Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Viren ohne ende...

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.05.2010, 13:30   #1
dredav
 
Viren ohne ende... - Standard

Viren ohne ende...



Hallo,

ich brauche eure Hilfe...

In meinem Firefox ist überall Werbung die nicht hingehört...
Ich habe des Gefühl es werden immer mehr Viren...
Grad eben hat sich ein Fenster geöffnet was sich als "Antispyware soft demo" oder so ähnlich ausgab... ich konnte nur über den Task-manager es beenden. im Task-manager sind fast alle Prozesse doppelt oder mehrfach (siehe Bild) und es werden immer mehr...

Auch wenn ich Windows update aufrufe um die Updates zu installieren kommt immer eine Fehlermeldung, ebenso wenn ich die Systemwiederherstellung von Windows aufrufe kommt folgende Meldung

auch in CCleaner werden keine Systemwiederherstellungspunkte angezeigt...


rKill 14Uhr:
Code:
ATTFilter
rKill 14 Uhr:
This log file is located at C:\rkill.log. 
Please post this only if requested to by the person helping you. 
Otherwise you can close this log when you wish. 
Ran as *** on 05.05.2010 at 14:00:23. 

Processes terminated by Rkill or while it was running: 

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe

Rkill completed on 05.05.2010  at 14:00:44.
         
rKill 14:25Uhr:
Code:
ATTFilter
This log file is located at C:\rkill.log. 
Please post this only if requested to by the person helping you. 
Otherwise you can close this log when you wish. 
Ran as David Manuel Dreher on 05.05.2010 at 14:25:31. 

Processes terminated by Rkill or while it was running: 

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe

Rkill completed on 05.05.2010  at 14:25:43.
         
OTL.txt
Code:
ATTFilter
OTL logfile created on: 05.05.2010 14:01:35 - Run 2
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,81 Gb Total Space | 26,01 Gb Free Space | 11,32% Space Free | Partition Type: NTFS
Drive D: | 229,11 Gb Total Space | 151,75 Gb Free Space | 66,23% Space Free | Partition Type: NTFS
Drive E: | 3,92 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 698,63 Gb Total Space | 77,17 Gb Free Space | 11,05% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DAVIDSPC
Current User Name: D****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
PRC - d:\xampp\mysql\bin\mysqld-nt.exe ()
PRC - D:\xampp\apache\bin\apache.exe (Apache Software Foundation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\cmd.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Programme\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Programme\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (RoxLiveShare9) --  File not found
SRV - (Akamai) -- c:\Programme\Common Files\Akamai\rswin_3653.dll ()
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (mysql) -- d:\xampp\mysql\bin\mysqld-nt.exe ()
SRV - (Apache2.2) -- D:\xampp\apache\bin\apache.exe (Apache Software Foundation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100504.004\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100504.004\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\vboxnetadp.sys (Sun Microsystems, Inc.)
DRV - (VBoxUSB) -- C:\Windows\System32\drivers\vboxusb.sys (Sun Microsystems, Inc.)
DRV - (avmaura) -- C:\Windows\System32\drivers\avmaura.sys (AVM Berlin)
DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon)
DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (dsltestSp5) -- C:\Windows\System32\drivers\dsltestsp5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (DslMNLwf) -- C:\Windows\System32\drivers\dslmnlwf.sys (T-Systems Enterprise Services GmbH)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s115mgmt.sys (MCCI Corporation)
DRV - (s115obex) -- C:\Windows\System32\drivers\s115obex.sys (MCCI Corporation)
DRV - (s115mdm) -- C:\Windows\System32\drivers\s115mdm.sys (MCCI Corporation)
DRV - (s115mdfl) -- C:\Windows\System32\drivers\s115mdfl.sys (MCCI Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\e1g60i32.sys (Intel Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (RTLWUSB) -- C:\Windows\System32\drivers\wg111v2.sys (NETGEAR Inc.)
DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\Windows\System32\drivers\k750bus.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.de/search?hl=de&btnG=Suche&meta=&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.christus-portal.net/"
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.6.3
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.4
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}:5.0.21
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.2
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {a08fb0e7-cdd6-2796-9d51-2c93ecbcf934}:4.6.6.7
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.03 00:28:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.28 06:26:37 | 000,000,000 | ---D | M]
 
