| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Angefangen hat es mit Antimalware Doctor...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.04.2010, 17:11
| #1 |
 |  Angefangen hat es mit Antimalware Doctor... Hallo, gestern Abend gegen hab 11 habe ich mir leider den "Antimalware Doctor". Seit dem versuche ich gegen die vielen Viren die auf meinem PC sind an zu kämpfen. Ich habe schon mehrere male die 2 Programme über laufen lassen: "rkill.com" und " Malwarebytes Anti-Malware ". Doch ich habe das Gefühl es werden immer mehr Viren... Ich poste mal die Letzten Logs: rkill: Code:
ATTFilter This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as *** on 12.04.2010 at 17:47:39.
Processes terminated by Rkill or while it was running:
C:\Windows\System32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\msfeedssync.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rkill.com
C:\Windows\system32\WerFault.exe
Rkill completed on 12.04.2010 at 17:48:13.
Code:
ATTFilter Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Datenbank Version: 3978
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882
12.04.2010 18:08:04
mbam-log-2010-04-12 (18-08-04).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 107398
Laufzeit: 10 Minute(n), 56 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 22
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_voidenvqmdspwx (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOIDd.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
C:\Windows\_VOIDenvqmdspwx (Rootkit.TDSS) -> Quarantined and deleted successfully.
Infizierte Dateien:
C:\Windows\System32\_VOIDaxugupxmtt.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDbgsmqdronl.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDctutchvlou.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDenlqxxytht.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDhwnppopefl.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDiutxomiwti.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDjofsqnptbi.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDkdpbmtyhrv.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDpxggtvvkoa.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDpxvrepowcq.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDrfudxtrxby.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDrvebnwpcne.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDryaoxpbnlt.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDsuhxrfwvha.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDuofjxprtxt.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\_VOIDenvqmdspwx\_VOIDd.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDkigymrthei.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDpwikyfmrir.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDuretdvqeov.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDwgelyipbtd.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDxlfioolxwk.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\_VOID356d.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
Ich hoffe ihr könnt mir helfen Mit freundlichen Grüßen David |
|
13.04.2010, 11:17
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Angefangen hat es mit Antimalware Doctor... Hallo und
__________________ Mach mit Malwarebytes bitte einen Vollscan und poste das Log. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
14.04.2010, 15:35
| #3 |
| | Angefangen hat es mit Antimalware Doctor... Hallo,
__________________Hier der Scann von Malwarebytes, der von OTL folgt: Code:
ATTFilter Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Datenbank Version: 3978
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882
14.04.2010 16:31:23
mbam-log-2010-04-14 (16-31-23).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 360614
Laufzeit: 3 Stunde(n), 35 Minute(n), 33 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 10
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> No action taken.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\registrymonitor1 (Rootkit.Agent) -> No action taken.
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\users\***\appdata\roaming\sdra64.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe rundll32.exe bnis.mxo yfklng) Good: (Explorer.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Users\***\AppData\Roaming\sdra64.exe,) Good: (Userinit.exe) -> No action taken.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F864BKP6\update[1].exe (Spyware.Zbot) -> No action taken.
C:\Users\***\AppData\Local\Temp\pdfupd.exe (Spyware.Zbot) -> No action taken.
C:\Users\***\AppData\Local\Temp\A6B6.tmp (Spyware.Zbot) -> No action taken.
C:\Users\***\AppData\Roaming\sdra64.exe (Spyware.Zbot) -> No action taken.
C:\Windows\System32\bnis.mxo (Backdoor.Bot) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8X230067\update[1].exe (Malware.Packer.Gen) -> No action taken.
C:\Windows\Temp\3F04.tmp (Malware.Packer.Gen) -> No action taken.
C:\Windows\Temp\3F71.tmp (Malware.Packer.Gen) -> No action taken.
C:\Windows\Temp\9932.tmp (Backdoor.Bot) -> No action taken.
C:\Windows\System32\qtplugin.exe (Rootkit.Agent) -> No action taken.
OTL: Extras.txt Code:
ATTFilter OTL Extras logfile created on: 14.04.2010 16:37:09 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 51,00% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,81 Gb Total Space | 6,71 Gb Free Space | 2,92% Space Free | Partition Type: NTFS
Drive D: | 229,11 Gb Total Space | 119,09 Gb Free Space | 51,98% Space Free | Partition Type: NTFS
Drive E: | 3,92 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 698,63 Gb Total Space | 77,17 Gb Free Space | 11,05% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DAVIDSPC
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mp3tag] -- "C:\Program Files\Mp3tag\Mp3tag.exe" "/fp:%1" (Florian Heidenreich)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirstRunDisabled" = 0
"UacDisableNotify" = 0
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- File not found
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05EE2A1E-7F20-443B-8739-1E9F8081FEC1}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{0A09C6F9-0163-4DC1-AFF1-0862CB983110}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1379DD78-D7B9-478A-B0F0-3650C7C59129}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{16AFF1F0-43FB-4CDA-8B37-A2C729AC09A9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{17593071-F416-4ECE-B2D2-8ACB33922866}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{1CD038EE-98AB-445B-BCF8-4E1159D18CE0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2465CFA6-D304-49B5-B96B-9F77CEBA7A01}" = lport=5357 | protocol=6 | dir=in | app=system |
"{256BC22C-90A4-4ADE-9B6B-8837720E69F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{25CE8382-7873-4B6B-A0C4-A555E79E0657}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C35F106-6D47-442D-B23E-63AE97106D00}" = lport=5358 | protocol=6 | dir=in | app=system |
"{3253E367-23DA-4350-819C-79D44D107EFF}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{3F7D3FB4-49F4-48F1-BD8D-DB6E8195FE1A}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{4048701D-5C0D-4B7B-9737-D86B7E6809E2}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{43F20B8C-D4AC-425E-9F30-1EEC2CF7AF66}" = lport=2869 | protocol=6 | dir=in | app=system |
"{459F4031-FAC4-46CC-AC5D-04F68150F20C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4B6B5258-20EC-48A5-81B4-9573243B10B2}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{5240F548-9701-4E31-91C2-72C8F49863F4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{58DF95CB-C9D0-461A-9D4A-05D933D2350E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6638E1D8-BB5C-4AC0-B742-AA32F882F8C3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{667E89E5-BDDD-4674-9C0B-3DB47DCD6246}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{68CE27F4-F25A-4D4B-962C-4AC111203ADF}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{69BF0E1B-C4A8-446D-BBD4-FFBC05CD9AE9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{713531E6-286A-4C3B-925D-CA091D8EE48D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{762B721F-4F0F-4EF9-A5FC-FAF14FFD4841}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{7A233807-82F2-4D80-AF72-FD943DB0FED0}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{7F5ED039-6784-4024-9FA3-30E112840009}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8017D61C-6745-4CBF-8FD1-318D94A0E385}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{8B656A4D-D706-4C17-9565-5261987B7764}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{94F79589-FEE1-4600-8C05-C38DFAC3709B}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{A34E16B2-EA6A-424C-99B4-822809012A90}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{A751F8E7-DA58-4B43-B648-A0CBF1BBDE33}" = rport=5358 | protocol=6 | dir=out | app=system |
