|
Log-Analyse und Auswertung: Mehrere Trojaner gefunden! DWX.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
20.04.2010, 23:44 | #1 |
| Mehrere Trojaner gefunden! DWX.exe Moin, Moin. Beim Versuch vorhin einen guten Championsleague-Stream reinzubekommen, habe ich mir wohl einen oder mehrere Trojaner eingefangen. Es kamen nämlcih auf einmal 3 Pop-Ups von Anti-Vir, dass ein Trojaner entdeckt wurde. Ich habe denen dann gleich den Zugang verweigert und sie löschen lassen von AntiVir. Ich habe dann nochmal mit AntVir gesucht und er hat nix gefunden. Malewarebytes dann aber doch...hier mal die Log´s. Hoffe ihr könnt mir helfen, ob das System wieder sauber ist. Malewarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 4014 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 20.04.2010 23:15:52 mbam-log-2010-04-20 (23-15-52).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 113218 Laufzeit: 2 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 4 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Timo\downloads\Everest Poker.exe (PUP.Casino) -> Quarantined and deleted successfully. C:\Users\Timo\AppData\Local\Temp\Dwx.exe (Trojan.FakeAlert) -> Delete on reboot. Dann CCleaner laufen lassen. Dann nochmal Malewarebytes laufen lassen und er hat nix gefunden. |
20.04.2010, 23:49 | #2 |
| Mehrere Trojaner gefunden! DWX.exe irgendwie kann ich die anderen Log´s (OTL, HijackThis) nicht posten:
__________________Fatal error: Maximum execution time of 30 seconds exceeded in /www/htdocs/tbcom/includes/functions.php on line 1838 ?? |
20.04.2010, 23:52 | #3 |
| Mehrere Trojaner gefunden! DWX.exe HijackThis:
__________________Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:50:43, on 20.04.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Boot mode: Normal Running processes: C:\Program Files\ASUS\Six Engine\SixEngine.exe C:\Program Files (x86)\Razer\Copperhead\razerhid.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\FRITZ!DSL\StCenter.exe C:\Program Files (x86)\NETGEAR\WG311v3\WG311v3.exe C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe C:\Program Files (x86)\Razer\Copperhead\razerofa.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [razer] "C:\Program Files (x86)\Razer\Copperhead\razerhid.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-1516239984-558275943-2870718706-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'postgres') O4 - Startup: FRITZ!DSL Protect.lnk = C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe O4 - Global Startup: FRITZ!DSL Startcenter.lnk = ? O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files (x86)\NETGEAR\WG311v3\WG311v3.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files (x86)\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dlall.htm O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dllink.htm O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASP.NET-Zustandsdienst (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: Google Update Service (gupdate1c9fb628c26ddf0) (gupdate1c9fb628c26ddf0) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMSAccessU - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9152 bytes |
20.04.2010, 23:53 | #4 |
| Mehrere Trojaner gefunden! DWX.exe Die OTL.txt kann ich hier nich posten^^ Deswegen im Anhang. Danke schonmal für die Hilfe! OTL Extras: Code:
ATTFilter OTL Extras logfile created on: 20.04.2010 23:40:00 - Run 2 OTL by OldTimer - Version 3.2.1.3 Folder = C:\Users\Timo\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 72,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 596,17 Gb Total Space | 137,41 Gb Free Space | 23,05% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TIMO-PC Current User Name: Timo Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 90 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = E9 3D 90 44 6B 27 CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found "C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A154544-2264-40B2-B458-DDF32EA408E2}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2\wnt500x64\rpcsandrasrv.exe | "{A16D1E39-8221-4F9E-AF93-44580FB5CB5C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{AD2003DE-06F4-45A5-AA3E-E93F798C0B78}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0730B435-DCCF-4003-A219-F59DCC164A5D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | "{0FE0B353-F022-4CB6-A7E6-060DE70C7E85}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!dsl\fboxupd.exe | "{13AFAC5B-3A42-4EE2-A21E-780E23C9B30C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{2AD3FFDF-9F50-47F5-9CCB-03E912BADC04}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe | "{2F432248-718D-480B-A781-EFC2E6C892C0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe | "{336EA712-52A2-4A42-AB9D-F90A1AE7B6A3}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe | "{37E8B3ED-7247-4C55-8CF3-2CE2EFE67808}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{3CE59FEF-37F3-4754-A0F2-60582D96BAD9}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{3EB2E8D7-F336-4A4E-823D-1B990725D388}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!dsl\fboxupd.exe | "{4CAF2D24-ADDF-4A43-87CB-8EF6EE9B6333}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2_dedicated.exe | "{5451349E-D0D8-4A6B-9C1B-5A6E0E737045}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe | "{5A503D96-308E-4D72-B98C-2C40CDD40527}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | "{5E8A6735-8433-4801-A167-80A9C50FA684}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!dsl\webwaigd.exe | "{5F89C405-1C51-4648-8AA5-1EF3D6C7716A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{60BE014D-5A32-4A5B-8B22-7FE3CE0FD7CC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe | "{79BAF0B4-4CD8-4484-9820-8DD98DC176CA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2.exe | "{7A57FEC9-8A01-4B1F-9E16-24DDEF7FE42A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2.exe | "{7AA447F5-311A-475B-8884-CA6CA8B47634}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | "{93433FDA-1699-4373-B970-44469D09EABD}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | "{93847DE9-12CB-476D-92D8-096D1C6B54BC}" = protocol=6 | dir=in | app=c:\users\timo\desktop\ogameautomizer_for_ogame0.85\ogameautomizer.exe | "{A1D723C9-A89D-4883-B1F1-C9313E3FFDCE}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!dsl\igdctrl.exe | "{A9436731-440B-4481-83A8-86C2D02990C3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{AD27772B-9940-4309-BD6C-E850F1DE8AC8}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | "{B7955AE9-98A5-428A-91CB-6C0FB36D39D6}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | "{B797D53B-DF65-47A8-BBEE-0557F0E60DEF}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2_dedicated.exe | "{BED022EA-88F5-4CD5-8333-63027002616D}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!dsl\igdctrl.exe | "{C18D9F46-E881-4A15-927B-61AB69A58E57}" = protocol=17 | dir=in | app=c:\users\timo\desktop\ogameautomizer_for_ogame0.85\ogameautomizer.exe | "{C3B6B4C6-CD26-454A-8FC3-414AD4659058}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe | "{C5858FAA-8538-4847-9495-087D925F3519}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{D369D315-6963-4B51-998D-4007261347A2}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | "{D7CE56F8-C1EB-4ADD-8F4E-ECB41053AAF1}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | "{D7D91061-DBF9-40EB-AA7C-3267191B14A4}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | "{E3A0A0F9-E7FB-437D-A31A-A4646242B0B9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{E476E957-594C-4A85-8D15-2EAC23492CC6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe | "{E5D6618E-1ED3-4BCD-9AF1-6FEE38664664}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{F0B3E82C-B954-472D-9B7D-99B3F14A12F8}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!dsl\webwaigd.exe | "TCP Query User{026496CD-4041-4303-97B6-AFB434C48555}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{09285670-DB8D-4BAA-BB9B-453456EF1D3A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{0C4959ED-26A6-45CD-BC70-FF8DB0528F1D}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{0D176B62-0AE2-44AA-8C84-B8222288E570}C:\program files (x86)\cyanide\radsportmanager pro 2005-2006\cym2005.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\radsportmanager pro 2005-2006\cym2005.exe | "TCP Query User{396D98E3-B17F-4236-BBB1-376499BA4DB3}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | "TCP Query User{552DDC08-C183-42D0-BBC1-A47D9FD5CE5D}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe | "TCP Query User{6874F8B2-AC1D-4E5A-B2C4-5FCCF50A4DA6}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{68B2D42F-1E01-44F3-B4E7-4C81E36FE3F1}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | "TCP Query User{69B22000-1112-4320-B714-20F177266AB4}C:\program files (x86)\cyanide\radsport manager pro 2006\pcm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\radsport manager pro 2006\pcm.exe | "TCP Query User{963F90DC-972A-4384-AFE2-FB9F130C2B91}C:\program files (x86)\steam\steamapps\mookzz\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mookzz\day of defeat source\hl2.exe | "TCP Query User{B08FFBDA-A08A-41D7-AF12-35804E3DE1C8}C:\program files (x86)\steam\steamapps\mookzz\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mookzz\counter-strike source\hl2.exe | "TCP Query User{BB002751-D8DE-4B79-B1B2-D6ED5F0228C9}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{C68ED575-47D1-4AEE-B777-2DC70143829B}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | "TCP Query User{E26BBAD5-3088-4BBD-B5A2-3732BAA94A97}C:\program files (x86)\steam\steamapps\mookzz\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mookzz\half-life 