[2009.11.23 23:07:29 | 000,000,000 | ---D | M] -- C:\Users\D****\AppData\Roaming\mozilla\Extensions
[2009.11.23 23:07:29 | 000,000,000 | ---D | M] -- C:\Users\D****\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org
[2010.05.04 21:22:21 | 000,000,000 | ---D | M] -- C:\Users\D****\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions
[2010.04.14 22:25:25 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\D****\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.05.03 20:19:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\D****\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.26 19:14:45 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\D****\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010.04.14 22:25:25 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\D****\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010.04.24 12:39:47 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\D****\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.03.31 05:27:33 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\D****\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010.02.19 11:15:30 | 000,000,000 | ---D | M] -- C:\Users\D****\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.04.14 22:25:25 | 000,000,000 | ---D | M] -- C:\Users\D****\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions\twitternotifier@naan.net
[2010.05.04 19:04:36 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.05.04 19:04:36 | 000,000,000 | ---D | M] (z) -- C:\Programme\Mozilla Firefox\extensions\{a08fb0e7-cdd6-2796-9d51-2c93ecbcf934}
[2009.09.24 20:55:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
[2008.06.18 15:11:35 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\inspector@mozilla.org
[2010.03.14 20:22:17 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.14 20:22:17 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.14 20:22:17 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.14 20:22:18 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.14 20:22:18 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (profitizeme browser enhancer) - {136E74A4-9153-4EF6-FEA5-C6039A817743} - C:\Windows\System32\scstbfkfgquyzup.dll ()
O2 - BHO: (profitmuse) - {3479441f-9783-76c9-c150-3269d45a0cd6} - C:\Windows\System32\5782b950.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O4 - HKCU..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKCU..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\D****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rkill.com ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {162247AF-26A7-44FC-A93A-69506EA244F3} https://maxdomeaccount.1und1.de/presentation/script/HWTest.CAB (HWTest.HWTestControl)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab (Java Plug-in 1.5.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\D****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\D****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.02.25 18:24:44 | 000,000,051 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{44462aac-3261-11dd-be1d-001c253200eb}\Shell\AutoRun\command - "" = J:\setupSNK.exe -- File not found
O33 - MountPoints2\{896f6dc2-2250-11dd-8142-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{896f6dc2-2250-11dd-8142-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Install.exe -- [2004.10.21 19:38:02 | 000,126,976 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\{bc3d89bc-6556-11dd-b14d-001c253200eb}\Shell - "" = AutoRun
O33 - MountPoints2\{bc3d89bc-6556-11dd-b14d-001c253200eb}\Shell\AutoRun\command - "" = L:\autorun.exe -- File not found
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.05.04 20:59:36 | 000,000,000 | ---D | C] -- C:\Programme\Vips2
[2010.05.03 19:57:22 | 000,000,000 | ---D | C] -- C:\Users\D****\AppData\Roaming\TrueCrypt
[2010.05.03 19:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueCrypt
[2010.05.03 19:54:24 | 000,223,440 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2010.05.02 21:53:03 | 000,000,000 | ---D | C] -- C:\Users\D****\Documents\NetBeansProjects
[2010.05.02 21:44:16 | 000,000,000 | ---D | C] -- C:\Users\D****\.netbeans
[2010.05.02 21:44:11 | 000,000,000 | ---D | C] -- C:\Users\D****\.netbeans-registration
[2010.05.02 21:34:29 | 000,000,000 | ---D | C] -- C:\Users\D****\.nbi
[2010.05.02 10:26:23 | 000,000,000 | ---D | C] -- C:\Programme\JFrameBuilder
[2010.04.28 06:25:00 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared
[2010.04.28 06:18:23 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.04.24 13:33:38 | 000,000,000 | ---D | C] -- C:\Programme\Shock Utility
[2010.04.24 12:39:54 | 000,000,000 | ---D | C] -- C:\Programme\NOS
[2010.04.24 12:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010.04.23 15:37:08 | 000,000,000 | ---D | C] -- C:\games
[2010.04.17 00:10:59 | 000,000,000 | ---D | C] -- C:\Users\D****\AppData\Roaming\Feedreader
[2010.04.16 18:09:42 | 000,000,000 | ---D | C] -- C:\Users\D****\Desktop\Alt
[2010.04.14 22:08:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.04.14 22:08:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.04.14 22:08:50 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.04.14 22:07:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.04.14 22:04:46 | 000,000,000 | --SD | C] -- C:\ComboFix.txt
[2010.04.14 22:03:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.04.14 21:32:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.04.12 18:15:12 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.04.12 18:15:11 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.11 22:55:02 | 000,000,000 | ---D | C] -- C:\Users\D****\AppData\Roaming\Malwarebytes
[2010.04.11 22:52:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.11 22:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.11 22:52:42 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.11 22:52:41 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.11 22:32:13 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\stu2.exe
[2010.04.06 20:16:18 | 000,147,456 | ---- | C] (Bullzip) -- C:\Windows\System32\bzpdfc.dll
[2010.04.06 20:16:15 | 000,187,392 | ---- | C] (BullZip) -- C:\Windows\System32\bzpdf.dll
[2010.04.06 20:16:11 | 000,000,000 | ---D | C] -- C:\Programme\Bullzip
[2010.04.06 19:59:05 | 000,000,000 | ---D | C] -- C:\Users\D****\Documents\HERMA
[2010.04.06 19:59:05 | 000,000,000 | ---D | C] -- C:\Users\D****\AppData\Local\HERMA
[2010.04.06 19:56:09 | 000,000,000 | ---D | C] -- C:\Programme\HERMA
[2010.04.06 19:56:09 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\HERMA
[2010.04.06 19:53:18 | 000,000,000 | ---D | C] -- C:\HERMA
[2010.04.05 19:23:25 | 000,000,000 | ---D | C] -- C:\Users\D****\Documents\TikGames
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.05.05 14:05:25 | 004,194,304 | -HS- | M] () -- C:\Users\D****\NTUSER.DAT
[2010.05.05 14:00:58 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{615FB214-9DF7-478C-A55A-DE4C901F3D01}.job
[2010.05.05 13:57:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ca5ac8caf1400.job
[2010.05.05 13:56:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.05 13:56:54 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.05 13:56:54 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.05 13:56:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.05 13:56:05 | 3489,128,448 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.05 13:46:53 | 000,524,288 | -HS- | M] () -- C:\Users\D****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.05.05 13:46:53 | 000,065,536 | -HS- | M] () -- C:\Users\D****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.05.05 13:46:23 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.05.05 13:46:17 | 002,544,598 | -H-- | M] () -- C:\Users\D****\AppData\Local\IconCache.db
[2010.05.05 13:10:42 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.04 20:59:45 | 000,000,548 | ---- | M] () -- C:\Windows\System32\javaw.exe.manifest
[2010.05.04 20:59:45 | 000,000,548 | ---- | M] () -- C:\Windows\System32\java.exe.manifest
[2010.05.04 19:17:35 | 000,000,155 | ---- | M] () -- C:\Users\D****\.appletviewer
[2010.05.04 19:04:36 | 000,096,761 | ---- | M] () -- C:\Windows\System32\2f55e719.exe
[2010.05.04 19:03:29 | 000,050,994 | ---- | M] () -- C:\Windows\System32\bnpdivwrrkqxmuwep.exe
[2010.05.03 21:28:05 | 000,099,328 | ---- | M] () -- C:\Users\D****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.03 19:54:24 | 000,223,440 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2010.05.02 18:39:43 | 000,089,336 | ---- | M] () -- C:\Users\D****\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.02 18:35:55 | 002,288,056 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.02 18:05:21 | 000,788,998 | ---- | M] () -- C:\Users\D****\Desktop\crane.zip