"{B08E3A34-A3C8-4C49-BD9E-AC4A96761FEA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B14A5A55-42D5-47E8-8549-B9354DAFCF30}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{CE50F26A-B42D-4B82-8F2B-38CFCDF8EB6E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D3087E8E-E87A-4FA5-A12C-CA25D5644A05}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{D7F4E072-A9F5-417D-AED0-0EDCE3448628}" = rport=5357 | protocol=6 | dir=out | app=system |
"{DAE8F91F-95A3-469A-8CD3-D0AD4E6A94DA}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{DC67F8BB-AE4F-455B-A5F9-9DFFD14846B9}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{E540F1F2-4817-470A-805E-B3840E02DDF8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E7C9E8AC-A0AD-40D5-9CC6-277CBF607DCA}" = lport=57976 | protocol=6 | dir=in | name=akamai netsession interface |
"{EC7A9E08-0154-4020-A73C-A7055DBB48A5}" = lport=59970 | protocol=6 | dir=in | name=akamai netsession interface |
"{FC56C63D-6A18-4407-875F-20CDAC2F591D}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{FFCF2230-ED96-4C41-B9B9-2D8F33717F9E}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A5792F9-5A3C-4BE5-8400-9779F45BB1A5}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{14799621-F344-46FC-A273-0FE3BAD5C35A}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{15E3526F-B238-43E1-A5DE-AB6CD4DACDF0}" = protocol=6 | dir=in | app=c:\program files\roxio\digital home 9\roxioupnprenderer9.exe |
"{1682F178-1A2E-42C0-9D30-93E449BB34C8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{18D9C22E-C60C-46AA-9C68-ADC12B03EF49}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{1AB8B39F-D9BD-40CE-9FA2-74E548EFF867}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2825C47E-B280-4CE5-A860-61596C7017B2}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\apps\2.0\905ltwad.rex\hxogp4mn.n6o\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe |
"{2A5C9940-44AF-41B2-A17D-62F2A05D6196}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{2DA401AB-1E12-44BB-A8DE-A30D42E16F1B}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{3C3DB1FA-3B18-4546-8DD2-0A7DEADA9504}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{410A7BE2-1CE5-40FF-82DE-184F77E880AA}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{48855CBD-C253-4C7D-9A9A-579DB07FFF02}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{48B25F86-353D-4635-9AE3-A8DDBF375E05}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\apps\2.0\905ltwad.rex\hxogp4mn.n6o\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe |
"{4CBED3B5-72A8-4CDB-ADF2-A74361BF4D59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{518F4446-0388-42E4-9274-F42683661ADA}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{55DB299D-57DC-4011-81C3-B0FF0E2B6EC5}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{566F5AC6-C549-4D61-9DCB-AD54A7D9AE96}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{5FC1BE43-C5EB-4314-B79D-4EBD9C125EE3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6426E837-D814-41B1-9FE7-2463BDD8CD16}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6699E87D-3AAB-43C3-966F-6C0D4C3090CC}" = protocol=6 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{6989DD07-E1D3-4B5D-AA77-417652B681C4}" = protocol=17 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{6B89A43F-25B4-4E8E-AD38-2E8CFE0F3201}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{702FACE1-6F8F-4BF8-B640-2AE1EA275829}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{736D5BF6-D440-427D-9999-30EC8C660764}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{73A94B25-E83C-41DC-AE5C-B07E8C53B58F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{77B53372-A875-4511-8D0F-B05A0926865D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7F49931B-C181-4124-9067-13D75D0D5F0F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{85785B36-FD02-4CB1-9A9E-BA90E2E7AFF4}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{912E21DB-9B38-47A9-970E-9201DB9256A6}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{92946682-A2EF-4C1B-BB3C-3FFE1586663D}" = protocol=6 | dir=out | app=system |
"{94FC8C0C-16A9-431D-92FE-DA24192410FB}" = protocol=6 | dir=in | app=c:\program files\roxio\digital home 9\roxioupnprenderer9.exe |
"{9CAF373E-90C0-4F88-B63A-5A6C1C7329F8}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{A8AC6FC2-8DE8-45B5-A6F4-284C375BDB50}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{ACF60C3C-39EA-4D78-BAD8-86689B265FEA}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{AD8D4707-90FE-4427-9C02-5E15FD294272}" = protocol=17 | dir=in | app=c:\program files\roxio\digital home 9\roxioupnprenderer9.exe |
"{B0558042-4221-4FD0-B69A-429DF6A1758D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B152572B-AA70-48A3-84A2-7F06C824B4AB}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{B5B62133-180B-4A6D-8DFD-709202C5F860}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B7C17E01-BBAF-4788-B05B-8EC39173C781}" = protocol=17 | dir=in | app=c:\program files\roxio\digital home 9\roxioupnprenderer9.exe |
"{C2190D5A-89FA-4633-B4B7-5C4E420D7B94}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{DD45D94C-C9BE-4371-AA7C-0CFFE544C8EF}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{DE017049-B22F-47C4-B984-AF15AEE80441}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{E8C990F1-7FFF-4BA6-80E8-4756B88E79B8}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{EC49769A-05D9-4EC3-AA50-110E46EF1F98}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{EDA68388-7309-40C6-8222-35A87DDE47C4}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\apps\2.0\905ltwad.rex\hxogp4mn.n6o\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf149dd7a141\fritzbox-usb-fernanschluss.exe |
"{EFB8C8E5-C335-44B3-8CE8-19955D973C33}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FA6E1A06-2075-4E47-8585-15B518C8B3D6}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\apps\2.0\905ltwad.rex\hxogp4mn.n6o\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf149dd7a141\fritzbox-usb-fernanschluss.exe |
"TCP Query User{1E29CCC3-3920-4DCD-950E-2D245530C900}C:\program files\autoit3\autoit3.exe" = protocol=6 | dir=in | app=c:\program files\autoit3\autoit3.exe |
"TCP Query User{240D411A-8739-47E7-847E-50805D375F21}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{2F7F09B3-1AB1-4D8D-9D03-6949891143B0}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{36ACECEC-F244-4E7A-AE74-306D0D12073D}C:\users\***\desktop\ftp\ftp_upload.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\ftp\ftp_upload.exe |
"TCP Query User{38A36891-2158-4AD3-BADD-158A2E890CF6}C:\program files\eclipse_php\eclipse.exe" = protocol=6 | dir=in | app=c:\program files\eclipse_php\eclipse.exe |
"TCP Query User{39EFAEA7-C332-4F81-AD92-53688F62959C}D:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=d:\xampp\mercurymail\mercury.exe |
"TCP Query User{3A69FBC1-2CF4-4AF9-B47C-31B333CEFEF2}C:\program files\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files\free download manager\fdm.exe |
"TCP Query User{4A1211A5-29C3-415D-8BD0-4AFED1BE0BE6}D:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=d:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{4D693D86-2987-4A42-BDAF-BAD0EAA38025}C:\program files\free download manager\fdmwi.exe" = protocol=6 | dir=in | app=c:\program files\free download manager\fdmwi.exe |
"TCP Query User{4ED92FBF-B353-4952-A133-0BF527A628BB}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{5748DA28-609A-4D29-80D4-ECBE5BC3D230}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{58A627D3-F900-48A6-ADAB-62855FE8C463}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{5CF2525E-76F0-49A5-BA56-AE2064681B6C}C:\users\***\appdata\local\temp\java_ee_sdk-5_01-windows.exe2\package\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\java_ee_sdk-5_01-windows.exe2\package\jre\bin\javaw.exe |
"TCP Query User{6EC2FBFC-52D7-423E-B639-68CCBA02CD43}C:\program files\eclipse_php\eclipse.exe" = protocol=6 | dir=in | app=c:\program files\eclipse_php\eclipse.exe |
"TCP Query User{7016A29D-2452-401C-9A73-CB98AFCB3CDC}C:\users\***\desktop\ftp_upload.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\ftp_upload.exe |
