Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: mehrere div. Trojaner auf´m PC

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.04.2010, 15:29   #1
micha_patzi
 
mehrere div. Trojaner auf´m PC - Standard

mehrere div. Trojaner auf´m PC



Hallo,
und zwar habe ich folgendes problem.

Ich war im Internet, da hat AntiVir mit einmal angeschlagen und angezeigt, dass ein Trojaner gefunden wurde! Diesen habe ich erstmal in die Quarantäne verschoben, da kam auch schon die nächste Meldung!
Wiederum habe ich den Trojaner in die Quarantäne verschoben.
Daraufhin habe ich mein PC scannen lassen, dabei wurden insgesamt 8 Trojaner gefunden! Hier die Namen der Trojaner:

TR/BHO.afti (2x MAL)
TR/BHO.315392
TR/ATRAPS.Gen (2x MAL)
TR/Crypt.XPACK.Gen
TR/Dropper.Gen (2x MAL)


Ich habe zwar ein bissen Ahnung vom PC, jedoch überhaupt gar keine, was dieses Thema angeht!
Deshalb hoffe ich, dass mir hier einer helfen kann^^

Im Internet habe ich gelesen, dass man ComboFix anwenden soll.
Das habe ich getan, die LOG-Datei füge ich mit ein!



SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-421319290-3364149163-1093676711-500
c:\users\Dexter\AppData\Roaming\sdra64.exe

.
((((((((((((((((((((((( Dateien erstellt von 2010-03-28 bis 2010-04-29 ))))))))))))))))))))))))))))))
.

2010-04-28 19:25 . 2010-04-28 19:25 730624 ----a-w- c:\users\Dexter\AppData\Roaming\24A21D693AFB1E15E639837AD7C673A3\newupdate1142C.exe
2010-04-28 19:25 . 2010-04-28 19:25 -------- d-----w- c:\users\Dexter\AppData\Roaming\24A21D693AFB1E15E639837AD7C673A3
2010-04-28 19:25 . 2010-04-29 16:03 -------- d-sh--w- c:\users\Dexter\AppData\Roaming\lowsec
2010-04-25 14:32 . 2010-04-25 21:29 714106904 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ }\Manager_10_Update_4.exe
2010-04-22 19:35 . 2010-04-22 19:35 -------- d-----w- c:\program files\Veetle
2010-04-15 13:35 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 13:35 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 13:35 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 13:35 . 2010-02-18 14:49 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 13:35 . 2010-02-18 14:49 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 13:35 . 2010-03-04 18:54 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 13:33 . 2010-02-18 14:49 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-15 13:33 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-15 13:33 . 2010-02-18 11:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-13 17:11 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-04-13 17:11 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-06 13:32 . 2010-04-13 19:04 -------- d-----w- c:\program files\Metin2

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-29 16:32 . 2006-11-02 15:33 664044 ----a-w- c:\windows\system32\perfh007.dat
2010-04-29 16:32 . 2006-11-02 15:33 142222 ----a-w- c:\windows\system32\perfc007.dat
2010-04-16 15:45 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-16 11:57 . 2007-10-11 22:32 -------- d-----w- c:\programdata\Microsoft Help
2010-04-12 17:24 . 2010-03-28 11:25 -------- d-----w- c:\users\Dexter\AppData\Roaming\OfferBox
2010-03-28 11:27 . 2010-03-28 11:27 -------- d-----w- c:\users\Dexter\AppData\Roaming\freeTVRadio
2010-03-28 11:26 . 2010-03-28 11:26 -------- d-----w- c:\program files\OfferBoxSearch
2010-03-28 11:26 . 2010-03-28 11:26 -------- d-----w- c:\program files\freeTVRadio
2010-03-28 07:58 . 2010-03-28 07:31 -------- d-----w- c:\program files\Common Files\PPLiveNetwork
2010-03-28 07:58 . 2010-03-28 07:31 -------- d-----w- c:\users\Dexter\AppData\Roaming\PPLive
2010-03-28 07:53 . 2010-03-28 07:31 -------- d-----w- c:\programdata\PPLive
2010-03-28 07:36 . 2010-03-28 07:31 -------- d-----w- c:\programdata\Jlcm
2010-03-28 07:31 . 2010-03-28 07:31 -------- d-----w- c:\program files\PPLive
2010-03-26 13:50 . 2010-03-05 20:37 443912 ----a-w- c:\users\Dexter\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-03-09 16:28 . 2010-03-31 15:54 833024 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:25 . 2010-03-31 15:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 14:01 . 2010-03-31 15:54 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-06 13:34 . 2010-03-06 13:34 -------- d-----w- c:\program files\Basement Softworks
2010-03-06 13:15 . 2010-03-06 13:15 118784 ----a-w- c:\users\Dexter\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-02-28 13:32 . 2007-11-19 17:48 84872 ----a-w- c:\users\Dexter\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-26 06:06 . 2010-02-26 06:06 2626360 ----a-w- c:\users\Dexter\AppData\Roaming\Mozilla\Firefox\Profiles\a2mwn945.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2010-02-24 08:16 . 2009-10-02 20:54 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 23:39 . 2010-03-14 19:32 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:37 . 2010-03-14 19:32 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:18 . 2010-03-14 19:32 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-20 18:11 . 2010-02-20 18:11 1233160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-02-20 18:01 . 2009-12-12 11:34 439816 ----a-w- c:\users\Dexter\AppData\Roaming\Real\Update\setup3.09\setup.exe
2010-02-12 10:48 . 2010-03-06 13:18 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-01 14:22 . 2010-02-01 14:22 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb4236.tmp.exe
2002-12-11 22:14 . 2002-12-11 22:14 13312 ----a-w- c:\program files\msdmo.dll
2007-11-28 19:28 . 2007-12-26 11:57 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-11-28 19:28 . 2007-12-26 11:57 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-11-28 19:28 . 2007-12-26 11:57 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-11-28 19:28 . 2007-12-26 11:57 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-11-28 19:28 . 2007-12-26 11:57 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-25 39408]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 153136]
"HostManager"="c:\program files\Common Files\AOL\1195497218\ee\AOLSoftware.exe" [2006-09-26 50736]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-04 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-14 185872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\users\Dexter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-07-14 721904]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 135664]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-05-11 329728]
S2 ACEDRV08;ACEDRV08;c:\windows\system32\drivers\ACEDRV08.sys [2007-12-14 108768]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-04-16 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-14 12:17]