[2010.05.02 10:26:13 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2010.04.30 06:07:37 | 001,427,404 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.30 06:07:37 | 000,621,704 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.30 06:07:37 | 000,589,884 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.30 06:07:37 | 000,123,654 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.30 06:07:37 | 000,101,896 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.28 13:44:22 | 000,000,012 | ---- | M] () -- C:\Users\D****\AppData\Roaming\Light_Board_Veloca_-_Update_Checker.ini
[2010.04.27 20:31:30 | 000,000,004 | ---- | M] () -- C:\Users\D****\AppData\Roaming\pro-fusion_-_Update_Checker.ini
[2010.04.27 19:38:05 | 000,000,735 | ---- | M] () -- C:\Users\D****\SciTE.session
[2010.04.27 19:10:32 | 000,000,036 | ---- | M] () -- C:\Users\D****\.org.eclipse.epp.usagedata.recording.userId
[2010.04.27 13:58:48 | 000,381,952 | ---- | M] () -- C:\Windows\System32\scstbfkfgquyzup.dll
[2010.04.26 22:16:47 | 000,000,463 | ---- | M] () -- C:\Users\D****\Desktop\Spielfilme.lnk
[2010.04.25 21:04:18 | 000,050,715 | ---- | M] () -- C:\Users\D****\Desktop\IMG00431.jpg
[2010.04.24 16:26:09 | 000,000,157 | ---- | M] () -- C:\Users\D****\Desktop\swr3_mp3_m.m3u
[2010.04.24 13:33:23 | 000,065,536 | ---- | M] () -- C:\Windows\IFinst27.exe
[2010.04.23 17:57:38 | 001,453,568 | ---- | M] () -- C:\Windows\System32\5782b950.dll
[2010.04.22 17:30:26 | 000,033,280 | ---- | M] () -- C:\Users\D****\Desktop\Tabelle Johanna.doc
[2010.04.22 15:43:53 | 000,000,962 | ---- | M] () -- C:\Users\D****\Desktop\Serien.lnk
[2010.04.17 15:42:35 | 000,008,192 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\AtiPcie.sys
[2010.04.14 18:35:39 | 000,088,064 | ---- | M] () -- C:\Users\D****\Desktop\Hartz IV.doc
[2010.04.11 22:39:22 | 000,001,181 | ---- | M] () -- C:\ProgramData\_VOIDmfeklnmal.dll
[2010.04.11 22:37:21 | 000,363,520 | ---- | M] () -- C:\Users\D****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rkill.com
[2010.04.11 17:55:33 | 000,001,498 | ---- | M] () -- C:\Users\D****\.recently-used.xbel
[2010.04.10 07:34:48 | 000,000,256 | ---- | M] () -- C:\Windows\System32\pool.bin
[2010.04.10 00:06:00 | 000,558,846 | ---- | M] () -- C:\Users\D****\Desktop\IMG00271.jpg
[2010.04.10 00:05:51 | 000,053,364 | ---- | M] () -- C:\Users\D****\Desktop\IMG00269.jpg
[2010.04.10 00:03:11 | 000,000,256 | ---- | M] () -- C:\Users\D****\Documents\pool.bin
[2010.04.09 23:33:42 | 004,357,332 | ---- | M] () -- C:\Users\D****\Documents\LoaderBackup-(2010-04-09).ipd
[2010.04.09 23:09:43 | 004,357,133 | ---- | M] () -- C:\Users\D****\Documents\AutoBackup-(2010-04-09).ipd
[2010.04.09 22:58:32 | 000,000,292 | ---- | M] () -- C:\Windows\win.ini
[2010.04.07 15:11:29 | 000,190,464 | ---- | M] () -- C:\Users\D****\Desktop\Bericht.doc
[2010.04.06 20:09:09 | 000,020,480 | ---- | M] () -- C:\Users\D****\Documents\Alberts Hauslikör.doc
[2010.04.06 20:09:09 | 000,000,300 | ---- | M] () -- C:\Users\D****\Documents\Alberts Hauslikör.hea
[2010.04.06 20:09:09 | 000,000,162 | -H-- | M] () -- C:\Users\D****\Documents\~$berts Hauslikör.doc
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.05.05 13:50:05 | 000,000,424 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{615FB214-9DF7-478C-A55A-DE4C901F3D01}.job
[2010.05.04 19:17:35 | 000,000,155 | ---- | C] () -- C:\Users\D****\.appletviewer
[2010.05.04 19:04:36 | 000,096,761 | ---- | C] () -- C:\Windows\System32\2f55e719.exe
[2010.05.04 19:03:29 | 000,050,994 | ---- | C] () -- C:\Windows\System32\bnpdivwrrkqxmuwep.exe
[2010.05.02 18:05:20 | 000,788,998 | ---- | C] () -- C:\Users\D****\Desktop\crane.zip
[2010.04.29 17:36:42 | 000,000,003 | ---- | C] () -- C:\Users\D****\AppData\Roaming\TicTacToe.txt
[2010.04.28 13:28:10 | 000,000,012 | ---- | C] () -- C:\Users\D****\AppData\Roaming\Light_Board_Veloca_-_Update_Checker.ini
[2010.04.27 19:11:33 | 000,000,004 | ---- | C] () -- C:\Users\D****\AppData\Roaming\pro-fusion_-_Update_Checker.ini
[2010.04.27 19:10:32 | 000,000,036 | ---- | C] () -- C:\Users\D****\.org.eclipse.epp.usagedata.recording.userId
[2010.04.27 13:58:48 | 000,381,952 | ---- | C] () -- C:\Windows\System32\scstbfkfgquyzup.dll
[2010.04.25 21:04:27 | 000,050,715 | ---- | C] () -- C:\Users\D****\Desktop\IMG00431.jpg
[2010.04.24 16:26:07 | 000,000,157 | ---- | C] () -- C:\Users\D****\Desktop\swr3_mp3_m.m3u
[2010.04.24 13:33:23 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2010.04.23 17:57:38 | 001,453,568 | ---- | C] () -- C:\Windows\System32\5782b950.dll
[2010.04.22 17:28:02 | 000,033,280 | ---- | C] () -- C:\Users\D****\Desktop\Tabelle Johanna.doc