"TCP Query User{750D225A-937F-4FA2-B0D5-1985E7802AD2}C:\program files\eclipse_java\eclipse.exe" = protocol=6 | dir=in | app=c:\program files\eclipse_java\eclipse.exe |
"TCP Query User{785DD3C1-4B36-4949-992F-EE7A716A6878}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{7BBA5D08-873C-4F1B-99A3-ACA2B84130F2}C:\program files\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files\fritz!\frifax32.exe |
"TCP Query User{812A91F4-6036-49AA-9E1C-EC7DEB196518}C:\program files\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe |
"TCP Query User{8D7E8862-7354-4A5B-A992-C8C639A58DB3}D:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=d:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{94B7B1B5-5783-4765-8728-522C1B7D01D7}C:\program files\roxio\media manager 9\mediamanager9.exe" = protocol=6 | dir=in | app=c:\program files\roxio\media manager 9\mediamanager9.exe |
"TCP Query User{9CE6D2AB-529B-45C4-9580-C958DD0048A9}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{B1A5C141-334B-4432-B0FF-C7E899987D68}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{B66648B6-AA96-42D9-9F48-681026300F50}D:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=d:\xampp\mercurymail\mercury.exe |
"TCP Query User{B6E74307-20ED-4161-84A8-76B499133470}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"TCP Query User{C66E6B2A-BC37-4230-B69A-992D979E9C81}C:\users\***\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe |
"TCP Query User{C8FF536F-FD30-4545-BC2F-1124B4A7DE64}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{CF10F4BD-1A58-436E-99F0-4972A44226BA}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{D50671F9-CDAD-498E-83D8-7E392D7A9925}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe |
"TCP Query User{D8CF24C1-2C7E-4A5F-9D8A-A7B37858D034}C:\program files\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\program files\eclipse\eclipse.exe |
"TCP Query User{DD7F8C7B-7639-4280-BE0E-484CEC4C6133}C:\program files\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files\qip infium\infium.exe |
"TCP Query User{DFD5B921-D41B-4A28-A2A5-FAEE7F3A18DF}S:\ftp_upload.exe" = protocol=6 | dir=in | app=s:\ftp_upload.exe |
"TCP Query User{EDDFAD7D-4ED8-4CF6-A337-C41A98F36E6E}D:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=d:\xampp\apache\bin\apache.exe |
"TCP Query User{EF6D0B02-3E68-4894-B6A4-AB11F21417E6}C:\program files\tools&more\ftp-watchdog\ftp-watchdog.exe" = protocol=6 | dir=in | app=c:\program files\tools&more\ftp-watchdog\ftp-watchdog.exe |
"TCP Query User{FBC27D9D-0715-4339-8608-3ABFE2C35733}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe |
"TCP Query User{FFEA5588-0E35-4091-AA72-D145DBC7C631}C:\program files\ea games\battlefield vietnam\bfvietnam.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield vietnam\bfvietnam.exe |
"UDP Query User{08F4FA9D-FCB7-4F53-B378-E65DE0967133}C:\program files\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe |
"UDP Query User{1313BE65-48DA-442F-A47A-6808D9E1E247}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe |
"UDP Query User{2468DAAD-DC98-4754-9515-8654EF29D6D3}C:\program files\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files\free download manager\fdm.exe |
"UDP Query User{26E54034-0A57-4380-B55D-7315AF3B1D69}C:\program files\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\program files\eclipse\eclipse.exe |
"UDP Query User{2DC9B90B-BC3C-4547-B543-08B78DA175C8}C:\users\***\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe |
"UDP Query User{3095CB1E-9456-4B4F-AC8F-69B3A00EB18C}C:\users\***\desktop\ftp\ftp_upload.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\ftp\ftp_upload.exe |
"UDP Query User{41297A98-EBC4-4D4B-A910-72C55BEB7861}D:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=d:\xampp\apache\bin\apache.exe |
"UDP Query User{42AB49C0-1487-4535-AFF0-93B78818AB10}C:\program files\ea games\battlefield vietnam\bfvietnam.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield vietnam\bfvietnam.exe |
"UDP Query User{43E90028-493F-46E9-9434-F57B5881719A}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{44F2B339-0837-43A6-87C4-C334D7B4E560}D:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=d:\xampp\mercurymail\mercury.exe |
"UDP Query User{4E7A0E5E-F8D8-45D0-A78F-37C1D883259E}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{539745CF-799A-4CE5-92ED-1D2848E985AB}S:\ftp_upload.exe" = protocol=17 | dir=in | app=s:\ftp_upload.exe |
"UDP Query User{55ED0E9B-B8E3-4D99-BD71-7324F7AF4106}C:\program files\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files\fritz!\frifax32.exe |
"UDP Query User{58AE65B8-BE52-4B94-98F9-27DFC5EB5C84}D:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=d:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{632A76DF-BAB3-40EB-9F8B-D11FDF75925E}C:\program files\roxio\media manager 9\mediamanager9.exe" = protocol=17 | dir=in | app=c:\program files\roxio\media manager 9\mediamanager9.exe |
"UDP Query User{6973628D-06F7-41B3-BEC1-788DC8ABCF37}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{69B0D8B3-AE59-4D42-9373-88228A550CFC}C:\program files\free download manager\fdmwi.exe" = protocol=17 | dir=in | app=c:\program files\free download manager\fdmwi.exe |
"UDP Query User{70B31052-81A2-4D97-A1DE-DC5CEB5107D7}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{73785514-9172-4413-A1F6-0A97ECF442EA}C:\users\***\desktop\ftp_upload.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\ftp_upload.exe |
"UDP Query User{782D8478-788B-4240-BC24-DD56678F5C4C}C:\program files\tools&more\ftp-watchdog\ftp-watchdog.exe" = protocol=17 | dir=in | app=c:\program files\tools&more\ftp-watchdog\ftp-watchdog.exe |
"UDP Query User{7BBB0B3C-F346-4878-AFBF-15793E69C9A0}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{84F0DA1C-1ED9-4645-9EB1-D11B84F5811C}C:\program files\eclipse_php\eclipse.exe" = protocol=17 | dir=in | app=c:\program files\eclipse_php\eclipse.exe |
"UDP Query User{9BF823E1-3DF6-418B-A285-ACF55F7251F7}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{A4113F3C-065A-4038-B3E8-52F8761DB70F}C:\program files\autoit3\autoit3.exe" = protocol=17 | dir=in | app=c:\program files\autoit3\autoit3.exe |
"UDP Query User{A82F46E7-061D-49F5-BD51-00E20748E9CC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{A994E470-B8EF-4427-AD88-B943AABAD702}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{AACC1587-FC6A-492C-9B79-379A7FD8A2D6}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe |
"UDP Query User{AD8CB5FD-2803-4B66-9CB7-A04F8E45C194}C:\users\***\appdata\local\temp\java_ee_sdk-5_01-windows.exe2\package\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\java_ee_sdk-5_01-windows.exe2\package\jre\bin\javaw.exe |
"UDP Query User{B3142362-6B49-4D27-979A-341FD9599BE2}D:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=d:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{B51EC2D4-E138-422C-B84F-497FC4C20474}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{B5BBF6D2-E581-4FCF-A9D5-C6153490352D}D:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=d:\xampp\mercurymail\mercury.exe |
"UDP Query User{B8FC186F-1038-4230-A588-2DAE6DFE3173}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{D5D802F1-24D5-4B85-B1DC-309357259B3B}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"UDP Query User{DB902A17-BFE0-43EC-91DA-51B769B8F24C}C:\program files\eclipse_php\eclipse.exe" = protocol=17 | dir=in | app=c:\program files\eclipse_php\eclipse.exe |
"UDP Query User{E9F6969C-C596-4956-A0B2-61AF1ABA0EB6}C:\program files\eclipse_java\eclipse.exe" = protocol=17 | dir=in | app=c:\program files\eclipse_java\eclipse.exe |
"UDP Query User{F842293A-406A-4FA9-BF52-8D72114DC6B0}C:\program files\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files\qip infium\infium.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{127B684B-A002-44C8-99A7-6CF8F1E26873}" = PunkBuster für Battlefield 1942
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}" = Microsoft SQL Server Compact 3.5 DEU
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{217B8A26-B479-4361-8771-57E323D6F991}" = EtikettenAssistent 4.0
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 15
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War
"{3248F0A8-6813-11D6-A77B-00B0D0150210}" = J2SE Runtime Environment 5.0 Update 21
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{32A3A4F4-B792-11D6-A78A-00B0D0150210}" = J2SE Development Kit 5.0 Update 21
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52C97E71-DC72-4BFC-8F27-3DD60228FBAF}" = FTP-Watchdog
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{602A58C3-BDF2-4B8A-B9D3-B6D9BACA386A}" = Dir-It!