2010-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 17:49]

2010-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 17:49]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 4.0\resources\de-DE\local\search.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Dexter\AppData\Roaming\Mozilla\Firefox\Profiles\a2mwn945.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "hxxp://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "hxxp://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "hxxp://sb.google.com/safebrowsing/report?");
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

URLSearchHooks-{1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-04-29 19:20
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.032"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ani"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.arw"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bay"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bmp"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bw"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cr2"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.crw"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cs1"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cur"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcr"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcx"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dib"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djv"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djvu"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dng"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.emf"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.eps"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.erf"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fff"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fpx"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.gif"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.hdr"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.icl"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.icn"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ico"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.iff"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ilbm"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.int"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.inta"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.iw4"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2c"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2k"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jfif"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jif"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jp2"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpc"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpe"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpeg"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpk"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpx"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.lbm"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mef"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mos"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mrw"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.nef"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.orf"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pbm"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcd"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pct"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcx"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pef"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pgm"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pic"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pict"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pix"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.png"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ppm"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psd"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psp"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pspimage"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raf"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ras"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raw"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgb"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgba"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rle"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rsb"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sgi"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sr2"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.srf"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tga"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.thm"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tif"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tiff"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ttc"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ttf"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10o"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10p"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10pf"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbm"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbmp"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wmf"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xbm"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xif"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xmp"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xpm"

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0b,0f,a7,09,76,24,b4,27,97,2a,ee,d5,31,72,1f,24,66,c9,5b,0c,1a,f0,fe,
88,71,4a,91,3b,7b,79,24,52,72,79,1d,51,37,2d,77,be,1a,90,24,76,fa,ca,34,76,\
"??"=hex:59,e5,97,70,47,08,a5,1e,f6,13,83,cc,52,0d,a6,6c

[HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\SecuROM\License information*]
"datasecu"=hex:56,a9,93,47,27,9a,6c,68,07,e8,47,8a,03,d0,c9,87,0d,40,07,23,b2,
fb,46,bc,be,83,8a,64,b6,43,4f,ad,d1,6f,8c,06,22,72,f9,ea,9e,5e,e5,82,09,60,\
"rkeysecu"=hex:a8,9b,1b,43,c5,81,f3,5d,d3,81,b6,09,2d,99,3b,56

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-04-29 19:22:43
ComboFix-quarantined-files.txt 2010-04-29 17:22

Vor Suchlauf: 22 Verzeichnis(se), 42.438.647.808 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 43.631.890.432 Bytes frei

- - End Of File - - 4C885AE3A18A7E9BF5716A130F038952










Ich hoffe, ich habe alles nötige/brauchbare mit eingefügt!
Falls etwas fehlen sollte, bitte ich um Benachrichtigung, fehlende Information füge ich dann umgehend hinzu!!!

Danke im Voraus, micha_patzi

Alt 30.04.2010, 18:30   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
mehrere div. Trojaner auf´m PC - Standard

mehrere div. Trojaner auf´m PC



Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 01.05.2010, 14:50   #3
micha_patzi
 
mehrere div. Trojaner auf´m PC - Standard

mehrere div. Trojaner auf´m PC



So, ganz zum Anfang wollte ich mich erstmal recht herzlich bedanken für die schnelle Antwort und gleichzeitige Hilfe...
Ich finde es echt top, wenn sich Leute extra die Zeit nehmen, um anderen zu helfen!!!

Nun zum Thema^^
Vollscan mit Malwarebytes habe ich durchgeführt und Systemscan mit OTL ebenfalls.

Hier der LOG von Malwarebytes:



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4056

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

01.05.2010 15:32:18
mbam-log-2010-05-01 (15-32-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Durchsuchte Objekte: 431820
Laufzeit: 2 Stunde(n), 11 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Qoobox\Quarantine\C\Users\Dexter\AppData\Roaming\sdra64.exe.vir (Trojan.Downloader) -> No action taken.
C:\Users\Dexter\AppData\Roaming\24A21D693AFB1E15E639837AD7C673A3\newupdate1142C.exe (Malware.Packer.Gen) -> No action taken.
__________________

Alt 01.05.2010, 14:51   #4
micha_patzi
 
mehrere div. Trojaner auf´m PC - Standard

mehrere div. Trojaner auf´m PC



Hier die Extras-Datei von OTL:



OTL logfile created on: 01.05.2010 15:41:10 - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Users\Dexter\Desktop\troja dateien
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 39,38 Gb Free Space | 18,20% Space Free | Partition Type: NTFS
Drive D: | 107,22 Gb Total Space | 107,12 Gb Free Space | 99,90% Space Free | Partition Type: NTFS
Drive E: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEXTER-PC
Current User Name: Dexter
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Dexter\Desktop\troja dateien\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
PRC - C:\Program Files\Common Files\aol\1195497218\ee\aolsoftware.exe (America Online, Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Dexter\Desktop\troja dateien\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Symantec Core LC) -- File not found
SRV - (CLTNetCnService) -- File not found
SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)


========== Driver Services (SafeList) ==========

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ACEDRV08) -- C:\Windows\System32\drivers\ACEDRV08.sys (Protect Software GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology Corp.)
DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdcm) -- C:\Windows\System32\drivers\nmwcdcm.sys (Nokia)
DRV - (nmwcdcj) -- C:\Windows\System32\drivers\nmwcdcj.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\nmwcdc.sys (Nokia)
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmHidLo) -- C:\Windows\System32\drivers\WmHidLo.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.10.14 20:57:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008.10.14 20:57:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.01.19 15:01:16 | 000,000,000 | ---D | M]

[2010.04.28 21:18:52 | 000,000,000 | ---D | M] -- C:\Users\Dexter\AppData\Roaming\mozilla\Firefox\Profiles\a2mwn945.default\extensions
[2010.04.11 14:12:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dexter\AppData\Roaming\mozilla\Firefox\Profiles\a2mwn945.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008.02.13 13:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dexter\AppData\Roaming\mozilla\Firefox\Profiles\a2mwn945.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.04.11 14:12:51 | 000,000,000 | ---D | M] -- C:\Users\Dexter\AppData\Roaming\mozilla\Firefox\Profiles\a2mwn945.default\extensions\firefox@tvunetworks.com
[2010.04.11 14:22:52 | 000,000,950 | ---- | M] () -- C:\Users\Dexter\AppData\Roaming\Mozilla\FireFox\Profiles\a2mwn945.default\searchplugins\icqplugin.xml
[2010.01.19 15:01:17 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007.12.26 13:57:55 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2007.11.28 21:28:02 | 000,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2007.11.28 21:28:02 | 000,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2007.11.28 21:28:02 | 000,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2007.11.28 21:28:02 | 000,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2007.11.28 21:28:02 | 000,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2006.08.24 23:07:50 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2006.08.24 23:07:50 | 000,001,063 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2006.11.10 13:42:00 | 000,000,998 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2006.11.11 00:32:03 | 000,000,815 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1195497218\ee\AOLSoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Dexter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 4.0\resources\de-DE\local\search.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dexter\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dexter\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.10.05 22:42:59 | 000,000,000 | ---D | M] - E:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2009.10.05 22:42:59 | 004,731,224 | R--- | M] (Electronic Arts Inc.) - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2009.10.05 22:42:59 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{e7d331d6-96c4-11dc-98b6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e7d331d6-96c4-11dc-98b6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2009.10.05 22:42:59 | 004,731,224 | R--- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.05.01 11:48:35 | 000,000,000 | ---D | C] -- C:\Users\Dexter\AppData\Roaming\Malwarebytes
[2010.05.01 11:48:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.01 11:48:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.05.01 11:48:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.05.01 11:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.01 11:41:14 | 000,000,000 | ---D | C] -- C:\Users\Dexter\Desktop\troja dateien
[2010.04.29 19:22:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.04.29 19:22:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.04.29 19:22:44 | 000,000,000 | ---D | C] -- C:\Users\Dexter\AppData\Local\temp
[2010.04.29 18:27:43 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.04.29 18:27:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.04.29 18:27:43 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.04.29 18:27:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.04.29 18:24:55 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.04.29 18:20:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.04.29 18:20:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.04.28 21:25:39 | 000,000,000 | ---D | C] -- C:\Users\Dexter\AppData\Roaming\24A21D693AFB1E15E639837AD7C673A3
[2010.04.28 21:25:36 | 000,000,000 | -HSD | C] -- C:\Users\Dexter\AppData\Roaming\lowsec
[2010.04.28 17:15:42 | 000,000,000 | ---D | C] -- C:\Users\Dexter\Documents\FUSSBALL MANAGER 10 ONLINE
[2010.04.27 18:26:01 | 000,000,000 | ---D | C] -- C:\Users\Dexter\Desktop\Neuer Ordner
[2010.04.26 16:30:37 | 000,000,000 | ---D | C] -- C:\Users\Dexter\Desktop\Desktop_BilderRahmen
[2010.04.22 21:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
[2010.04.16 15:26:27 | 000,000,000 | ---D | C] -- C:\Users\Dexter\Desktop\metin musik
[2010.04.16 13:53:13 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010.04.15 15:35:54 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.15 15:35:54 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.15 15:35:48 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.15 15:35:13 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010.04.14 16:21:21 | 000,000,000 | ---D | C] -- C:\Users\Dexter\Desktop\liebling
[2010.04.06 15:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Metin2
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.01 15:40:34 | 005,242,880 | -HS- | M] () -- C:\Users\Dexter\NTUSER.DAT
[2010.05.01 15:40:19 | 001,541,530 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.05.01 15:40:19 | 000,664,044 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.05.01 15:40:19 | 000,625,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.01 15:40:19 | 000,142,222 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.05.01 15:40:19 | 000,116,946 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.05.01 15:35:42 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.01 15:35:33 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.01 15:35:33 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.01 15:35:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.01 15:35:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.01 15:34:29 | 000,524,288 | -HS- | M] () -- C:\Users\Dexter\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.05.01 15:34:29 | 000,065,536 | -HS- | M] () -- C:\Users\Dexter\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.05.01 15:34:22 | 002,571,769 | -H-- | M] () -- C:\Users\Dexter\AppData\Local\IconCache.db
[2010.05.01 15:05:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.30 23:19:19 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.04.29 19:20:51 | 000,000,248 | ---- | M] () -- C:\Windows\system.ini
[2010.04.29 18:27:16 | 000,323,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.04.29 18:16:50 | 003,923,816 | R--- | M] () -- C:\Users\Dexter\Desktop\ComboFix.exe
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.28 17:49:45 | 000,034,884 | ---- | M] () -- C:\Users\Dexter\Desktop\TUEV_2009_email-Beratung.jpg
[2010.04.27 18:43:19 | 000,130,171 | ---- | M] () -- C:\Users\Dexter\Documents\Uninstall.exe
[2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[2010.04.06 15:33:55 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Metin2.lnk
[2010.04.05 12:55:38 | 207,065,191 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.29 18:27:43 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.04.29 18:27:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.04.29 18:27:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.04.29 18:27:43 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.04.29 18:27:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.04.29 18:16:46 | 003,923,816 | R--- | C] () -- C:\Users\Dexter\Desktop\ComboFix.exe
[2010.04.28 20:38:56 | 000,013,654 | ---- | C] () -- C:\Users\Dexter\hs_err_pid3580.log
[2010.04.28 17:49:44 | 000,034,884 | ---- | C] () -- C:\Users\Dexter\Desktop\TUEV_2009_email-Beratung.jpg
[2010.04.26 16:28:22 | 000,130,171 | ---- | C] () -- C:\Users\Dexter\Documents\Uninstall.exe
[2010.04.06 15:33:55 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Metin2.lnk
[2010.04.05 12:55:17 | 207,065,191 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.02.04 21:51:32 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.11.16 19:10:58 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.10.25 18:27:39 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.07.04 18:58:18 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.07.04 18:58:16 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.07.17 23:15:05 | 000,233,472 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008.01.04 18:53:13 | 000,049,152 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2008.01.04 18:51:36 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.01.04 18:51:14 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.12.21 17:15:25 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2007.12.21 17:15:25 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2007.12.16 21:19:08 | 000,000,020 | ---- | C] () -- C:\Windows\SIERRA.INI
[2007.11.19 21:37:36 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2007.10.12 00:19:21 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.03.29 23:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2005.01.31 09:37:58 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2004.09.05 08:59:50 | 000,155,648 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2004.09.05 08:58:04 | 000,679,936 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2003.03.11 12:56:52 | 000,051,200 | ---- | C] () -- C:\Windows\System32\ThriXXX010205PNG.dll
[2003.03.11 12:56:36 | 000,023,040 | ---- | C] () -- C:\Windows\System32\ThriXXX010104Z.dll
[2003.03.11 12:56:24 | 000,056,832 | ---- | C] () -- C:\Windows\System32\ThriXXX015003JP2.dll
[2003.01.29 11:10:06 | 000,046,592 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2003.01.29 11:10:06 | 000,007,168 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2002.12.12 00:14:32 | 000,013,312 | ---- | C] () -- C:\Windows\msdmo.dll
[1999.01.27 14:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1997.06.13 08:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
< End of report >

