, Prozess-ID 0x964, Anwendungsstartzeit
01cae63205e51ee6.

Error - 27.04.2010 14:40:15 | Computer Name = Patrick-PC | Source = Application Hang | ID = 1002
Description = Programm SchoolHackCSS.exe, Version 0.0.0.0 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen. Prozess-ID: 484 Anfangszeit: 01cae6390ad17af6 Zeitpunkt
der Beendigung: 6

Error - 27.04.2010 14:40:58 | Computer Name = Patrick-PC | Source = Application Hang | ID = 1002
Description = Programm SchoolHackCSS.exe, Version 0.0.0.0 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen. Prozess-ID: e4c Anfangszeit: 01cae639247ef776 Zeitpunkt
der Beendigung: 6

Error - 27.04.2010 14:47:53 | Computer Name = Patrick-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6002.18005, Zeitstempel
0x49e01e78, fehlerhaftes Modul mshtml.dll, Version 7.0.6002.18226, Zeitstempel 
0x4b966c50, Ausnahmecode 0xc0000005, Fehleroffset 0x000be3ae, Prozess-ID 0xeac, Anwendungsstartzeit
01cae63a1d979516.

Error - 29.04.2010 09:53:39 | Computer Name = Patrick-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung winsvcn.exe, Version 0.0.0.0, Zeitstempel 0x4bd84bc8,
fehlerhaftes Modul WS2_32.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a798, 
Ausnahmecode 0xc0000005, Fehleroffset 0x00016342, Prozess-ID 0x144, Anwendungsstartzeit
01cae7962952d5f4.

Error - 29.04.2010 10:04:53 | Computer Name = Patrick-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung winsvcn.exe, Version 0.0.0.0, Zeitstempel 0x4bd84bc8,
fehlerhaftes Modul WS2_32.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a798, 
Ausnahmecode 0xc0000005, Fehleroffset 0x00016342, Prozess-ID 0xe44, Anwendungsstartzeit
01cae7a4e6d1fe0a.

[ System Events ]
Error - 23.04.2010 12:03:42 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7026
Description = 

Error - 24.04.2010 14:43:31 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7026
Description = 

Error - 25.04.2010 08:10:15 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7026
Description = 

Error - 26.04.2010 07:28:16 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7026
Description = 

Error - 27.04.2010 13:26:05 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7026
Description = 

Error - 28.04.2010 08:15:54 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7026
Description = 

Error - 28.04.2010 13:55:27 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7026
Description = 

Error - 29.04.2010 08:07:10 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7026
Description = 

Error - 29.04.2010 10:04:23 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7026
Description = 

Error - 29.04.2010 11:25:05 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7026
Description = 


< End of report >
Ich danke jetzt schon mal für alle Antworten
Mfg Patrick
Geändert von patrick007 (29.04.2010 um 16:43 Uhr)

Alt 29.04.2010, 20:27   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ICQ Problem - Standard

ICQ Problem


Zitat:
D:\Programme\Tune up\TuneUp.Utilities.2010.v9.0.2000.15.German.Keymaker.Only-CORE\keygen.exe
Herzlichen Glückwunsch zu FORMAT C:!


Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr.

Für Dich geht es hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!
__________________

__________________
Alt 29.04.2010, 20:41   #3
patrick007
 
ICQ Problem - Standard

ICQ Problem


ja ok ich werde ihn höchstwahrscheinlich morgen neu aufsetzten, aber ich habe heute einen Bekannten gefragt wegen dem ICQ Problem, das liegt ja wahrscheinlich an dieser C:\Users\Public\winsvcn.exe
Wenn ich den PC neu aufsetze, dann ist diese Datei ja noch in Windows_old gespeichert und richtet dann bestimmt von da aus Schaden an.
__________________
Geändert von patrick007 (29.04.2010 um 20:47 Uhr)

Antwort

Themen zu ICQ Problem
0x00000001, adblock, antivir, antivir guard, avgntflt.sys, avira, bho, components, corp./icp, counter-strike source, desktop, error, excel, firefox, firefox 3.6.3, flash player, fontcache, google, gupdate, hijack, hijackthis, home, home premium, iexplore.exe, install.exe, location, malware.packer, nvlddmkm.sys, nvstor.sys, object, oldtimer, otl logfile, otl.exe, problem, programdata, realtek, registry, safer networking, saver, searchplugins, security, shell32.dll, software, sptd.sys, start menu, svchost.exe, system, teamspeak, total commander, trojan.agent.ck, trojan.downloader, vista, vlc media player, windows


« Rechner fährt automatisch binnen 30 Sekunden runter | ICQ IProblem sshnas21.dll & Internet Explorer startet immer Werbung... »


Ähnliche Themen: ICQ Problem


  1. Trojaner-Warnung/PC-Problem: Liegt es an der Hardware oder an einem Trojaner-Problem?
    Plagegeister aller Art und deren Bekämpfung - 17.03.2015 (7)
  2. Windows 8: Problem beim Starten von C:\ Problem Files (x86)\HomeTab\TBUpdater.dll
    Plagegeister aller Art und deren Bekämpfung - 27.02.2015 (9)
  3. McAffee und Spybot finden ein Problem und können es nicht beheben, dann ist das Problem plötzlich nicht mehr da
    Log-Analyse und Auswertung - 09.02.2014 (5)
  4. Internet läuft langsam .. DNS Problem ? Manchmal friert alles ein Neustart behebt Problem
    Log-Analyse und Auswertung - 25.04.2012 (1)
  5. gleiches Problem wie http://www.trojaner-board.de/99057-das-system-hat-ein-problem-mit-einem-oder-me
    Plagegeister aller Art und deren Bekämpfung - 26.05.2011 (1)
  6. Problem mit explorer.exe verbunden mit Active Desktop-Problem
    Alles rund um Windows - 05.01.2011 (5)
  7. Firefox problem, Anti-banner problem, Flashplayer problem, Viren problem?
    Plagegeister aller Art und deren Bekämpfung - 03.10.2010 (11)
  8. Problem mit Webseite und cikutalist-wo das Problem posten?
    Mülltonne - 30.09.2010 (2)
  9. Bildschirm-Problem oder Grafikkarten-Problem oder..?
    Netzwerk und Hardware - 08.09.2010 (9)
  10. AntiVir-Installations-Problem und Win-Problem!
    Log-Analyse und Auswertung - 21.10.2009 (1)
  11. problem mit Desktop symbol problem
    Alles rund um Windows - 06.09.2009 (14)
  12. Problem = you have a secruity problem
    Log-Analyse und Auswertung - 04.10.2008 (1)
  13. problem mit der maus, wohl internes problem
    Alles rund um Windows - 24.02.2008 (5)
  14. Sorry für F**** Problem mit PC...neues Problem mit SV-Host
    Log-Analyse und Auswertung - 18.07.2005 (21)
  15. Problem mit Startseite - genau das gleiche Problem wie Staux!!!
    Plagegeister aller Art und deren Bekämpfung - 05.01.2005 (30)
  16. Anti Vir Problem + Firefox Problem
    Antiviren-, Firewall- und andere Schutzprogramme - 15.12.2004 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema ICQ Problem - Hallo, ich habe auch dieses ICQ Problem, wo ICQ alleine Gespräche öffnet und dann Links verschickt. Hier habe ich ein HijackThis Logfile Zitat: Code: Alles auswählen Aufklappen ATTFilter Logfile of - ICQ Problem...
Archiv
Du betrachtest: ICQ Problem auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131