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B077B8C-5942-4341-0001-3BCE3C625DB1}" = Webclip zu mp3 Konverter
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}" = Symantec AntiVirus
"{7FC5ACB7-6DA1-4774-0001-2A11ECEB8D31}" = i-Studio 4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8944ED10-DBF2-4FA9-8B5D-D7E1B046C761}_is1" = ColdCut
"{89F1F5CF-144F-466B-A939-1675B0022ADE}" = Pacemaker Editor
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{A625D45F-1DC4-47FB-ABCF-6B27684AA717}" = OpenOffice.org 2.3
"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A99968BE-C155-474C-0089-33239DEE1CE2}" = NFS Underground
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEM384L1-28E3-1232-1233-1JD74JDIEK32}_is1" = PDFTigerDriver
"{AFDFC350-C142-4790-BE12-8357AECD028F}" = SyncToy 2.0 (x86)
"{B01CB0F0-63C0-431D-9497-87B9B4131E9D}" = Ski Racing 2006 Demo
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1AD83A0-DC92-41E3-B111-E9472349768C}" = RollerCoaster Tycoon 2: Wacky Worlds
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D9226EB1-C528-48AC-B423-BD9240E1F60B}" = Opera 9.62
"{DE252510-5687-4C60-A705-C43E19F12C9D}_is1" = PDFTiger Kernel
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}" = ANNO 1503
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2981339-823E-4C62-9C6F-6733BAEE9EF5}" = Paragon Festplatten Manager 2009 Kompakt
"{F989306B-9287-444F-AE73-E30C7E4AF0F5}" = Battlefield Vietnam: WW2 Mod
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Akamai" = Akamai NetSession Interface
"ATI Uninstaller" = ATI Uninstaller
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 5.0.0.609
"CCleaner" = CCleaner
"Clickster162" = Clickster
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DJ Music Mixer" = DJ Music Mixer
"FastStone Capture" = FastStone Capture 5.3
"ffdshow_is1" = ffdshow [rev 2946] [2009-05-15]
"FileZilla Client" = FileZilla Client 3.2.4.1
"Flight Simulator 8.0" = Microsoft Flight Simulator 2002
"Free Download Manager_is1" = Free Download Manager 3.0
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"HijackThis" = HijackThis 2.0.2
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"Island Wars_is1" = Island Wars v1.20
"Java Platform, Enterprise Edition 5 SDK" = Java Platform, Enterprise Edition 5 SDK
"KraMixer DJ Software_is1" = KraMixer DJ Software 1.0.3.3
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LogonStudio" = LogonStudio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mein Pferdehof_is1" = Mein Pferdehof 1.0
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mikogo" = Mikogo
"Mixxx" = Mixxx 1.7.2
"Mozilla ActiveX Control v1.7.7" = Mozilla ActiveX Control v1.7.7
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mp3tag" = Mp3tag v2.45a
"Need for Speed High Stakes" = Need for Speed
"PDFTiger_is1" = PDFTiger
"RollerCoaster Tycoon Setup" = Roll
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Vips_is1" = Vips 1.1
"VLC media player" = VLC media player 1.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = GIMP 2.6.8
"xampp" = XAMPP 1.6.8
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 09.07.2009 06:44:48 | Computer Name = Dreher01 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC MANIPULATIONSSCHUTZ WARNMELDUNG Ziel: C:\Program Files\Symantec
AntiVirus\Rtvscan.exe Ereignisinfo: Informationen festlegen Vorgang Durchgeführte
Aktion: Blockiert Angreifender Prozess: C:\Program Files\EA GAMES\Battlefield
2\BF2.exe (PID 5216) Zeit: Donnerstag, 9. Juli 2009 12:44:48
Error - 09.07.2009 06:44:49 | Computer Name = Dreher01 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC MANIPULATIONSSCHUTZ WARNMELDUNG Ziel: C:\Program Files\Common
Files\Symantec Shared\ccSvcHst.exe Ereignisinfo: Informationen festlegen Vorgang
Durchgeführte
Aktion: Blockiert Angreifender Prozess: C:\Program Files\EA GAMES\Battlefield
2\BF2.exe (PID 5216) Zeit: Donnerstag, 9. Juli 2009 12:44:49
Error - 09.07.2009 06:44:49 | Computer Name = Dreher01 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC MANIPULATIONSSCHUTZ WARNMELDUNG Ziel: C:\Program Files\Symantec
AntiVirus\DefWatch.exe Ereignisinfo: Informationen festlegen Vorgang Durchgeführte
Aktion: Blockiert Angreifender Prozess: C:\Program Files\EA GAMES\Battlefield
2\BF2.exe (PID 5216) Zeit: Donnerstag, 9. Juli 2009 12:44:49
Error - 09.07.2009 06:44:49 | Computer Name = Dreher01 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC MANIPULATIONSSCHUTZ WARNMELDUNG Ziel: C:\Program Files\Symantec
AntiVirus\Rtvscan.exe Ereignisinfo: Informationen festlegen Vorgang Durchgeführte
Aktion: Blockiert Angreifender Prozess: C:\Program Files\EA GAMES\Battlefield
2\BF2.exe (PID 5216) Zeit: Donnerstag, 9. Juli 2009 12:44:49
Error - 09.07.2009 06:44:49 | Computer Name = Dreher01 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC MANIPULATIONSSCHUTZ WARNMELDUNG Ziel: C:\Program Files\Common
Files\Symantec Shared\ccSvcHst.exe Ereignisinfo: Informationen festlegen Vorgang
Durchgeführte
Aktion: Blockiert Angreifender Prozess: C:\Program Files\EA GAMES\Battlefield
2\BF2.exe (PID 5216) Zeit: Donnerstag, 9. Juli 2009 12:44:49
Error - 09.07.2009 06:44:49 | Computer Name = Dreher01 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC MANIPULATIONSSCHUTZ WARNMELDUNG Ziel: C:\Program Files\Symantec
AntiVirus\DefWatch.exe Ereignisinfo: Informationen festlegen Vorgang Durchgeführte
Aktion: Blockiert Angreifender Prozess: C:\Program Files\EA GAMES\Battlefield
2\BF2.exe (PID 5216) Zeit: Donnerstag, 9. Juli 2009 12:44:49
Error - 09.07.2009 06:44:49 | Computer Name = Dreher01 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC MANIPULATIONSSCHUTZ WARNMELDUNG Ziel: C:\Program Files\Symantec
AntiVirus\Rtvscan.exe Ereignisinfo: Informationen festlegen Vorgang Durchgeführte
Aktion: Blockiert Angreifender Prozess: C:\Program Files\EA GAMES\Battlefield
2\BF2.exe (PID 5216) Zeit: Donnerstag, 9. Juli 2009 12:44:49
Error - 09.07.2009 06:44:50 | Computer Name = Dreher01 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC MANIPULATIONSSCHUTZ WARNMELDUNG Ziel: C:\Program Files\Common
Files\Symantec Shared\ccSvcHst.exe Ereignisinfo: Informationen festlegen Vorgang
Durchgeführte
Aktion: Blockiert Angreifender Prozess: C:\Program Files\EA GAMES\Battlefield
2\BF2.exe (PID 5216) Zeit: Donnerstag, 9. Juli 2009 12:44:50
Error - 09.07.2009 06:44:50 | Computer Name = Dreher01 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC MANIPULATIONSSCHUTZ WARNMELDUNG Ziel: C:\Program Files\Symantec
AntiVirus\DefWatch.exe Ereignisinfo: Informationen festlegen Vorgang Durchgeführte
Aktion: Blockiert Angreifender Prozess: C:\Program Files\EA GAMES\Battlefield
2\BF2.exe (PID 5216) Zeit: Donnerstag, 9. Juli 2009 12:44:50
Error - 09.07.2009 06:44:50 | Computer Name = Dreher01 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC MANIPULATIONSSCHUTZ WARNMELDUNG Ziel: C:\Program Files\Symantec
AntiVirus\Rtvscan.exe Ereignisinfo: Informationen festlegen Vorgang Durchgeführte
Aktion: Blockiert Angreifender Prozess: C:\Program Files\EA GAMES\Battlefield
2\BF2.exe (PID 5216) Zeit: Donnerstag, 9. Juli 2009 12:44:50
[ System Events ]