Alt 01.05.2010, 14:54   #5
micha_patzi
 
mehrere div. Trojaner auf´m PC - Standard

mehrere div. Trojaner auf´m PC



Die Datei von eben war die OTL-Datei, sorry für die Verwechslung^^


Hier kommt jetzt die Extra-Datei^^:



OTL Extras logfile created on: 01.05.2010 15:41:10 - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Users\Dexter\Desktop\troja dateien
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 39,38 Gb Free Space | 18,20% Space Free | Partition Type: NTFS
Drive D: | 107,22 Gb Total Space | 107,12 Gb Free Space | 99,90% Space Free | Partition Type: NTFS
Drive E: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEXTER-PC
Current User Name: Dexter
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 10.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" "%1" (ACD Systems)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1EAB769A-CD64-4A29-9B6D-8352D15012D6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9A69333E-6C7E-427B-9B37-D660944A1EE7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{041EBA5F-5FDB-4280-867A-D9BBAA870EE2}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe |
"{0803E20E-DDBE-43E9-8B3C-32A12881E937}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\ppliveu.exe |
"{080BD0C9-97C4-48EF-B606-6B005C5D80E1}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\flvpick.exe |
"{0DFE73AC-2D9A-471E-AB8F-9464548D3E85}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppliveva_u.exe |
"{10F05E1D-EBD1-498F-9FF5-8802A7C9D36C}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\pplive.exe |
"{1E504FA1-B7CC-4889-BB8F-8F5FF2308902}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1E75F4EA-52DE-4A9B-807E-B2FDCD0B57D7}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\pplive.exe |
"{225505F9-7E6B-4A90-BE5B-D81F22B534AF}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{2525973E-04E0-446D-AD63-58D44EC88DA9}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{256661E5-8096-4506-A614-22F827F8D7EF}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{262265B2-4C13-44B3-8CF2-21E3D67BBCA1}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\crashreporter.exe |
"{2FCBE98E-DA14-4A98-A5DA-4B1B46A6B6E8}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{37185A16-EA94-430E-8552-ED69E518056C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{37A2542E-BBF2-46D7-847B-7D47158A8ABF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{3AD0C41D-1771-429C-B623-423C2CB0E7B6}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{50CDC46F-2887-4962-A993-61A58025D8FE}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{5476F573-6D2F-446F-B344-027C3042602E}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\downloadprogress.exe |
"{56AEDDA6-DE14-4BE9-9122-52821002DE18}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{58066D84-F9FF-4FF5-9CAD-567805194795}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1195497218\ee\aolsoftware.exe |
"{6358779B-37E5-4E12-9E2D-22FDB830B879}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{7349A012-F797-47D0-949A-9E442411E8E7}" = protocol=17 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
"{738397E1-6B8D-4568-9EF7-2A071ED517D3}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{75B3E28D-FB9F-4863-A1C7-5F51A7187A19}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\crashreporter.exe |
"{7795AE6C-ED90-44F6-869F-9107DB8BD91F}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{77BF0EB4-408F-44BF-9C47-275760F03C41}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{7C5C819A-4565-4712-8990-CBE6C650B1E9}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppliveva.exe |
"{7D960F33-AB6D-4D33-9DEB-9F47A4B1EC7B}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppvadownload.exe |
"{80553ACB-BC22-4D4D-9196-5C81284FF9CA}" = protocol=6 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
"{819488B4-D64E-4D88-85B9-A058395C2393}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{82752DFC-DCE8-4561-A30C-D3DCCA7A1DAB}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\downloadprogress.exe |
"{859405F5-B022-4D6E-B150-17233F392F55}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppliveva.exe |
"{8D0AB260-43D0-4265-8730-0A6399FB98A3}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{8D2BDC70-9F1F-4116-A15B-AB2D657A01A6}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{91EA4572-D4BF-45B6-BC9A-B0C116E5FE31}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe |
"{92682F24-62CF-4D3E-A938-89CB97139D2F}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppliveva_u.exe |
"{96EA4760-EC09-41A5-9AB3-4D18A2E897B3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{99447D8D-18C4-4BCA-9C90-8B0B5557DB91}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{A3750D55-310B-4DBE-A69D-A39AF56C736C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1195497218\ee\aolsoftware.exe |
"{ABCE3F8D-28C1-4300-ABC2-F49B423C9B9D}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{B391F27A-6DFE-43CA-AA19-C3672037B4DC}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppvadownload.exe |
"{B7A82702-FD92-4192-B832-E18089276873}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{B98F448A-E1BD-4D8B-971F-C2BD08C2DA3C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{BDF58042-4BD0-43CF-9E26-4ECDBEF2A875}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{BE4D95A7-6120-4079-9E6B-B2AB74E22D02}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{DF29CB3B-0B00-47E4-BA75-C69EE0352AAD}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\flvpick.exe |