[2010.04.14 22:08:51 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.04.14 22:08:50 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010.04.14 22:08:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.04.14 22:08:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.04.14 22:08:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.04.14 18:35:38 | 000,088,064 | ---- | C] () -- C:\Users\D****\Desktop\Hartz IV.doc
[2010.04.12 17:45:05 | 3489,128,448 | -HS- | C] () -- C:\hiberfil.sys
[2010.04.11 23:10:09 | 000,363,520 | ---- | C] () -- C:\Users\D****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rkill.com
[2010.04.11 22:39:22 | 000,001,181 | ---- | C] () -- C:\ProgramData\_VOIDmfeklnmal.dll
[2010.04.11 17:55:33 | 000,001,498 | ---- | C] () -- C:\Users\D****\.recently-used.xbel
[2010.04.10 00:03:11 | 000,000,256 | ---- | C] () -- C:\Users\D****\Documents\pool.bin
[2010.04.09 23:33:42 | 004,357,332 | ---- | C] () -- C:\Users\D****\Documents\LoaderBackup-(2010-04-09).ipd
[2010.04.09 23:31:08 | 000,053,364 | ---- | C] () -- C:\Users\D****\Desktop\IMG00269.jpg
[2010.04.09 23:28:08 | 000,558,846 | ---- | C] () -- C:\Users\D****\Desktop\IMG00271.jpg
[2010.04.09 23:09:42 | 004,357,133 | ---- | C] () -- C:\Users\D****\Documents\AutoBackup-(2010-04-09).ipd
[2010.04.07 15:11:29 | 000,190,464 | ---- | C] () -- C:\Users\D****\Desktop\Bericht.doc
[2010.04.06 20:09:09 | 000,020,480 | ---- | C] () -- C:\Users\D****\Documents\Alberts Hauslikör.doc
[2010.04.06 20:09:09 | 000,000,162 | -H-- | C] () -- C:\Users\D****\Documents\~$berts Hauslikör.doc
[2010.04.06 20:09:08 | 000,000,300 | ---- | C] () -- C:\Users\D****\Documents\Alberts Hauslikör.hea
[2010.04.06 10:01:12 | 000,000,962 | ---- | C] () -- C:\Users\D****\Desktop\Serien.lnk
[2010.04.06 10:01:12 | 000,000,463 | ---- | C] () -- C:\Users\D****\Desktop\Spielfilme.lnk
[2010.02.21 20:29:36 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2010.02.19 09:40:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.01.28 17:50:50 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.01.24 00:10:29 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2010.01.24 00:10:29 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2010.01.24 00:10:27 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009.12.13 22:41:20 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.12.11 07:34:59 | 000,116,736 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.12.11 07:34:40 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL
[2009.08.31 14:03:42 | 000,262,144 | ---- | C] () -- C:\Windows\System32\EMRegSys.dll
[2009.07.09 18:59:41 | 000,138,384 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.11.11 22:56:34 | 000,018,944 | ---- | C] () -- C:\Windows\System32\wk32.dll
[2008.11.11 22:56:34 | 000,003,584 | ---- | C] () -- C:\Windows\System32\ic32.dll
[2008.08.08 16:28:51 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.07.08 18:13:58 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.06.02 16:10:50 | 000,077,824 | ---- | C] () -- C:\Windows\System32\HPZIDS01.dll
[2008.05.31 14:23:31 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.05.07 10:41:16 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007.05.07 09:22:38 | 000,000,834 | ---- | C] () -- C:\Windows\generic.ini
[2007.05.07 09:22:38 | 000,000,123 | ---- | C] () -- C:\Windows\Alaunch.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.02.23 18:37:18 | 000,047,104 | ---- | C] () -- C:\Windows\System32\dsfFLACEncoder.dll
[2006.02.23 17:37:06 | 000,047,616 | ---- | C] () -- C:\Windows\System32\dsfVorbisDecoder.dll
[2006.02.23 17:36:22 | 000,102,400 | ---- | C] () -- C:\Windows\System32\dsfOggDemux2.dll
[2006.02.23 17:35:56 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dsfOGMDecoder.dll
[2006.02.23 17:35:44 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dsfNativeFLACSource.dll
[2006.02.23 17:35:40 | 000,049,664 | ---- | C] () -- C:\Windows\System32\dsfFLACDecoder.dll
[2006.02.23 17:34:58 | 000,083,456 | ---- | C] () -- C:\Windows\System32\libFLAC++.dll
[2006.02.23 17:34:56 | 000,106,496 | ---- | C] () -- C:\Windows\System32\libFishSound.dll
[2006.02.23 17:34:38 | 000,029,696 | ---- | C] () -- C:\Windows\System32\libOOOggSeek.dll
[2006.02.23 17:34:26 | 001,108,480 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2006.02.23 17:34:16 | 000,049,152 | ---- | C] () -- C:\Windows\System32\libOOogg.dll
[2006.02.23 17:33:54 | 000,140,288 | ---- | C] () -- C:\Windows\System32\libFLAC.dll
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
< End of report >
         

