Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Mehrere Trojaner gefunden! DWX.exe

Mehrere Trojaner gefunden! DWX.exe


Log-Analyse und Auswertung: Mehrere Trojaner gefunden! DWX.exe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 20.04.2010, 23:44   #1
mookz
 
Mehrere Trojaner gefunden! DWX.exe - Standard

Mehrere Trojaner gefunden! DWX.exe


Moin, Moin.

Beim Versuch vorhin einen guten Championsleague-Stream reinzubekommen, habe ich mir wohl einen oder mehrere Trojaner eingefangen. Es kamen nämlcih auf einmal 3 Pop-Ups von Anti-Vir, dass ein Trojaner entdeckt wurde. Ich habe denen dann gleich den Zugang verweigert und sie löschen lassen von AntiVir.

Ich habe dann nochmal mit AntVir gesucht und er hat nix gefunden. Malewarebytes dann aber doch...hier mal die Log´s. Hoffe ihr könnt mir helfen, ob das System wieder sauber ist.


Malewarebytes:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 4014

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

20.04.2010 23:15:52
mbam-log-2010-04-20 (23-15-52).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 113218
Laufzeit: 2 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Timo\downloads\Everest Poker.exe (PUP.Casino) -> Quarantined and deleted successfully.
C:\Users\Timo\AppData\Local\Temp\Dwx.exe (Trojan.FakeAlert) -> Delete on reboot.
Danach habe ich den Computer neugestartet.

Dann CCleaner laufen lassen.

Dann nochmal Malewarebytes laufen lassen und er hat nix gefunden.

Alt 20.04.2010, 23:49   #2
mookz
 
Mehrere Trojaner gefunden! DWX.exe - Standard

Mehrere Trojaner gefunden! DWX.exe


irgendwie kann ich die anderen Log´s (OTL, HijackThis) nicht posten:

Fatal error: Maximum execution time of 30 seconds exceeded in /www/htdocs/tbcom/includes/functions.php on line 1838

??
__________________
Alt 20.04.2010, 23:52   #3
mookz
 
Mehrere Trojaner gefunden! DWX.exe - Standard

Mehrere Trojaner gefunden! DWX.exe


HijackThis:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:50:43, on 20.04.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\FRITZ!DSL\StCenter.exe
C:\Program Files (x86)\NETGEAR\WG311v3\WG311v3.exe
C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe
C:\Program Files (x86)\Razer\Copperhead\razerofa.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [razer] "C:\Program Files (x86)\Razer\Copperhead\razerhid.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-1516239984-558275943-2870718706-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'postgres')
O4 - Startup: FRITZ!DSL Protect.lnk = C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe
O4 - Global Startup: FRITZ!DSL Startcenter.lnk = ?
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files (x86)\NETGEAR\WG311v3\WG311v3.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files (x86)\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O13 - Gopher Prefix: 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET-Zustandsdienst (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Update Service (gupdate1c9fb628c26ddf0) (gupdate1c9fb628c26ddf0) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9152 bytes
__________________
Alt 20.04.2010, 23:53   #4
mookz
 
Mehrere Trojaner gefunden! DWX.exe - Standard

Mehrere Trojaner gefunden! DWX.exe


Die OTL.txt kann ich hier nich posten^^ Deswegen im Anhang. Danke schonmal für die Hilfe!


OTL Extras:

Code:
ATTFilter
OTL Extras logfile created on: 20.04.2010 23:40:00 - Run 2
OTL by OldTimer - Version 3.2.1.3     Folder = C:\Users\Timo\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 137,41 Gb Free Space | 23,05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TIMO-PC
Current User Name: Timo
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = E9 3D 90 44 6B 27 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A154544-2264-40B2-B458-DDF32EA408E2}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2\wnt500x64\rpcsandrasrv.exe | 
"{A16D1E39-8221-4F9E-AF93-44580FB5CB5C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{AD2003DE-06F4-45A5-AA3E-E93F798C0B78}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0730B435-DCCF-4003-A219-F59DCC164A5D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{0FE0B353-F022-4CB6-A7E6-060DE70C7E85}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!dsl\fboxupd.exe | 
"{13AFAC5B-3A42-4EE2-A21E-780E23C9B30C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{2AD3FFDF-9F50-47F5-9CCB-03E912BADC04}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{2F432248-718D-480B-A781-EFC2E6C892C0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{336EA712-52A2-4A42-AB9D-F90A1AE7B6A3}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{37E8B3ED-7247-4C55-8CF3-2CE2EFE67808}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{3CE59FEF-37F3-4754-A0F2-60582D96BAD9}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{3EB2E8D7-F336-4A4E-823D-1B990725D388}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!dsl\fboxupd.exe | 
"{4CAF2D24-ADDF-4A43-87CB-8EF6EE9B6333}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2_dedicated.exe | 
"{5451349E-D0D8-4A6B-9C1B-5A6E0E737045}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{5A503D96-308E-4D72-B98C-2C40CDD40527}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{5E8A6735-8433-4801-A167-80A9C50FA684}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!dsl\webwaigd.exe | 
"{5F89C405-1C51-4648-8AA5-1EF3D6C7716A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{60BE014D-5A32-4A5B-8B22-7FE3CE0FD7CC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{79BAF0B4-4CD8-4484-9820-8DD98DC176CA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2.exe | 
"{7A57FEC9-8A01-4B1F-9E16-24DDEF7FE42A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2.exe | 
"{7AA447F5-311A-475B-8884-CA6CA8B47634}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{93433FDA-1699-4373-B970-44469D09EABD}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{93847DE9-12CB-476D-92D8-096D1C6B54BC}" = protocol=6 | dir=in | app=c:\users\timo\desktop\ogameautomizer_for_ogame0.85\ogameautomizer.exe | 
"{A1D723C9-A89D-4883-B1F1-C9313E3FFDCE}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!dsl\igdctrl.exe | 
"{A9436731-440B-4481-83A8-86C2D02990C3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{AD27772B-9940-4309-BD6C-E850F1DE8AC8}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{B7955AE9-98A5-428A-91CB-6C0FB36D39D6}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{B797D53B-DF65-47A8-BBEE-0557F0E60DEF}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2_dedicated.exe | 
"{BED022EA-88F5-4CD5-8333-63027002616D}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!dsl\igdctrl.exe | 
"{C18D9F46-E881-4A15-927B-61AB69A58E57}" = protocol=17 | dir=in | app=c:\users\timo\desktop\ogameautomizer_for_ogame0.85\ogameautomizer.exe | 
"{C3B6B4C6-CD26-454A-8FC3-414AD4659058}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe | 
"{C5858FAA-8538-4847-9495-087D925F3519}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{D369D315-6963-4B51-998D-4007261347A2}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{D7CE56F8-C1EB-4ADD-8F4E-ECB41053AAF1}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{D7D91061-DBF9-40EB-AA7C-3267191B14A4}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{E3A0A0F9-E7FB-437D-A31A-A4646242B0B9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{E476E957-594C-4A85-8D15-2EAC23492CC6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{E5D6618E-1ED3-4BCD-9AF1-6FEE38664664}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{F0B3E82C-B954-472D-9B7D-99B3F14A12F8}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!dsl\webwaigd.exe | 
"TCP Query User{026496CD-4041-4303-97B6-AFB434C48555}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{09285670-DB8D-4BAA-BB9B-453456EF1D3A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{0C4959ED-26A6-45CD-BC70-FF8DB0528F1D}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{0D176B62-0AE2-44AA-8C84-B8222288E570}C:\program files (x86)\cyanide\radsportmanager pro 2005-2006\cym2005.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\radsportmanager pro 2005-2006\cym2005.exe | 
"TCP Query User{396D98E3-B17F-4236-BBB1-376499BA4DB3}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"TCP Query User{552DDC08-C183-42D0-BBC1-A47D9FD5CE5D}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe | 
"TCP Query User{6874F8B2-AC1D-4E5A-B2C4-5FCCF50A4DA6}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{68B2D42F-1E01-44F3-B4E7-4C81E36FE3F1}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{69B22000-1112-4320-B714-20F177266AB4}C:\program files (x86)\cyanide\radsport manager pro 2006\pcm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\radsport manager pro 2006\pcm.exe | 
"TCP Query User{963F90DC-972A-4384-AFE2-FB9F130C2B91}C:\program files (x86)\steam\steamapps\mookzz\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mookzz\day of defeat source\hl2.exe | 
"TCP Query User{B08FFBDA-A08A-41D7-AF12-35804E3DE1C8}C:\program files (x86)\steam\steamapps\mookzz\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mookzz\counter-strike source\hl2.exe | 
"TCP Query User{BB002751-D8DE-4B79-B1B2-D6ED5F0228C9}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{C68ED575-47D1-4AEE-B777-2DC70143829B}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"TCP Query User{E26BBAD5-3088-4BBD-B5A2-3732BAA94A97}C:\program files (x86)\steam\steamapps\mookzz\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mookzz\half-life 2 deathmatch\hl2.exe | 