"{E4B0D2DE-0323-4209-A1F1-EFA5840EAE32}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EC35CF91-4751-4CC3-ADB4-AA91A6C641ED}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{F1889AB1-3143-4FC9-B506-AFC5982E4E2A}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{F3764B0E-311C-42CE-9C9B-FB2DED02FEE9}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{FFF283CD-6CF1-49E1-A9A3-21FA73F97421}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\ppliveu.exe |
"TCP Query User{02EDB504-7464-4C8C-B473-20665960F70D}C:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=c:\program files\atari\test drive unlimited\testdriveunlimited.exe |
"TCP Query User{041C9115-D058-443A-B959-625C86DCA7E4}C:\program files\konami\pro evolution soccer 2009\pes2009.exe" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2009\pes2009.exe |
"TCP Query User{32A51FBF-EB07-4F71-AEDC-BAA33CA41D7C}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{42196FE3-6BA5-42D4-833A-5977DF69437C}C:\program files\red storm entertainment\ravenshield\system\ravenshield.exe" = protocol=6 | dir=in | app=c:\program files\red storm entertainment\ravenshield\system\ravenshield.exe |
"TCP Query User{46A3DEF9-CAAE-4819-8FBD-D0629BE8498E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{64BA855E-43F7-4BE9-B714-39E0E4B793EA}C:\program files\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2client.bin |
"TCP Query User{885B4530-81EF-4A64-B88E-95F68C20CE9C}C:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\rainbowsixvegas2_sads.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\rainbowsixvegas2_sads.exe |
"TCP Query User{91995FBE-2A09-40F6-9145-4EAE58558E21}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{9794782C-2267-4BD8-949B-698A07865227}C:\program files\atari\boiling point\xenus.exe" = protocol=6 | dir=in | app=c:\program files\atari\boiling point\xenus.exe |
"TCP Query User{9956EA98-4740-4E49-8B0B-B2EE66BF78DF}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{A163B1F1-E5E7-452A-BE19-CD86CA28C3F7}C:\program files\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"TCP Query User{AE031C8F-B7CD-4D67-9507-8ABCC8346A8A}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"TCP Query User{B743A817-D502-4ADE-A971-49E4B7F6620D}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"TCP Query User{B7B442BF-5578-4B2A-AB68-57074C6726B3}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"TCP Query User{BE13FE3B-6817-40FE-AE45-BCEB748C1A3C}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{C1D457F7-2228-4FCA-896D-354D29FC085E}C:\program files\konami\pro evolution soccer 6\pes6.exe" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 6\pes6.exe |
"TCP Query User{C999A688-B1CC-48E6-9866-923B8F0EF530}C:\users\dexter\desktop\pes2008.exe" = protocol=6 | dir=in | app=c:\users\dexter\desktop\pes2008.exe |
"TCP Query User{E1ECDBA2-B89D-4735-9932-A55F03C83FB6}C:\program files\sixteen tons entertainment\emergency4\em4.exe" = protocol=6 | dir=in | app=c:\program files\sixteen tons entertainment\emergency4\em4.exe |
"TCP Query User{F209A7F5-934A-4031-96CA-D10F9A4A79CA}C:\program files\ea sports\fussball manager 10\manager10.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fussball manager 10\manager10.exe |
"TCP Query User{F5209C99-BC34-432E-A968-C4F26792E0FB}C:\program files\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2.bin |
"TCP Query User{FC0E9926-2C02-4ADF-B411-3BC565302DA5}C:\program files\bfvcc server manager\bfvcc.exe" = protocol=6 | dir=in | app=c:\program files\bfvcc server manager\bfvcc.exe |
"UDP Query User{0BE120BD-D6C6-48F4-952C-10A4FDCED758}C:\program files\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"UDP Query User{3D1C44FB-9F89-4A24-826D-73ABA7A79C4D}C:\program files\konami\pro evolution soccer 6\pes6.exe" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 6\pes6.exe |
"UDP Query User{4B5BD4B8-9B6D-45FF-BE6D-3EA48353DA2B}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"UDP Query User{50208E0F-3C6F-42E8-81DE-0E717F21F5F0}C:\program files\sixteen tons entertainment\emergency4\em4.exe" = protocol=17 | dir=in | app=c:\program files\sixteen tons entertainment\emergency4\em4.exe |
"UDP Query User{57002F32-8E66-4B05-858A-DFFCC12D198E}C:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=c:\program files\atari\test drive unlimited\testdriveunlimited.exe |
"UDP Query User{63F8C8A4-E21A-42EF-B515-AEACED8A6D7A}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{72AFB0EE-C86B-48DC-B602-D52C26E62348}C:\program files\bfvcc server manager\bfvcc.exe" = protocol=17 | dir=in | app=c:\program files\bfvcc server manager\bfvcc.exe |
"UDP Query User{82E806ED-9C87-4947-9142-4469C766E62C}C:\program files\konami\pro evolution soccer 2009\pes2009.exe" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2009\pes2009.exe |
"UDP Query User{91FC9755-3926-4CC2-9E68-E3AFCA7E439C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{BB8731B2-5ED1-4DAF-9F8C-07C5C36B4C56}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"UDP Query User{C4DA25C7-82E1-47F0-B726-4BFA997702B5}C:\users\dexter\desktop\pes2008.exe" = protocol=17 | dir=in | app=c:\users\dexter\desktop\pes2008.exe |