Geändert von dredav (05.05.2010 um 13:39 Uhr)

Alt 05.05.2010, 13:31   #2
dredav
 
Viren ohne ende... - Standard

Viren ohne ende...



Erweiterung von Beitrag 1:

extra.txt:
Code:
ATTFilter
OTL Extras logfile created on: 05.05.2010 14:01:35 - Run 2
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,81 Gb Total Space | 26,01 Gb Free Space | 11,32% Space Free | Partition Type: NTFS
Drive D: | 229,11 Gb Total Space | 151,75 Gb Free Space | 66,23% Space Free | Partition Type: NTFS
Drive E: | 3,92 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 698,63 Gb Total Space | 77,17 Gb Free Space | 11,05% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: D****-PC
Current User Name: D***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mp3tag] -- "C:\Program Files\Mp3tag\Mp3tag.exe" "/fp:%1" (Florian Heidenreich)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirstRunDisabled" = 0
"UacDisableNotify" = 0
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- File not found
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05EE2A1E-7F20-443B-8739-1E9F8081FEC1}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{0A09C6F9-0163-4DC1-AFF1-0862CB983110}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{16AFF1F0-43FB-4CDA-8B37-A2C729AC09A9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{17593071-F416-4ECE-B2D2-8ACB33922866}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{1CD038EE-98AB-445B-BCF8-4E1159D18CE0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{21E32BFB-6B51-47C9-A6F9-363A4B5597CC}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface | 
"{2465CFA6-D304-49B5-B96B-9F77CEBA7A01}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{256BC22C-90A4-4ADE-9B6B-8837720E69F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{25CE8382-7873-4B6B-A0C4-A555E79E0657}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2C35F106-6D47-442D-B23E-63AE97106D00}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{3253E367-23DA-4350-819C-79D44D107EFF}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{32EA2EA6-99EE-43FF-AAC8-92FB35D8AFAA}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{3F7D3FB4-49F4-48F1-BD8D-DB6E8195FE1A}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{4048701D-5C0D-4B7B-9737-D86B7E6809E2}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{43F20B8C-D4AC-425E-9F30-1EEC2CF7AF66}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{459F4031-FAC4-46CC-AC5D-04F68150F20C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4B6B5258-20EC-48A5-81B4-9573243B10B2}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{5240F548-9701-4E31-91C2-72C8F49863F4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{58DF95CB-C9D0-461A-9D4A-05D933D2350E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5969D0B8-3877-4F0B-93A7-22BCE67B6989}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{6638E1D8-BB5C-4AC0-B742-AA32F882F8C3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{667E89E5-BDDD-4674-9C0B-3DB47DCD6246}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{68CE27F4-F25A-4D4B-962C-4AC111203ADF}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{69BF0E1B-C4A8-446D-BBD4-FFBC05CD9AE9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{713531E6-286A-4C3B-925D-CA091D8EE48D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{762B721F-4F0F-4EF9-A5FC-FAF14FFD4841}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{7A233807-82F2-4D80-AF72-FD943DB0FED0}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{7F5ED039-6784-4024-9FA3-30E112840009}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8017D61C-6745-4CBF-8FD1-318D94A0E385}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{94F79589-FEE1-4600-8C05-C38DFAC3709B}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{A34E16B2-EA6A-424C-99B4-822809012A90}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{A751F8E7-DA58-4B43-B648-A0CBF1BBDE33}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{B08E3A34-A3C8-4C49-BD9E-AC4A96761FEA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B14A5A55-42D5-47E8-8549-B9354DAFCF30}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{CE50F26A-B42D-4B82-8F2B-38CFCDF8EB6E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D04F3072-8DF0-452C-B3CF-FCE49AC08E2A}" = lport=52367 | protocol=6 | dir=in | name=akamai netsession interface | 
"{D3087E8E-E87A-4FA5-A12C-CA25D5644A05}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{D7F4E072-A9F5-417D-AED0-0EDCE3448628}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{DAE8F91F-95A3-469A-8CD3-D0AD4E6A94DA}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{DC67F8BB-AE4F-455B-A5F9-9DFFD14846B9}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{E540F1F2-4817-470A-805E-B3840E02DDF8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FC56C63D-6A18-4407-875F-20CDAC2F591D}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{FFCF2230-ED96-4C41-B9B9-2D8F33717F9E}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A5792F9-5A3C-4BE5-8400-9779F45BB1A5}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{14799621-F344-46FC-A273-0FE3BAD5C35A}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{15E3526F-B238-43E1-A5DE-AB6CD4DACDF0}" = protocol=6 | dir=in | app=c:\program files\roxio\digital home 9\roxioupnprenderer9.exe | 