Error - 13.04.2010 15:48:29 | Computer Name = DavidsPC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "ACER" aus.
Error - 13.04.2010 15:48:29 | Computer Name = DavidsPC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "ACER" aus.
Error - 13.04.2010 15:48:29 | Computer Name = DavidsPC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "ACER" aus.
Error - 13.04.2010 15:48:29 | Computer Name = DavidsPC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "ACER" aus.
Error - 13.04.2010 15:48:29 | Computer Name = DavidsPC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "C:" aus.
Error - 13.04.2010 15:48:29 | Computer Name = DavidsPC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "C:" aus.
Error - 13.04.2010 15:48:29 | Computer Name = DavidsPC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "ACER" aus.
Error - 13.04.2010 23:25:58 | Computer Name = DavidsPC | Source = Service Control Manager | ID = 7011
Description =
Error - 13.04.2010 23:25:57 | Computer Name = DavidsPC | Source = BTHUSB | ID = 327685
Description = Der Bluetooth-Treiber hat ein HCI-Ereignis mit einer bestimmten Größe
erwartet, das aber nicht empfangen wurde.
Error - 14.04.2010 07:47:24 | Computer Name = DavidsPC | Source = BTHUSB | ID = 327685
Description = Der Bluetooth-Treiber hat ein HCI-Ereignis mit einer bestimmten Größe
erwartet, das aber nicht empfangen wurde.
[ TuneUp Events ]
Error - 12.04.2010 00:18:03 | Computer Name = DavidsPC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-12 06:18:03', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\test123.exe','4836',0)
Error - 12.04.2010 09:56:58 | Computer Name = DavidsPC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-12 15:56:58', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\test123.exe','2776',0)
Error - 12.04.2010 11:46:40 | Computer Name = DavidsPC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-12 17:46:40', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\test123.exe','4316',0)
Error - 12.04.2010 11:51:16 | Computer Name = DavidsPC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-12 17:51:16', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\test123.exe','1328',0)
Error - 12.04.2010 12:37:28 | Computer Name = DavidsPC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-12 18:37:28', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\test123.exe','4580',0)
Error - 12.04.2010 12:37:33 | Computer Name = DavidsPC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-12 18:37:33', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\test123.exe','5656',0)
Error - 12.04.2010 12:39:03 | Computer Name = DavidsPC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-12 18:39:03', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\test123.exe','4456',0)
Error - 13.04.2010 07:19:11 | Computer Name = DavidsPC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-13 13:19:11', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\test123.exe','5608',0)
Error - 13.04.2010 14:57:34 | Computer Name = DavidsPC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-13 20:57:34', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\test123.exe','2360',0)
Error - 13.04.2010 23:26:10 | Computer Name = DavidsPC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-14 05:26:10', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\test123.exe','2360',1)
< End of report >
Geändert von dredav (14.04.2010 um 16:12 Uhr) |
|
14.04.2010, 15:38
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Angefangen hat es mit Antimalware Doctor... Ja bitte alles entfernen!! Mach danach bitte nen Durchgang mit CF: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.04.2010, 16:13
| #5 |
| | Angefangen hat es mit Antimalware Doctor... OTL.txt Code:
ATTFilter OTL logfile created on: 14.04.2010 16:37:04 - Run 1 OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free 3,00 Gb Paging File | 2,00 Gb Available in Paging File | 51,00% Paging File free Paging file location(s): [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 229,81 Gb Total Space | 6,71 Gb Free Space | 2,92% Space Free | Partition Type: NTFS Drive D: | 229,11 Gb Total Space | 119,09 Gb Free Space | 51,98% Space Free | Partition Type: NTFS Drive E: | 3,92 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 698,63 Gb Total Space | 77,17 Gb Free Space | 11,05% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DAVIDSPC Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\test123.exe (Malwarebytes Corporation) PRC - C:\Programme\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Windows\System32\msfeedssync.exe (Microsoft Corporation) PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\QIP Infium\infium.exe (QIP) PRC - C:\Programme\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) PRC - d:\xampp\mysql\bin\mysqld-nt.exe () PRC - D:\xampp\apache\bin\apache.exe (Apache Software Foundation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Programme\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation) PRC - C:\Programme\Symantec AntiVirus\DefWatch.exe (Symantec Corporation) PRC - C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) PRC - C:\Programme\Weaverslave\weaversl.exe (subjective reality) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (RoxLiveShare9) -- File not found SRV - (Akamai) -- c:\Programme\Common Files\Akamai\rswin_3653.dll () SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software) SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (B-Service) -- C:\Users\***\AppData\Roaming\Mikogo\B-Service.exe () SRV - (mysql) -- d:\xampp\mysql\bin\mysqld-nt.exe () SRV - (Apache2.2) -- D:\xampp\apache\bin\apache.exe (Apache Software Foundation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec) SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation) SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation) SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) ========== Driver Services (SafeList) ========== DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100408.002\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100408.002\NAVENG.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\vboxnetadp.sys (Sun Microsystems, Inc.) DRV - (VBoxUSB) -- C:\Windows\System32\drivers\vboxusb.sys (Sun Microsystems, Inc.) DRV - (avmaura) -- C:\Windows\System32\drivers\avmaura.sys (AVM Berlin) DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon) DRV - (hotcore3) -- C:\Windows\system32\DRIVERS\hotcore3.sys (Paragon Software Group) DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (dsltestSp5) -- C:\Windows\System32\drivers\dsltestsp5.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (DslMNLwf) -- C:\Windows\System32\drivers\dslmnlwf.sys (T-Systems Enterprise Services GmbH) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s115mgmt.sys (MCCI Corporation) DRV - (s115obex) -- C:\Windows\System32\drivers\s115obex.sys (MCCI Corporation) DRV - (s115mdm) -- C:\Windows\System32\drivers\s115mdm.sys (MCCI Corporation) DRV - (s115mdfl) -- C:\Windows\System32\drivers\s115mdfl.sys (MCCI Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\e1g60i32.sys (Intel Corporation) DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (SPBBCDrv) -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (RTLWUSB) -- C:\Windows\System32\drivers\wg111v2.sys (NETGEAR Inc.) DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\Windows\System32\drivers\k750bus.sys (MCCI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://de.intl.acer.