"TCP Query User{FE32E3CA-D32E-4E34-B3F8-19DF5329B544}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{0C438CCE-3E3A-479E-8F14-8D6F76A75837}C:\program files (x86)\cyanide\radsport manager pro 2006\pcm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\radsport manager pro 2006\pcm.exe | 
"UDP Query User{0C63C618-2720-4B6C-AC44-E6E7E15383FC}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{0F3DE6D8-B1EE-4087-92B2-B9262E9E1190}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe | 
"UDP Query User{1333F818-370E-438D-9409-6DB1602F8F2D}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"UDP Query User{2017B18F-B412-4C3F-9947-D1A7DD854A5E}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{26C33C24-9703-4B37-A325-71D57208445B}C:\program files (x86)\steam\steamapps\mookzz\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mookzz\half-life 2 deathmatch\hl2.exe | 
"UDP Query User{2F4919C5-36C0-473D-9B7F-B959F221938C}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"UDP Query User{3A444DD3-748E-4CC6-A8F1-8569318F887D}C:\program files (x86)\steam\steamapps\mookzz\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mookzz\counter-strike source\hl2.exe | 
"UDP Query User{486A6E35-A806-458C-BA14-A69CC1C20CAE}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{51745A01-3D05-4BB6-85E9-422C56EEE955}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{63130A6D-5B45-4555-9CDF-5F9389E58807}C:\program files (x86)\cyanide\radsportmanager pro 2005-2006\cym2005.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\radsportmanager pro 2005-2006\cym2005.exe | 
"UDP Query User{78A57794-8964-4662-81C1-BC16A205977A}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{A5543CD3-F1D8-43EB-9F32-540E96C1955B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{D0086A5B-B0EC-47FE-944C-E2CC58F596F2}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{DEEF0FFC-9357-4BC2-AE9E-F546AB5F0325}C:\program files (x86)\steam\steamapps\mookzz\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mookzz\day of defeat source\hl2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series" = Canon MP190 series MP Drivers
"{23170F69-40C1-2702-0457-000001000000}" = 7-Zip 4.57 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{850C7AF6-7376-464D-A69C-E8419EC7ACA7}" = Microsoft IntelliType Pro 7.0
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFA90C29-43CE-DA57-ADB1-66896590754B}" = ATI Catalyst Install Manager
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{DFA48C6E-A32B-4FC6-8170-4212DDCF7284}" = Microsoft LifeChat
"{FBBF8FCB-046D-7688-FB4A-53DD34BB7648}" = ccc-utility64
"CanonMyPrinter" = Canon My Printer
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{0AC49543-9CE2-4434-AD42-5AA6E2967FA5}" = Windows Live Toolbar
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{15B8C1EF-CA1B-1050-FDF6-92BFF1AB7C42}" = Catalyst Control Center Graphics Previews Common
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 16
"{27DC856A-0916-4988-8198-8714DDD3183D}" = AGEIA PhysX v7.05.17
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113 Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{567C9882-843D-4188-A181-00E2CC3E1031}" = LG Burning Tools
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A7248FE-53C6-6838-C092-6E5AE0C01169}" = Catalyst Control Center Graphics Previews Vista
"{5CDE2F17-B82C-F25A-EE97-A0F84B1B5B96}" = Catalyst Control Center HydraVision Full
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = pdf24
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{83C06969-09DE-5DEE-EC30-254168715100}" = Catalyst Control Center Graphics Full Existing
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{852BD922-520E-209D-0AEC-2A8886693B36}" = Catalyst Control Center Core Implementation
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A39CAD8-D852-E57C-C9EC-66B24A81EC8B}" = CCC Help English
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8F5E3B9E-ABBD-4B35-BB68-626CB9BE98D6}" = MySQL Server 5.1
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9749B943-7D5D-09E3-16EE-6F8BEC7A474F}" = Skins
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A1F9909D-B829-41E4-EDDA-6CD5A69AB706}" = Catalyst Control Center Graphics Light
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49C7C20-F82D-0185-47B4-8A8A38AEBD3E}" = ccc-core-static
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2AE1185-18AA-9DE2-6E09-29A91D5A8F17}" = Catalyst Control Center Graphics Full New
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D6D5CFB3-7095-4073-B6B7-B7E909838C57}" = Razer Copperhead
"{EFC97089-04D6-42CE-A707-A343B4A7D2CD}" = Ghost Recon Advanced Warfighter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F78AC3C0-578C-49AB-BD4E-3107A6036A13}" = Tom Clancy's Ghost Recon Advanced Warfighter® 2
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"bwin Poker_is1" = bwin Poker
"Canon MP190 series Benutzerregistrierung" = Canon MP190 series Benutzerregistrierung
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"DriverAgent.exe" = DriverAgent by TouchStone Software
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free Download Manager_is1" = Free Download Manager 3.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"FUSSBALL MANAGER 08" = FUSSBALL MANAGER 08
"GameCenter" = GameCenter
"HijackThis" = HijackThis 2.0.2
"Inkscape" = Inkscape 0.46
"InstallShield_{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"mIRC" = mIRC
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MP Navigator EX 1.2" = Canon MP Navigator EX 1.2
"mv61xxDriver" = marvell 61xx
"Nvu_is1" = Nvu 1.0
"PokerStars" = PokerStars
"PostgreSQL 8.4" = PostgreSQL 8.4
"Pro Cycling Manager" = Radsportmanager Pro 2005-2006
"Pro Cycling Manager 2" = Radsport Manager Pro 2006
"SopCast" = SopCast 3.0.3
"SpeedFan" = SpeedFan (remove only)
"SpeedSim" = SpeedSim
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.8a
"Windows Live Toolbar" = Windows Live Toolbar
"WinGimp-2.0_is1" = GIMP 2.6.7
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 21.09.2009 23:10:37 | Computer Name = Timo-PC | Source = Google Update | ID = 20
Description = 
 