"{1682F178-1A2E-42C0-9D30-93E449BB34C8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{18D9C22E-C60C-46AA-9C68-ADC12B03EF49}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{1AB8B39F-D9BD-40CE-9FA2-74E548EFF867}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2825C47E-B280-4CE5-A860-61596C7017B2}" = protocol=17 | dir=in | app=c:\users\D****\appdata\local\apps\2.0\905ltwad.rex\hxogp4mn.n6o\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe | 
"{2A5C9940-44AF-41B2-A17D-62F2A05D6196}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{2DA401AB-1E12-44BB-A8DE-A30D42E16F1B}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{2E28A60E-5AF9-4B11-B352-1E39D8D2FA61}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{3C3DB1FA-3B18-4546-8DD2-0A7DEADA9504}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{410A7BE2-1CE5-40FF-82DE-184F77E880AA}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{48855CBD-C253-4C7D-9A9A-579DB07FFF02}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{48B25F86-353D-4635-9AE3-A8DDBF375E05}" = protocol=6 | dir=in | app=c:\users\D****\appdata\local\apps\2.0\905ltwad.rex\hxogp4mn.n6o\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe | 
"{4CBED3B5-72A8-4CDB-ADF2-A74361BF4D59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{518F4446-0388-42E4-9274-F42683661ADA}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{55DB299D-57DC-4011-81C3-B0FF0E2B6EC5}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{566F5AC6-C549-4D61-9DCB-AD54A7D9AE96}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{5FC1BE43-C5EB-4314-B79D-4EBD9C125EE3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6426E837-D814-41B1-9FE7-2463BDD8CD16}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6699E87D-3AAB-43C3-966F-6C0D4C3090CC}" = protocol=6 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe | 
"{6989DD07-E1D3-4B5D-AA77-417652B681C4}" = protocol=17 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe | 
"{6B89A43F-25B4-4E8E-AD38-2E8CFE0F3201}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{702FACE1-6F8F-4BF8-B640-2AE1EA275829}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{736D5BF6-D440-427D-9999-30EC8C660764}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{73A94B25-E83C-41DC-AE5C-B07E8C53B58F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{77B53372-A875-4511-8D0F-B05A0926865D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7F49931B-C181-4124-9067-13D75D0D5F0F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{85785B36-FD02-4CB1-9A9E-BA90E2E7AFF4}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{8DBA17D3-4D2B-40FB-B05C-A6A711FE6FDC}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{912E21DB-9B38-47A9-970E-9201DB9256A6}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe | 
"{92946682-A2EF-4C1B-BB3C-3FFE1586663D}" = protocol=6 | dir=out | app=system | 
"{94FC8C0C-16A9-431D-92FE-DA24192410FB}" = protocol=6 | dir=in | app=c:\program files\roxio\digital home 9\roxioupnprenderer9.exe | 
"{9CAF373E-90C0-4F88-B63A-5A6C1C7329F8}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{A8AC6FC2-8DE8-45B5-A6F4-284C375BDB50}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{ACF60C3C-39EA-4D78-BAD8-86689B265FEA}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{AD8D4707-90FE-4427-9C02-5E15FD294272}" = protocol=17 | dir=in | app=c:\program files\roxio\digital home 9\roxioupnprenderer9.exe | 
"{B0558042-4221-4FD0-B69A-429DF6A1758D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B152572B-AA70-48A3-84A2-7F06C824B4AB}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe | 
"{B5B62133-180B-4A6D-8DFD-709202C5F860}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B7C17E01-BBAF-4788-B05B-8EC39173C781}" = protocol=17 | dir=in | app=c:\program files\roxio\digital home 9\roxioupnprenderer9.exe | 
"{C2190D5A-89FA-4633-B4B7-5C4E420D7B94}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{DD45D94C-C9BE-4371-AA7C-0CFFE544C8EF}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{DE017049-B22F-47C4-B984-AF15AEE80441}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{E8C990F1-7FFF-4BA6-80E8-4756B88E79B8}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{EC49769A-05D9-4EC3-AA50-110E46EF1F98}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{EDA68388-7309-40C6-8222-35A87DDE47C4}" = protocol=17 | dir=in | app=c:\users\D****\appdata\local\apps\2.0\905ltwad.rex\hxogp4mn.n6o\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf149dd7a141\fritzbox-usb-fernanschluss.exe | 
"{EFB8C8E5-C335-44B3-8CE8-19955D973C33}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FA6E1A06-2075-4E47-8585-15B518C8B3D6}" = protocol=6 | dir=in | app=c:\users\D****\appdata\local\apps\2.0\905ltwad.rex\hxogp4mn.n6o\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf149dd7a141\fritzbox-usb-fernanschluss.exe | 