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = h**p://de.rd.yahoo.com/customize/ycomp/defaults/sp/*h**p://de.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = h**p://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "h**p://www.google.de/search?hl=de&btnG=Suche&meta=&q=" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "h**p://www.christus-portal.net/" FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.6.2 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.3 FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}:5.0.21 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.2 FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.2 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.8 FF - prefs.js..keyword.URL: "h**p://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.03 00:28:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.03 00:28:04 | 000,000,000 | ---D | M] [2009.11.23 23:07:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2009.11.23 23:07:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org [2010.04.13 16:49:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions [2010.03.17 06:25:16 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2009.09.03 18:37:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.03.26 19:14:45 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2010.02.22 20:09:01 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010.01.19 06:39:32 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} [2010.03.31 05:27:33 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2010.02.19 11:15:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions\de-DE@dictionaries.addons.mozilla.org [2010.03.29 19:10:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions\twitternotifier@naan.net [2010.04.11 21:03:22 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.09.24 20:55:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} [2008.06.18 15:11:35 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\inspector@mozilla.org [2010.03.14 20:22:17 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.14 20:22:17 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.14 20:22:17 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.14 20:22:18 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.14 20:22:18 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found. O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\test123.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (rootkit-scan)] C:\Program Files\Malwarebytes' Anti-Malware\test123.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RegistryMonitor1] C:\Windows\System32\qtplugin.exe () O4 - HKCU..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rkill.com () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm () O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {162247AF-26A7-44FC-A93A-69506EA244F3} https://maxdomeaccount.1und1.de/presentation/script/HWTest.CAB (HWTest.HWTestControl) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} h**p://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} h**p://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab (Java Plug-in 1.5.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} h**p://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found O20 - HKLM Winlogon: Shell - (bnis.mxo) - C:\Windows\System32\bnis.mxo () O20 - HKLM Winlogon: Shell - (yfklng) - File not found O20 - HKLM Winlogon: UserInit - (C:\Users\***\AppData\Roaming\sdra64.exe) - C:\Users\***\AppData\Roaming\sdra64.exe () O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.02.25 18:24:44 | 000,000,051 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{44462aac-3261-11dd-be1d-001c253200eb}\Shell\AutoRun\command - "" = J:\setupSNK.exe -- File not found O33 - MountPoints2\{896f6dc2-2250-11dd-8142-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{896f6dc2-2250-11dd-8142-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Install.exe -- [2004.10.21 19:38:02 | 000,126,976 | R--- | M] (Macrovision Corporation) O33 - MountPoints2\{bc3d89bc-6556-11dd-b14d-001c253200eb}\Shell - "" = AutoRun O33 - MountPoints2\{bc3d89bc-6556-11dd-b14d-001c253200eb}\Shell\AutoRun\command - "" = L:\autorun.exe -- File not found O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\setupSNK.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.04.13 15:57:05 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Roaming\lowsec [2010.04.13 13:18:11 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.04.12 18:15:12 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.04.12 18:15:11 | 000,000,000 | ---D | C] -- C:\rsit [2010.04.11 22:55:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.04.11 22:52:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.11 22:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.04.11 22:52:42 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.11 22:52:41 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.04.11 22:32:13 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\stu2.exe [2010.04.10 10:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion [2010.04.06 20:16:18 | 000,147,456 | ---- | C] (Bullzip) -- C:\Windows\System32\bzpdfc.dll [2010.04.06 20:16:15 | 000,187,392 | ---- | C] (BullZip) -- C:\Windows\System32\bzpdf.dll [2010.04.06 20:16:11 | 000,000,000 | ---D | C] -- C:\Programme\Bullzip [2010.04.06 19:59:05 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\HERMA [2010.04.06 19:59:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\HERMA [2010.04.06 19:56:09 | 000,000,000 | ---D | C] -- C:\Programme\HERMA [2010.04.06 19:56:09 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\HERMA [2010.04.06 19:53:18 | 000,000,000 | ---D | C] -- C:\HERMA [2010.04.05 19:23:25 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\TikGames [2010.03.22 13:35:49 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\monopoly [2010.03.17 14:12:59 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\DivX Movies [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.04.14 16:42:49 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{68DF07D3-E9A3-4CD2-BB5C-FD15BB6BA5B3}.job [2010.04.14 16:42:43 | 003,932,160 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.04.14 16:10:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.04.14 15:47:21 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.04.14 15:47:21 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.04.14 13:47:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.04.14 06:10:04 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ca5ac8caf1400.job [2010.04.13 20:24:25 | 001,427,404 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.04.13 20:24:25 | 000,621,704 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.04.13 