Error - 22.09.2009 09:31:10 | Computer Name = Timo-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.09.2009 10:10:37 | Computer Name = Timo-PC | Source = Google Update | ID = 20
Description = 
 
Error - 22.09.2009 11:10:37 | Computer Name = Timo-PC | Source = Google Update | ID = 20
Description = 
 
Error - 22.09.2009 17:18:29 | Computer Name = Timo-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.09.2009 18:10:37 | Computer Name = Timo-PC | Source = Google Update | ID = 20
Description = 
 
Error - 22.09.2009 18:17:34 | Computer Name = Timo-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung hl2.exe, Version 0.0.0.0, Zeitstempel 0x4445c334,
 fehlerhaftes Modul filesystem_steam.dll_unloaded, Version 0.0.0.0, Zeitstempel 
0x47e2d72b, Ausnahmecode 0xc0000005, Fehleroffset 0x02d2553e,  Prozess-ID 0xec4, Anwendungsstartzeit
 01ca3bd1c202593e.
 
Error - 22.09.2009 19:14:56 | Computer Name = Timo-PC | Source = Google Update | ID = 20
Description = 
 
Error - 22.09.2009 20:41:48 | Computer Name = Timo-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.09.2009 21:10:37 | Computer Name = Timo-PC | Source = Google Update | ID = 20
Description = 
 
[ System Events ]
Error - 19.04.2010 12:04:21 | Computer Name = Timo-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description = 
 
Error - 20.04.2010 04:05:04 | Computer Name = Timo-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description = 
 
Error - 20.04.2010 04:05:04 | Computer Name = Timo-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description = 
 
Error - 20.04.2010 09:57:43 | Computer Name = Timo-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description = 
 
Error - 20.04.2010 09:57:43 | Computer Name = Timo-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description = 
 
Error - 20.04.2010 12:07:54 | Computer Name = Timo-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description = 
 
Error - 20.04.2010 12:07:54 | Computer Name = Timo-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description = 
 
Error - 20.04.2010 15:36:23 | Computer Name = Timo-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 20.04.2010 17:20:29 | Computer Name = Timo-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description = 
 
Error - 20.04.2010 17:20:29 | Computer Name = Timo-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description = 
 
 
< End of report >
Geändert von mookz (20.04.2010 um 23:59 Uhr)

Alt 22.04.2010, 10:42   #5
mookz
 
Mehrere Trojaner gefunden! DWX.exe - Standard

Mehrere Trojaner gefunden! DWX.exe


up

kann bitte einer helfen?