"UDP Query User{C59EE533-C0F6-47B3-808E-58A923C27537}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{CF02264D-4ED9-4683-B952-7225207EDE0A}C:\program files\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2.bin |
"UDP Query User{D37CD60B-7DC5-4A6E-B5BE-FD3D5B505EC2}C:\program files\red storm entertainment\ravenshield\system\ravenshield.exe" = protocol=17 | dir=in | app=c:\program files\red storm entertainment\ravenshield\system\ravenshield.exe |
"UDP Query User{E23E5904-D835-480A-ADA7-5C7C7B1C47A7}C:\program files\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2client.bin |
"UDP Query User{E25007D5-FA79-4FB6-B2A8-8EA6FD54C05E}C:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\rainbowsixvegas2_sads.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\rainbowsixvegas2_sads.exe |
"UDP Query User{E92E06F4-0859-43A1-8390-0D2EC8B58A1F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{E9C9E22E-9BBC-4D53-8DBC-FFB9633946B6}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{EAAC887C-9AC3-4E73-A0E0-31F1195557A6}C:\program files\atari\boiling point\xenus.exe" = protocol=17 | dir=in | app=c:\program files\atari\boiling point\xenus.exe |
"UDP Query User{EC99C16A-52C7-409B-A30A-752CF07102B9}C:\program files\ea sports\fussball manager 10\manager10.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fussball manager 10\manager10.exe |
"UDP Query User{F1E587DA-B715-4499-8FEE-8E4A7888B2DF}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071F3745-E389-4345-86DF-E80B55446FCE}" = FC Hansa Rostock - HansaBox
"{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies
"{11964613-805F-432D-A12B-169554B793E7}" = Nokia Connectivity Cable Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D2CF076-A63F-41A5-00A1-5924FADFAD9D}" = Der Pate® Das Spiel
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{29F0D899-9614-4EB3-92A8-C9117FE9E405}" = Cobra 11 - Nitro
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = Die Sims™ 2 Super Deluxe
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{38470B46-9BF1-40AE-A588-F6AD6D1C2D42}" = Free TV Radio
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = Die Sims™ 2 Teen Style-Accessoires
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = Die Sims™ 2 IKEA® Home-Accessoires
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81CD6232-10F5-4832-B3DA-1B88B1571031}" = Nero 7 Essentials
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = Die Sims™ 2 H&M®-Fashion-Accessoires
"{851367C1-2F9F-4087-B3E8-8DECFE328370}" = The Da Vinci Code
"{874F0C23-7CA8-4639-9D77-E032E272A3FD}" = Emergency 2
"{89E0B0D4-DFC3-49B9-8E88-F1B801325C8A}" = Emergency 3
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{9A4C534E-431F-4A17-97D4-D1682B19A054}" = Emergency4
"{9B0F9788-3141-4009-846E-52E59843E963}" = SimCity™ Societies
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{B102B41A-075C-40F9-AC9F-A132313F49A8}" = Magic Video Maker Pro
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = Die Sims™ 2 Apartment-Leben
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}" = Test Drive Unlimited
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA2B455A-B0BE-4C5A-B73A-0615F37C81D5}" = Beowulf TM
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = Die Sims™ 2 Gute Reise
"{F4851D03-553C-4ACE-ADBD-CA6BE8451072}" = Singles2
"{F8B98EB6-FC06-45BF-87D4-9784E0408611}" = ACDSee 10 Foto-Manager
"{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1)
"4077F884D1BB007055BDB83B621D87220A73F30F" = Windows-Treiberpaket - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"AOL Deinstallation" = AOL Deinstallation
"AOL Toolbar 4.0" =
"AudioCon" = AudioCon
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1)
"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Windows-Treiberpaket - Nokia Modem (05/24/2007 6.84.0.1)
"EADM" = EA Download Manager
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"GameSpy Arcade" = GameSpy Arcade
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"IsoBuster_is1" = IsoBuster 2.3
"JDownloader" = JDownloader
"Logitech Print Service" = Logitech Print Service
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Metin2_is1" = Metin2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (2.0.0.11)" = Mozilla Firefox (2.0.0.11)
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Picasa2" = Picasa 2
"RealPlayer 6.0" = RealPlayer
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"UltraISO_is1" = UltraISO Premium V9.31
"Uninstall_is1" = Uninstall 1.0.0.0
"Veetle TV" = Veetle TV 0.9.17
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WinRAR archiver" = WinRAR
"XviD_is1" = XviD MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FM10 Stadien Deutschland Update 2.0" = FM10 Stadien Deutschland Update 2.0
"FM10 Stadien Polen" = FM10 Stadien Polen
"Luxusfile" = Luxusfile
"Managerfrauen Part 1" = Managerfrauen Part 1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22.01.2010 19:08:44 | Computer Name = Dexter-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Manager10.exe, Version 2.0.0.5, Zeitstempel
0x4b2934d4, fehlerhaftes Modul GfxCore.dll, Version 0.0.0.0, Zeitstempel 0x4b293398,
Ausnahmecode 0xc0000005, Fehleroffset 0x0005133b, Prozess-ID 0xbf8, Anwendungsstartzeit
01ca9ba217da60b7.