20:24:25 | 000,589,884 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.04.13 20:24:25 | 000,123,654 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.04.13 20:24:25 | 000,101,896 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.04.13 13:18:49 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.04.13 06:06:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.04.13 06:05:34 | 3489,128,448 | -HS- | M] () -- C:\hiberfil.sys [2010.04.13 05:40:52 | 000,481,280 | ---- | M] () -- C:\Windows\System32\qtplugin.exe [2010.04.12 21:59:50 | 000,019,968 | ---- | M] () -- C:\Windows\System32\bnis.mxo [2010.04.12 21:39:07 | 002,467,747 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.04.12 21:29:18 | 000,008,192 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\AtiPcie.sys [2010.04.12 19:57:29 | 000,244,736 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.12 19:06:38 | 310,854,656 | ---- | M] () -- C:\Users\***\Desktop\backup.pst [2010.04.12 17:58:37 | 000,781,909 | ---- | M] () -- C:\Users\***\Desktop\RSIT.exe [2010.04.12 06:38:44 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.04.12 06:38:42 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.04.12 06:38:42 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.04.11 23:11:30 | 000,000,945 | ---- | M] () -- C:\Users\***\Desktop\test123 - Verknüpfung.lnk [2010.04.11 23:08:44 | 002,279,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.04.11 22:39:22 | 000,001,181 | ---- | M] () -- C:\ProgramData\_VOIDmfeklnmal.dll [2010.04.11 22:37:21 | 000,363,520 | ---- | M] () -- C:\Users\***\Desktop\rkill.com [2010.04.11 22:37:21 | 000,363,520 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rkill.com [2010.04.11 17:55:33 | 000,001,498 | ---- | M] () -- C:\Users\***\.recently-used.xbel [2010.04.10 20:46:25 | 000,089,176 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT [2010.04.10 10:05:07 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Desktop Manager.lnk [2010.04.10 07:34:48 | 000,000,256 | ---- | M] () -- C:\Windows\System32\pool.bin [2010.04.10 00:06:00 | 000,558,846 | ---- | M] () -- C:\Users\***\Desktop\IMG00271.jpg [2010.04.10 00:05:51 | 000,053,364 | ---- | M] () -- C:\Users\***\Desktop\IMG00269.jpg [2010.04.10 00:03:11 | 000,000,256 | ---- | M] () -- C:\Users\***\Documents\pool.bin [2010.04.09 23:33:42 | 004,357,332 | ---- | M] () -- C:\Users\***\Documents\LoaderBackup-(2010-04-09).ipd [2010.04.09 23:09:43 | 004,357,133 | ---- | M] () -- C:\Users\***\Documents\AutoBackup-(2010-04-09).ipd [2010.04.09 22:58:32 | 000,000,292 | ---- | M] () -- C:\Windows\win.ini [2010.04.07 15:11:29 | 000,190,464 | ---- | M] () -- C:\Users\***\Desktop\Bericht.doc [2010.04.06 22:42:55 | 000,008,785 | ---- | M] () -- C:\Users\***\Desktop\ZeitRechner.jar [2010.04.06 22:29:29 | 000,000,127 | ---- | M] () -- C:\Users\***\AppData\Roaming\Rest_Rechner.dat [2010.04.06 20:09:09 | 000,020,480 | ---- | M] () -- C:\Users\***\Documents\Alberts Hauslikör.doc [2010.04.06 20:09:09 | 000,000,300 | ---- | M] () -- C:\Users\***\Documents\Alberts Hauslikör.hea [2010.04.06 20:09:09 | 000,000,162 | -H-- | M] () -- C:\Users\***\Documents\~$berts Hauslikör.doc [2010.04.06 10:06:41 | 004,948,829 | ---- | M] () -- C:\Users\***\Desktop\Right Round.mp3 [2010.04.06 10:01:51 | 000,000,463 | ---- | M] () -- C:\Users\***\Desktop\Spielfilme.lnk [2010.04.06 10:01:37 | 000,000,447 | ---- | M] () -- C:\Users\***\Desktop\Serien.lnk [2010.04.03 10:57:16 | 000,138,384 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.04.03 10:56:53 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2010.04.02 20:54:23 | 000,012,582 | ---- | M] () -- C:\Users\***\Desktop\Rechnung_4951368774631300138423.pdf [2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.03.30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.03.29 19:46:00 | 001,113,692 | ---- | M] () -- C:\Users\***\Documents\englisch_zeiten.jpg [2010.03.29 19:46:00 | 000,128,673 | ---- | M] () -- C:\Users\***\Documents\johanna_passbild.jpg [2010.03.18 07:56:27 | 005,260,393 | ---- | M] () -- C:\Users\***\Desktop\Whatcha say.mp3 [2010.03.16 21:51:16 | 000,000,256 | ---- | M] () -- C:\Users\***\AppData\Roaming\Rest_Rechner_V1_2.ini [2010.03.16 21:51:06 | 000,018,672 | ---- | M] () -- C:\Users\***\Desktop\Rest_Rechner_V1.2.jar [2010.03.16 21:49:31 | 000,056,320 | ---- | M] () -- C:\Users\***\Documents\Kriegsverlauf.doc [2010.03.15 22:25:59 | 005,034,065 | ---- | M] () -- C:\Users\***\Documents\AutoBackup-(2010-03-15).ipd [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.04.13 05:41:21 | 000,481,280 | ---- | C] () -- C:\Windows\System32\qtplugin.exe [2010.04.12 22:00:22 | 000,019,968 | ---- | C] () -- C:\Windows\System32\bnis.mxo [2010.04.12 18:58:37 | 310,854,656 | ---- | C] () -- C:\Users\***\Desktop\backup.pst [2010.04.12 17:57:43 | 000,781,909 | ---- | C] () -- C:\Users\***\Desktop\RSIT.exe [2010.04.12 17:45:05 | 3489,128,448 | -HS- | C] () -- C:\hiberfil.sys [2010.04.12 05:45:08 | 000,363,520 | ---- | C] () -- C:\Users\***\Desktop\rkill.com [2010.04.11 23:11:30 | 000,000,945 | ---- | C] () -- C:\Users\***\Desktop\test123 - Verknüpfung.lnk [2010.04.11 23:10:09 | 000,363,520 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rkill.com [2010.04.11 22:39:22 | 000,001,181 | ---- | C] () -- C:\ProgramData\_VOIDmfeklnmal.dll [2010.04.11 17:55:33 | 000,001,498 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2010.04.10 10:05:07 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Desktop Manager.lnk [2010.04.10 00:03:11 | 000,000,256 | ---- | C] () -- C:\Users\***\Documents\pool.bin [2010.04.09 23:33:42 | 004,357,332 | ---- | C] () -- C:\Users\***\Documents\LoaderBackup-(2010-04-09).ipd [2010.04.09 23:31:08 | 000,053,364 | ---- | C] () -- C:\Users\***\Desktop\IMG00269.jpg [2010.04.09 23:28:08 | 000,558,846 | ---- | C] () -- C:\Users\***\Desktop\IMG00271.jpg [2010.04.09 23:09:42 | 004,357,133 | ---- | C] () -- C:\Users\***\Documents\AutoBackup-(2010-04-09).ipd [2010.04.07 15:11:29 | 000,190,464 | ---- | C] () -- C:\Users\***\Desktop\Bericht.doc [2010.04.06 22:42:54 | 000,008,785 | ---- | C] () -- C:\Users\***\Desktop\ZeitRechner.jar [2010.04.06 22:29:29 | 000,000,127 | ---- | C] () -- C:\Users\***\AppData\Roaming\Rest_Rechner.dat [2010.04.06 20:09:09 | 000,020,480 | ---- | C] () -- C:\Users\***\Documents\Alberts Hauslikör.doc [2010.04.06 20:09:09 | 000,000,162 | -H-- | C] () -- C:\Users\***\Documents\~$berts Hauslikör.doc [2010.04.06 20:09:08 | 000,000,300 | ---- | C] () -- C:\Users\***\Documents\Alberts Hauslikör.hea [2010.04.06 10:01:12 | 000,000,463 | ---- | C] () -- C:\Users\***\Desktop\Spielfilme.lnk [2010.04.06 10:01:12 | 000,000,447 | ---- | C] () -- C:\Users\***\Desktop\Serien.lnk [2010.04.05 00:37:17 | 004,948,829 | ---- | C] () -- C:\Users\***\Desktop\Right Round.mp3 [2010.04.02 20:54:23 | 000,012,582 | ---- | C] () -- C:\Users\***\Desktop\Rechnung_4951368774631300138423.pdf [2010.03.29 19:46:00 | 001,113,692 | ---- | C] () -- C:\Users\***\Documents\englisch_zeiten.jpg [2010.03.29 19:46:00 | 000,128,673 | ---- | C] () -- C:\Users\***\Documents\johanna_passbild.jpg [2010.03.16 