Alt 22.04.2010, 18:55   #6
Sion
 
Mehrere Trojaner gefunden! DWX.exe - Standard

Mehrere Trojaner gefunden! DWX.exe


Wenn man mehrmals in den eigenen Thread postet, wird man leicht übersehen.

Alle Progs mit Rechtsklick "Als Administrator ausführen" starten.

1. Hol dir Sophos Anti-Rootkit.
Hier ist die Anleitung dazu.
Log posten.

Macht der Rechner noch Probleme?

Alt 22.04.2010, 23:31   #7
mookz
 
Mehrere Trojaner gefunden! DWX.exe - Standard

Mehrere Trojaner gefunden! DWX.exe


ich musste ja mehrmals posten, da es nicht mehr reingepasst hat.


hier nochmal malewarebytes full-scan von heute:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 4018

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

22.04.2010 11:52:19
mbam-log-2010-04-22 (11-52-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 346588
Laufzeit: 1 Stunde(n), 9 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Timo\AppData\Local\Temp\Dww.exe (TrojanCodecPack) -> No action taken.
Sophos lasse ich gerade laufen. mfg

Alt 23.04.2010, 19:12   #8
mookz
 
Mehrere Trojaner gefunden! DWX.exe - Standard

Mehrere Trojaner gefunden! DWX.exe


Sophos hat nix gefunden. wie kann man denn sehen, ob das system wieder sauber ist? oder soll ich lieber vista neu draufspielen?

Alt 23.04.2010, 19:31   #9
Sion
 
Mehrere Trojaner gefunden! DWX.exe - Standard

Mehrere Trojaner gefunden! DWX.exe


Na, mit den Logs. Und die Logs sind eigentlich soweit sauber. Sophos war nur zur Absicherung. Macht der Rechner noch Probleme?

Alle Progs mit Rechtsklick "Als Administrator ausführen" starten.

1. Starte OTL.
Kopiere unten in das Skript-Feld rein:

Zitat:
:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - File not found


:Commands
[emptytemp]
Klicke auf Run Fix.
Neustart zulassen, wenn gefragt.
Poste das Fix Log. Zu finden unter c:\_OTL

2. http://www.trojaner-board.de/51871-a...tispyware.html
Log posten.

Alt 24.04.2010, 14:08   #10
mookz
 
Mehrere Trojaner gefunden! DWX.exe - Standard

Mehrere Trojaner gefunden! DWX.exe


Erstmal danke für deine Hilfe...

Also der PC macht eigentlich keine Probleme. Will nur sicher gehen, dass alles runter ist, wegen eBay, Onlinebanking usw.

OTL fix Log:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\GinaDLL:MrvGINA.dll deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Public
 
User: Timo
->Temp folder emptied: 10697502 bytes
->Temporary Internet Files folder emptied: 44184134 bytes
->Java cache emptied: 27178788 bytes
->FireFox cache emptied: 97347398 bytes
->Flash cache emptied: 6859 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 12288 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5000 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 5952489125 bytes
 
Total Files Cleaned = 5.848,00 mb
 
 
OTL by OldTimer - Version 3.2.1.3 log created on 04242010_115720

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\7303.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\AFD5.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...


SUPER-Anti-Spyware:

Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/24/2010 at 02:36 PM

Application Version : 4.35.1002

Core Rules Database Version : 4846
Trace Rules Database Version: 2658

Scan type       : Complete Scan
Total Scan Time : 02:26:40

Memory items scanned      : 536
Memory threats detected   : 0
Registry items scanned    : 6147
Registry threats detected : 0
File items scanned        : 249091
File threats detected     : 3

Adware.Tracking Cookie
	C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@adbrite[3].txt
	C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@atwola[1].txt
	C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@ar.atwola[1].txt

Alt 25.04.2010, 14:31   #11
Sion
 
Mehrere Trojaner gefunden! DWX.exe - Standard

Mehrere Trojaner gefunden! DWX.exe


Dann können wir aufräumen:

1. Starte OTL.
Klicke auf CleanUp.
OTL entfernt sich daraufhin selbst.

2. http://www.trojaner-board.de/51464-a...-ccleaner.html

3. Hol dir Secunia PSI und bringe damit deinen PC auf den neuesten Stand.

Fertig

Alt 25.04.2010, 22:37   #12
mookz
 
Mehrere Trojaner gefunden! DWX.exe - Standard

Mehrere Trojaner gefunden! DWX.exe


Alles klar. Habe alle 3 Punkte gemacht.