Error - 31.01.2010 11:26:07 | Computer Name = Dexter-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung vlc.exe, Version 0.8.6.0, Zeitstempel 0x474e0e34,
fehlerhaftes Modul libvlc.dll, Version 0.0.0.0, Zeitstempel 0x474e0e34, Ausnahmecode
0xc0000005, Fehleroffset 0x0001b81a, Prozess-ID 0xaf8, Anwendungsstartzeit 01caa288fd2f6661.

Error - 04.02.2010 15:27:17 | Computer Name = Dexter-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Em3.exe, Version 0.0.0.0, Zeitstempel 0x42d25b8d,
fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
0xc0000005, Fehleroffset 0x6f6e6b6e, Prozess-ID 0x14bc, Anwendungsstartzeit 01caa5cda666ac7a.

Error - 04.02.2010 16:23:12 | Computer Name = Dexter-PC | Source = Application Hang | ID = 1002
Description = Programm Em4.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: d38 Anfangszeit: 01caa5d76e937071 Zeitpunkt der Beendigung:
383

Error - 04.02.2010 16:30:16 | Computer Name = Dexter-PC | Source = Application Hang | ID = 1002
Description = Programm Em4.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: f5c Anfangszeit: 01caa5d88de6e326 Zeitpunkt der Beendigung:
362

Error - 05.02.2010 08:31:25 | Computer Name = Dexter-PC | Source = VSS | ID = 8194
Description =

Error - 07.02.2010 12:33:41 | Computer Name = Dexter-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Em3.exe, Version 0.0.0.0, Zeitstempel 0x42d25b8d,
fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
0xc0000005, Fehleroffset 0x40151000, Prozess-ID 0x7b8, Anwendungsstartzeit 01caa812a9e6beb6.

Error - 20.02.2010 14:11:56 | Computer Name = Dexter-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 01.03.2010 15:45:59 | Computer Name = Dexter-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung vlc.exe, Version 0.8.6.0, Zeitstempel 0x474e0e34,
fehlerhaftes Modul libvlc.dll, Version 0.0.0.0, Zeitstempel 0x474e0e34, Ausnahmecode
0xc0000005, Fehleroffset 0x0001b84a, Prozess-ID 0xb9c, Anwendungsstartzeit 01cab977609bf958.