21:51:16 | 000,000,256 | ---- | C] () -- C:\Users\***\AppData\Roaming\Rest_Rechner_V1_2.ini [2010.03.16 21:51:06 | 000,018,672 | ---- | C] () -- C:\Users\***\Desktop\Rest_Rechner_V1.2.jar [2010.03.16 21:06:51 | 000,056,320 | ---- | C] () -- C:\Users\***\Documents\Kriegsverlauf.doc [2010.03.16 07:29:14 | 005,260,393 | ---- | C] () -- C:\Users\***\Desktop\Whatcha say.mp3 [2010.03.15 22:25:59 | 005,034,065 | ---- | C] () -- C:\Users\***\Documents\AutoBackup-(2010-03-15).ipd [2010.02.21 20:29:36 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll [2010.02.19 09:41:02 | 000,207,360 | R--- | C] () -- C:\Users\***\AppData\Roaming\sdra64.exe [2010.02.19 09:40:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.02.16 15:13:55 | 000,102,462 | ---- | C] () -- C:\Windows\System32\DspFx.dll [2010.01.28 17:50:50 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.01.24 00:10:29 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll [2010.01.24 00:10:29 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll [2010.01.24 00:10:27 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2009.12.14 22:57:25 | 000,000,701 | ---- | C] () -- C:\Users\***\AppData\Roaming\init.dll [2009.12.14 22:57:18 | 000,000,701 | ---- | C] () -- C:\Users\***\AppData\Roaming\sound.dll [2009.12.13 22:41:20 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.12.13 08:17:28 | 000,000,534 | ---- | C] () -- C:\Users\***\AppData\Roaming\flashplayer.html [2009.12.11 07:34:59 | 000,116,736 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2009.12.11 07:34:40 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL [2009.11.21 08:43:35 | 000,000,311 | ---- | C] () -- C:\Users\***\.authorrc1 [2009.11.21 08:41:01 | 000,000,097 | ---- | C] () -- C:\Users\***\EditLiveForJava.ini [2009.09.29 21:32:40 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm [2009.09.24 20:40:34 | 000,000,112 | ---- | C] () -- C:\Users\***\.asadminpass [2009.09.24 20:40:25 | 000,000,773 | ---- | C] () -- C:\Users\***\.asadmintruststore [2009.08.31 14:03:42 | 000,262,144 | ---- | C] () -- C:\Windows\System32\EMRegSys.dll [2009.07.09 18:59:41 | 000,138,384 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.06.27 11:20:42 | 000,000,753 | ---- | C] () -- C:\Users\***\SciTE.session [2009.06.27 11:00:22 | 000,031,076 | ---- | C] () -- C:\Users\***\abbrev.properties [2008.11.11 22:56:34 | 000,018,944 | ---- | C] () -- C:\Windows\System32\wk32.dll [2008.11.11 22:56:34 | 000,003,584 | ---- | C] () -- C:\Windows\System32\ic32.dll [2008.10.22 06:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2008.09.16 02:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.09.16 02:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest [2008.09.16 02:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest [2008.09.16 02:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008.09.15 17:28:34 | 003,035,136 | ---- | C] () -- C:\Users\***\AppData\Local\filesync.metadata [2008.08.31 20:25:49 | 014,417,509 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2008.08.08 16:28:51 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.07.12 16:08:35 | 000,000,613 | -H-- | C] () -- C:\Users\***\AppData\Roaming\vispa.ini [2008.07.08 18:13:58 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.07.01 15:49:51 | 000,004,038 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2008.06.17 17:52:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.06.02 16:10:50 | 000,077,824 | ---- | C] () -- C:\Windows\System32\HPZIDS01.dll [2008.06.01 22:06:57 | 000,010,456 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2008.05.31 14:23:31 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.05.31 14:18:27 | 000,000,552 | ---- | C] () -- C:\Users\***\AppData\Local\d3d8caps.dat [2008.05.31 14:18:04 | 000,244,736 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.05.31 13:55:56 | 000,008,160 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2008.05.31 13:55:55 | 003,932,160 | -HS- | C] () -- C:\Users\***\NTUSER.DAT [2008.05.31 13:55:55 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2008.05.31 13:55:55 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2008.05.31 13:55:55 | 000,262,144 | -H-- | C] () -- C:\Users\***\ntuser.dat.LOG1 [2008.05.31 13:55:55 | 000,065,536 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2008.05.31 13:55:55 | 000,000,020 | -HS- | C] () -- C:\Users\***\ntuser.ini [2008.05.31 13:55:55 | 000,000,000 | -H-- | C] () -- C:\Users\***\ntuser.dat.LOG2 [2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007.05.07 10:41:16 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.05.07 09:22:38 | 000,000,834 | ---- | C] () -- C:\Windows\generic.ini [2007.05.07 09:22:38 | 000,000,123 | ---- | C] () -- C:\Windows\Alaunch.ini [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.02.23 18:37:18 | 000,047,104 | ---- | C] () -- C:\Windows\System32\dsfFLACEncoder.dll [2006.02.23 17:37:06 | 000,047,616 | ---- | C] () -- C:\Windows\System32\dsfVorbisDecoder.dll [2006.02.23 17:36:22 | 000,102,400 | ---- | C] () -- C:\Windows\System32\dsfOggDemux2.dll [2006.02.23 17:35:56 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dsfOGMDecoder.dll [2006.02.23 17:35:44 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dsfNativeFLACSource.dll [2006.02.23 17:35:40 | 000,049,664 | ---- | C] () -- C:\Windows\System32\dsfFLACDecoder.dll [2006.02.23 17:34:58 | 000,083,456 | ---- | C] () -- C:\Windows\System32\libFLAC++.dll [2006.02.23 17:34:56 | 000,106,496 | ---- | C] () -- C:\Windows\System32\libFishSound.dll [2006.02.23 17:34:38 | 000,029,696 | ---- | C] () -- C:\Windows\System32\libOOOggSeek.dll [2006.02.23 17:34:26 | 001,108,480 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2006.02.23 17:34:16 | 000,049,152 | ---- | C] () -- C:\Windows\System32\libOOogg.dll [2006.02.23 17:33:54 | 000,140,288 | ---- | C] () -- C:\Windows\System32\libFLAC.dll [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll < End of report > |
|
14.04.2010, 21:41
| #6 | |
| | Angefangen hat es mit Antimalware Doctor...Zitat:
Ich habe ComboFix ausgeführt und bin dann schnell runter gegangen, wo ich wieder da war hat grad mein PC neu gestartet. Unter C:\ComboFix.txt ist keine Datei zu finden. Im Arbeitsplatz wird in C:\ nur eine Datei Combofix angezeigt, welche keine txt Datei ist. Wenn ich diese Anklicke bin ich wieder im Arbeitsplatz... was mache ich falsch? man könnte auch in der cmd folgendes machen: copy c:\combofix c:\combofix.txt weiß aber nicht ob dass das richtige ist Geändert von dredav (14.04.2010 um 21:56 Uhr) |
|
15.04.2010, 09:43
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Angefangen hat es mit Antimalware Doctor... Probier den Durchgang mit CF erneut. Dann sehen wir weiter.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Angefangen hat es mit Antimalware Doctor... |
| .dll, anti-malware, antimalware, appdata, code, dateien, dll, explorer, explorer.exe, file, gen, local\temp, log file, malwarebytes, malwarebytes' anti-malware, microsoft, programme, rkill.com, roaming, rundll, services, start, start menu, system, system32, temp, this, viren, windows |
Linear-Darstellung