Du bist dir jetzt sicher, dass das System wieder sauber ist? Du benötigst keine Log´s mehr?

Wenn ja, dann danke ich dir vielmals für deine Hilfe!

Netten Abend noch.

Alt 26.04.2010, 12:40   #13
Sion
 
Mehrere Trojaner gefunden! DWX.exe - Standard

Mehrere Trojaner gefunden! DWX.exe


Tja, die Logs sehen sauber aus... Wenn du absolute Sicherheit haben willst, ist Neuaufsetzen angesagt.

Antwort

Themen zu Mehrere Trojaner gefunden! DWX.exe
anti-malware, antvir, appdata, auf einmal, ccleaner, code, computer, dateien, entdeck, explorer, gesucht, guten, handle, local\temp, löschen, malwarebytes, malwarebytes' anti-malware, mehrere trojaner, microsoft, pop-ups, pup.casino, rojaner gefunden, service, software, system, temp, trojan.agent, trojan.fakealert, trojaner, trojaner gefunden, version, zugang


« Internet Explorer öffnet sich von selbst | TR/Agent.qazy.1472 & TR/Trash.gen die Streitrosse des Teufels »


Ähnliche Themen: Mehrere Trojaner gefunden! DWX.exe


  1. Windows 7: Mehrere Trojaner gefunden
    Log-Analyse und Auswertung - 27.01.2015 (5)
  2. Mehrere Trojaner von Avira gefunden
    Log-Analyse und Auswertung - 10.04.2013 (7)
  3. Mehrere Trojaner gefunden was nun? + wgsdgsdgdsgsd.exe
    Log-Analyse und Auswertung - 29.01.2013 (2)
  4. Mehrere Trojaner durch Malwarebytes Anti Malware gefunden und ein Virus durch Avira gefunden (TR/Gendal.81920.6)
    Log-Analyse und Auswertung - 10.11.2012 (1)
  5. Mehrere Trojaner gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.08.2012 (12)
  6. Mehrere Trojaner gefunden von AntiVir
    Log-Analyse und Auswertung - 12.03.2012 (9)
  7. mehrere Trojaner gefunden durch Malwarebytes Antimalware
    Log-Analyse und Auswertung - 28.02.2012 (44)
  8. Mehrere Trojaner gefunden
    Log-Analyse und Auswertung - 29.12.2010 (14)
  9. Malewarebytes hat mehrere Trojaner gefunden
    Log-Analyse und Auswertung - 19.12.2010 (16)
  10. Mehrere Trojaner +koobface gefunden
    Plagegeister aller Art und deren Bekämpfung - 18.11.2010 (38)
  11. Malewarebytes hat mehrere Trojaner und HKeys gefunden
    Plagegeister aller Art und deren Bekämpfung - 26.10.2010 (10)
  12. Firewall deaktiviert. Mehrere Trojaner gefunden.
    Log-Analyse und Auswertung - 11.05.2010 (2)
  13. Urheberrecht-Verletzung - mehrere Trojaner gefunden
    Plagegeister aller Art und deren Bekämpfung - 30.04.2010 (26)
  14. Mehrere Trojaner gefunden
    Log-Analyse und Auswertung - 07.04.2010 (18)
  15. Mehrere Trojaner gefunden - Auswertung von hijackthis-log
    Log-Analyse und Auswertung - 22.02.2010 (11)
  16. Mehrere Trojaner bzw Viren gefunden ( u.a. TR/Downloader.Gen)
    Log-Analyse und Auswertung - 29.10.2008 (1)
  17. Mehrere Trojaner gefunden
    Log-Analyse und Auswertung - 14.01.2008 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Mehrere Trojaner gefunden! DWX.exe - Moin, Moin. Beim Versuch vorhin einen guten Championsleague-Stream reinzubekommen, habe ich mir wohl einen oder mehrere Trojaner eingefangen. Es kamen nämlcih auf einmal 3 Pop-Ups von Anti-Vir, dass ein Trojaner - Mehrere Trojaner gefunden! DWX.exe...
Archiv
Du betrachtest: Mehrere Trojaner gefunden! DWX.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131