Error - 28.03.2010 03:34:25 | Computer Name = Dexter-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 7.0.6001.18385 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 374 Anfangszeit: 01cace469a84b842 Zeitpunkt
der Beendigung: 63

[ System Events ]
Error - 29.04.2010 13:26:35 | Computer Name = Dexter-PC | Source = HTTP | ID = 15016
Description =

Error - 29.04.2010 13:28:15 | Computer Name = Dexter-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 29.04.2010 16:02:07 | Computer Name = Dexter-PC | Source = HTTP | ID = 15016
Description =

Error - 29.04.2010 16:03:46 | Computer Name = Dexter-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 30.04.2010 08:23:36 | Computer Name = Dexter-PC | Source = HTTP | ID = 15016
Description =

Error - 30.04.2010 08:25:15 | Computer Name = Dexter-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 01.05.2010 05:37:26 | Computer Name = Dexter-PC | Source = HTTP | ID = 15016
Description =

Error - 01.05.2010 05:39:08 | Computer Name = Dexter-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 01.05.2010 09:35:31 | Computer Name = Dexter-PC | Source = HTTP | ID = 15016
Description =

Error - 01.05.2010 09:37:11 | Computer Name = Dexter-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >




Danke im Voraus, micha_patzi


Alt 01.05.2010, 14:57   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
mehrere div. Trojaner auf´m PC - Standard

mehrere div. Trojaner auf´m PC



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 4.0\resources\de-DE\local\search.html ()
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
[2010.05.01 15:35:33 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.01 15:35:33 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
--> mehrere div. Trojaner auf´m PC

Alt 01.05.2010, 15:09   #7
micha_patzi
 
mehrere div. Trojaner auf´m PC - Standard

mehrere div. Trojaner auf´m PC



hier das Logfile:




All processes killed
========== OTL ==========
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.
C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ deleted successfully.
File C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ not found.
File C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&AOL Toolbar-Suche\ deleted successfully.
File Suche - c:\program files\aol\aol toolbar 4.0\resources\de-DE\local\search.html not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3369AF0D-62E9-4bda-8103-B4C75499B578}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3369AF0D-62E9-4bda-8103-B4C75499B578}\ not found.
File C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ not found.
C:\Program Files\ICQ6\ICQ.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ not found.
File C:\Program Files\ICQ6\ICQ.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes

User: Dexter
->Temp folder emptied: 33282 bytes
->Java cache emptied: 13741079 bytes
->FireFox cache emptied: 10143021 bytes
->Flash cache emptied: 18620 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1570928 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1600 bytes
RecycleBin emptied: 6153648 bytes

Total Files Cleaned = 30,00 mb


OTL by OldTimer - Version 3.2.4.0 log created on 05012010_160144

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Antwort

Themen zu mehrere div. Trojaner auf´m PC
antivir, avg, avgnt, avira, combofix, components, dateien, explorer, firefox, google, gupdate, icq, internet, lan, log-datei, malware, microsoft, mozilla, namen, programdata, proxy, realplayer, recycle.bin, richtlinie, rojaner gefunden, scan, security, service pack 1, software, sptd.sys, start menu, suchlauf, svchost, system, trojaner, trojaner gefunden, usb, vista, windows-defender, wireless lan




Ähnliche Themen: mehrere div. Trojaner auf´m PC


  1. Mehrere Trojaner
    Log-Analyse und Auswertung - 12.07.2013 (13)
  2. Mehrere Trojaner gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.08.2012 (12)
  3. Mehrere Trojaner
    Mülltonne - 29.05.2012 (0)
  4. Mehrere Trojaner entdeckt
    Log-Analyse und Auswertung - 17.01.2011 (1)
  5. Mehrere Trojaner gefunden
    Log-Analyse und Auswertung - 07.04.2010 (18)
  6. mehrere trojaner
    Antiviren-, Firewall- und andere Schutzprogramme - 24.03.2010 (5)
  7. mehrere Trojaner
    Plagegeister aller Art und deren Bekämpfung - 29.04.2009 (3)
  8. Mehrere Trojaner!
    Plagegeister aller Art und deren Bekämpfung - 18.01.2009 (4)
  9. Trojaner (mehrere) entfernen
    Plagegeister aller Art und deren Bekämpfung - 14.01.2009 (4)
  10. Mehrere Trojaner?
    Log-Analyse und Auswertung - 12.12.2008 (3)
  11. Mehrere Trojaner
    Log-Analyse und Auswertung - 15.10.2008 (1)
  12. Mehrere Trojaner auf dem PC!?
    Log-Analyse und Auswertung - 01.09.2008 (4)
  13. Mehrere Trojaner in \SystemVolumeInformation\ (!)
    Plagegeister aller Art und deren Bekämpfung - 03.08.2008 (1)
  14. mehrere Trojaner auf dem Rechner
    Log-Analyse und Auswertung - 04.02.2008 (5)
  15. Mehrere Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 18.01.2008 (4)
  16. Trojaner und mehrere Benutzerkonten
    Plagegeister aller Art und deren Bekämpfung - 30.08.2005 (1)
  17. Mehrere Trojaner aufeinmal
    Plagegeister aller Art und deren Bekämpfung - 03.11.2004 (5)

Zum Thema mehrere div. Trojaner auf´m PC - Hallo, und zwar habe ich folgendes problem. Ich war im Internet, da hat AntiVir mit einmal angeschlagen und angezeigt, dass ein Trojaner gefunden wurde! Diesen habe ich erstmal in die - mehrere div. Trojaner auf´m PC...
Archiv
Du betrachtest: mehrere div. Trojaner auf´m PC auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.