2 deathmatch\hl2.exe | "TCP Query User{FE32E3CA-D32E-4E34-B3F8-19DF5329B544}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{0C438CCE-3E3A-479E-8F14-8D6F76A75837}C:\program files (x86)\cyanide\radsport manager pro 2006\pcm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\radsport manager pro 2006\pcm.exe | "UDP Query User{0C63C618-2720-4B6C-AC44-E6E7E15383FC}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{0F3DE6D8-B1EE-4087-92B2-B9262E9E1190}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe | "UDP Query User{1333F818-370E-438D-9409-6DB1602F8F2D}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | "UDP Query User{2017B18F-B412-4C3F-9947-D1A7DD854A5E}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{26C33C24-9703-4B37-A325-71D57208445B}C:\program files (x86)\steam\steamapps\mookzz\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mookzz\half-life 2 deathmatch\hl2.exe | "UDP Query User{2F4919C5-36C0-473D-9B7F-B959F221938C}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | "UDP Query User{3A444DD3-748E-4CC6-A8F1-8569318F887D}C:\program files (x86)\steam\steamapps\mookzz\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mookzz\counter-strike source\hl2.exe | "UDP Query User{486A6E35-A806-458C-BA14-A69CC1C20CAE}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | "UDP Query User{51745A01-3D05-4BB6-85E9-422C56EEE955}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{63130A6D-5B45-4555-9CDF-5F9389E58807}C:\program files (x86)\cyanide\radsportmanager pro 2005-2006\cym2005.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\radsportmanager pro 2005-2006\cym2005.exe | "UDP Query User{78A57794-8964-4662-81C1-BC16A205977A}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{A5543CD3-F1D8-43EB-9F32-540E96C1955B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{D0086A5B-B0EC-47FE-944C-E2CC58F596F2}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{DEEF0FFC-9357-4BC2-AE9E-F546AB5F0325}C:\program files (x86)\steam\steamapps\mookzz\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mookzz\day of defeat source\hl2.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series" = Canon MP190 series MP Drivers "{23170F69-40C1-2702-0457-000001000000}" = 7-Zip 4.57 (x64 edition) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{850C7AF6-7376-464D-A69C-E8419EC7ACA7}" = Microsoft IntelliType Pro 7.0 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CFA90C29-43CE-DA57-ADB1-66896590754B}" = ATI Catalyst Install Manager "{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour "{DFA48C6E-A32B-4FC6-8170-4212DDCF7284}" = Microsoft LifeChat "{FBBF8FCB-046D-7688-FB4A-53DD34BB7648}" = ccc-utility64 "CanonMyPrinter" = Canon My Printer "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R) "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable "{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar) "{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM) "{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0 "{0AC49543-9CE2-4434-AD42-5AA6E2967FA5}" = Windows Live Toolbar "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support "{15B8C1EF-CA1B-1050-FDF6-92BFF1AB7C42}" = Catalyst Control Center Graphics Previews Common "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar) "{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09 "{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 16 "{27DC856A-0916-4988-8198-8714DDD3183D}" = AGEIA PhysX v7.05.17 "{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar) "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113 Gigabit/Fast Ethernet Driver "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{567C9882-843D-4188-A181-00E2CC3E1031}" = LG Burning Tools "{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5A7248FE-53C6-6838-C092-6E5AE0C01169}" = Catalyst Control Center Graphics Previews Vista "{5CDE2F17-B82C-F25A-EE97-A0F84B1B5B96}" = Catalyst Control Center HydraVision Full "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter "{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar "{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = pdf24 "{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail "{83C06969-09DE-5DEE-EC30-254168715100}" = Catalyst Control Center Graphics Full Existing "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{852BD922-520E-209D-0AEC-2A8886693B36}" = Catalyst Control Center Core Implementation "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A39CAD8-D852-E57C-C9EC-66B24A81EC8B}" = CCC Help English "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed "{8F5E3B9E-ABBD-4B35-BB68-626CB9BE98D6}" = MySQL Server 5.1 "{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source "{9749B943-7D5D-09E3-16EE-6F8BEC7A474F}" = Skins "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE "{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie "{A1F9909D-B829-41E4-EDDA-6CD5A69AB706}" = Catalyst Control Center Graphics Light "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{A49C7C20-F82D-0185-47B4-8A8A38AEBD3E}" = ccc-core-static "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2AE1185-18AA-9DE2-6E09-29A91D5A8F17}" = Catalyst Control Center Graphics Full New "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker "{D6D5CFB3-7095-4073-B6B7-B7E909838C57}" = Razer Copperhead "{EFC97089-04D6-42CE-A707-A343B4A7D2CD}" = Ghost Recon Advanced Warfighter "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F78AC3C0-578C-49AB-BD4E-3107A6036A13}" = Tom Clancy's Ghost Recon Advanced Warfighter® 2 "AC3Filter" = AC3Filter (remove only) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AVMFBox" = AVM FRITZ!Box Dokumentation "AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss "bwin Poker_is1" = bwin Poker "Canon MP190 series Benutzerregistrierung" = Canon MP190 series Benutzerregistrierung "CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program "CanonSolutionMenu" = Canon Utilities Solution Menu "CCleaner" = CCleaner "DriverAgent.exe" = DriverAgent by TouchStone Software "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Free Download Manager_is1" = Free Download Manager 3.0 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "FUSSBALL MANAGER 08" = FUSSBALL MANAGER 08 "GameCenter" = GameCenter "HijackThis" = HijackThis 2.0.2 "Inkscape" = Inkscape 0.46 "InstallShield_{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "mIRC" = mIRC "MozBackup" = MozBackup 1.4.9 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "MP Navigator EX 1.2" = Canon MP Navigator EX 1.2 "mv61xxDriver" = marvell 61xx "Nvu_is1" = Nvu 1.0 "PokerStars" = PokerStars "PostgreSQL 8.4" = PostgreSQL 8.4 "Pro Cycling Manager" = Radsportmanager Pro 2005-2006 "Pro Cycling Manager 2" = Radsport Manager Pro 2006 "SopCast" = SopCast 3.0.3 "SpeedFan" = SpeedFan (remove only) "SpeedSim" = SpeedSim "Steam App 240" = Counter-Strike: Source "Steam App 300" = Day of Defeat: Source "Steam App 320" = Half-Life 2: Deathmatch "Steam App 340" = Half-Life 2: Lost Coast "SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009) "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 0.9.8a "Windows Live Toolbar" = Windows Live Toolbar "WinGimp-2.0_is1" = GIMP 2.6.7 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Yahoo! BrowserPlus" = Yahoo! BrowserPlus ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 21.09.2009 23:10:37 | Computer Name = Timo-PC | Source = Google Update | ID = 20 Description = Error - 22.09.2009 09:31:10 | Computer Name = Timo-PC | Source = WinMgmt | ID = 10 Description = Error - 22.09.2009 10:10:37 | Computer Name = Timo-PC | Source = Google Update | ID = 20 Description = Error - 22.09.2009 11:10:37 | Computer Name = Timo-PC | Source = Google Update | ID = 20 Description = Error - 22.09.2009 17:18:29 | Computer Name = Timo-PC | Source = WinMgmt | ID = 10 Description = Error - 22.09.2009 18:10:37 | Computer Name = Timo-PC | Source = Google Update | ID = 20 Description = Error - 22.09.2009 18:17:34 | Computer Name = Timo-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung hl2.exe, Version 0.0.0.0, Zeitstempel 0x4445c334, fehlerhaftes Modul filesystem_steam.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x47e2d72b, Ausnahmecode 0xc0000005, Fehleroffset 0x02d2553e, Prozess-ID 0xec4, Anwendungsstartzeit 01ca3bd1c202593e. Error - 22.09.2009 19:14:56 | Computer Name = Timo-PC | Source = Google Update | ID = 20 Description = Error - 22.09.2009 20:41:48 | Computer Name = Timo-PC | Source = WinMgmt | ID = 10 Description = Error - 22.09.2009 21:10:37 | Computer Name = Timo-PC | Source = Google Update | ID = 20 Description = [ System Events ] Error - 19.04.2010 12:04:21 | Computer Name = Timo-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2 Description = Error - 20.04.2010 04:05:04 | Computer Name = Timo-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2 Description = Error - 20.04.2010 04:05:04 | Computer Name = Timo-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2 Description = Error - 20.04.2010 09:57:43 | Computer Name = Timo-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2 Description = Error - 20.04.2010 09:57:43 | Computer Name = Timo-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2 Description = Error - 20.04.2010 12:07:54 | Computer Name = Timo-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2 Description = Error - 20.04.2010 12:07:54 | Computer Name = Timo-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2 Description = Error - 20.04.2010 15:36:23 | Computer Name = Timo-PC | Source = DCOM | ID = 10010 Description = Error - 20.04.2010 17:20:29 | Computer Name = Timo-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2 Description = Error - 20.04.2010 17:20:29 | Computer Name = Timo-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2 Description = < End of report > Geändert von mookz (20.04.2010 um 23:59 Uhr) |
22.04.2010, 10:42 | #5 |
| Mehrere Trojaner gefunden! DWX.exe up kann bitte einer helfen? |
22.04.2010, 18:55 | #6 |
| Mehrere Trojaner gefunden! DWX.exe Wenn man mehrmals in den eigenen Thread postet, wird man leicht übersehen. Alle Progs mit Rechtsklick "Als Administrator ausführen" starten. 1. Hol dir Sophos Anti-Rootkit. Hier ist die Anleitung dazu. Log posten. Macht der Rechner noch Probleme? |
22.04.2010, 23:31 | #7 |
| Mehrere Trojaner gefunden! DWX.exe ich musste ja mehrmals posten, da es nicht mehr reingepasst hat. hier nochmal malewarebytes full-scan von heute: Code:
ATTFilter Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 4018 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 22.04.2010 11:52:19 mbam-log-2010-04-22 (11-52-19).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 346588 Laufzeit: 1 Stunde(n), 9 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Timo\AppData\Local\Temp\Dww.exe (TrojanCodecPack) -> No action taken. |
23.04.2010, 19:12 | #8 |
| Mehrere Trojaner gefunden! DWX.exe Sophos hat nix gefunden. wie kann man denn sehen, ob das system wieder sauber ist? oder soll ich lieber vista neu draufspielen? |
23.04.2010, 19:31 | #9 | |
| Mehrere Trojaner gefunden! DWX.exe Na, mit den Logs. Und die Logs sind eigentlich soweit sauber. Sophos war nur zur Absicherung. Macht der Rechner noch Probleme? Alle Progs mit Rechtsklick "Als Administrator ausführen" starten. 1. Starte OTL. Kopiere unten in das Skript-Feld rein: Zitat:
Neustart zulassen, wenn gefragt. Poste das Fix Log. Zu finden unter c:\_OTL 2. http://www.trojaner-board.de/51871-a...tispyware.html Log posten. |
24.04.2010, 14:08 | #10 |
| Mehrere Trojaner gefunden! DWX.exe Erstmal danke für deine Hilfe... Also der PC macht eigentlich keine Probleme. Will nur sicher gehen, dass alles runter ist, wegen eBay, Onlinebanking usw. OTL fix Log: Code:
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\GinaDLL:MrvGINA.dll deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: postgres ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Public User: Timo ->Temp folder emptied: 10697502 bytes ->Temporary Internet Files folder emptied: 44184134 bytes ->Java cache emptied: 27178788 bytes ->FireFox cache emptied: 97347398 bytes ->Flash cache emptied: 6859 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 12288 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 5000 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 5952489125 bytes Total Files Cleaned = 5.848,00 mb OTL by OldTimer - Version 3.2.1.3 log created on 04242010_115720 Files\Folders moved on Reboot... File move failed. C:\Windows\SysNative\7303.tmp scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\AFD5.tmp scheduled to be moved on reboot. Registry entries deleted on Reboot... SUPER-Anti-Spyware: Code:
ATTFilter SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 04/24/2010 at 02:36 PM Application Version : 4.35.1002 Core Rules Database Version : 4846 Trace Rules Database Version: 2658 Scan type : Complete Scan Total Scan Time : 02:26:40 Memory items scanned : 536 Memory threats detected : 0 Registry items scanned : 6147 Registry threats detected : 0 File items scanned : 249091 File threats detected : 3 Adware.Tracking Cookie C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@adbrite[3].txt C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@atwola[1].txt C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@ar.atwola[1].txt |
25.04.2010, 14:31 | #11 |
| Mehrere Trojaner gefunden! DWX.exe Dann können wir aufräumen: 1. Starte OTL. Klicke auf CleanUp. OTL entfernt sich daraufhin selbst. 2. http://www.trojaner-board.de/51464-a...-ccleaner.html 3. Hol dir Secunia PSI und bringe damit deinen PC auf den neuesten Stand. Fertig |
25.04.2010, 22:37 | #12 |
| Mehrere Trojaner gefunden! DWX.exe Alles klar. Habe alle 3 Punkte gemacht. Du bist dir jetzt sicher, dass das System wieder sauber ist? Du benötigst keine Log´s mehr? Wenn ja, dann danke ich dir vielmals für deine Hilfe! Netten Abend noch. |
26.04.2010, 12:40 | #13 |
| Mehrere Trojaner gefunden! DWX.exe Tja, die Logs sehen sauber aus... Wenn du absolute Sicherheit haben willst, ist Neuaufsetzen angesagt. |
Themen zu Mehrere Trojaner gefunden! DWX.exe |
anti-malware, antvir, appdata, auf einmal, ccleaner, code, computer, dateien, entdeck, explorer, gesucht, guten, handle, local\temp, löschen, malwarebytes, malwarebytes' anti-malware, mehrere trojaner, microsoft, pop-ups, pup.casino, rojaner gefunden, service, software, system, temp, trojan.agent, trojan.fakealert, trojaner, trojaner gefunden, version, zugang |