"TCP Query User{0FE83AC8-B2C8-44D8-8F9D-F757FCF770FE}C:\sun\sdk\jdk\bin\java.exe" = protocol=6 | dir=in | app=c:\sun\sdk\jdk\bin\java.exe | 
"TCP Query User{1E29CCC3-3920-4DCD-950E-2D245530C900}C:\program files\autoit3\autoit3.exe" = protocol=6 | dir=in | app=c:\program files\autoit3\autoit3.exe | 
"TCP Query User{240D411A-8739-47E7-847E-50805D375F21}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{2F7F09B3-1AB1-4D8D-9D03-6949891143B0}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{36ACECEC-F244-4E7A-AE74-306D0D12073D}C:\users\D****\desktop\ftp\ftp_upload.exe" = protocol=6 | dir=in | app=c:\users\D****\desktop\ftp\ftp_upload.exe | 
"TCP Query User{38A36891-2158-4AD3-BADD-158A2E890CF6}C:\program files\eclipse_php\eclipse.exe" = protocol=6 | dir=in | app=c:\program files\eclipse_php\eclipse.exe | 
"TCP Query User{39EFAEA7-C332-4F81-AD92-53688F62959C}D:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=d:\xampp\mercurymail\mercury.exe | 
"TCP Query User{3A69FBC1-2CF4-4AF9-B47C-31B333CEFEF2}C:\program files\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files\free download manager\fdm.exe | 
"TCP Query User{4A1211A5-29C3-415D-8BD0-4AFED1BE0BE6}D:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=d:\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{4D693D86-2987-4A42-BDAF-BAD0EAA38025}C:\program files\free download manager\fdmwi.exe" = protocol=6 | dir=in | app=c:\program files\free download manager\fdmwi.exe | 
"TCP Query User{4ED92FBF-B353-4952-A133-0BF527A628BB}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{5748DA28-609A-4D29-80D4-ECBE5BC3D230}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{58A627D3-F900-48A6-ADAB-62855FE8C463}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{5CF2525E-76F0-49A5-BA56-AE2064681B6C}C:\users\D****\appdata\local\temp\java_ee_sdk-5_01-windows.exe2\package\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\D****\appdata\local\temp\java_ee_sdk-5_01-windows.exe2\package\jre\bin\javaw.exe | 
"TCP Query User{6EC2FBFC-52D7-423E-B639-68CCBA02CD43}C:\program files\eclipse_php\eclipse.exe" = protocol=6 | dir=in | app=c:\program files\eclipse_php\eclipse.exe | 
"TCP Query User{7016A29D-2452-401C-9A73-CB98AFCB3CDC}C:\users\D****\desktop\ftp_upload.exe" = protocol=6 | dir=in | app=c:\users\D****\desktop\ftp_upload.exe | 
"TCP Query User{750D225A-937F-4FA2-B0D5-1985E7802AD2}C:\program files\eclipse_java\eclipse.exe" = protocol=6 | dir=in | app=c:\program files\eclipse_java\eclipse.exe | 
"TCP Query User{785DD3C1-4B36-4949-992F-EE7A716A6878}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{7BBA5D08-873C-4F1B-99A3-ACA2B84130F2}C:\program files\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files\fritz!\frifax32.exe | 
"TCP Query User{812A91F4-6036-49AA-9E1C-EC7DEB196518}C:\program files\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe | 
"TCP Query User{8D7E8862-7354-4A5B-A992-C8C639A58DB3}D:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=d:\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{94B7B1B5-5783-4765-8728-522C1B7D01D7}C:\program files\roxio\media manager 9\mediamanager9.exe" = protocol=6 | dir=in | app=c:\program files\roxio\media manager 9\mediamanager9.exe | 
"TCP Query User{9CE6D2AB-529B-45C4-9580-C958DD0048A9}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{B1A5C141-334B-4432-B0FF-C7E899987D68}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{B66648B6-AA96-42D9-9F48-681026300F50}D:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=d:\xampp\mercurymail\mercury.exe | 
"TCP Query User{B6E74307-20ED-4161-84A8-76B499133470}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"TCP Query User{C66E6B2A-BC37-4230-B69A-992D979E9C81}C:\users\D****\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\D****\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe | 
"TCP Query User{C8FF536F-FD30-4545-BC2F-1124B4A7DE64}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{CF10F4BD-1A58-436E-99F0-4972A44226BA}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{D50671F9-CDAD-498E-83D8-7E392D7A9925}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe | 
"TCP Query User{D8CF24C1-2C7E-4A5F-9D8A-A7B37858D034}C:\program files\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\program files\eclipse\eclipse.exe | 
"TCP Query User{DD7F8C7B-7639-4280-BE0E-484CEC4C6133}C:\program files\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files\qip infium\infium.exe | 
"TCP Query User{DFD5B921-D41B-4A28-A2A5-FAEE7F3A18DF}S:\ftp_upload.exe" = protocol=6 | dir=in | app=s:\ftp_upload.exe | 
"TCP Query User{EDDFAD7D-4ED8-4CF6-A337-C41A98F36E6E}D:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=d:\xampp\apache\bin\apache.exe | 
"TCP Query User{EF6D0B02-3E68-4894-B6A4-AB11F21417E6}C:\program files\tools&more\ftp-watchdog\ftp-watchdog.exe" = protocol=6 | dir=in | app=c:\program files\tools&more\ftp-watchdog\ftp-watchdog.exe | 
"TCP Query User{FBC27D9D-0715-4339-8608-3ABFE2C35733}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 
"TCP Query User{FFEA5588-0E35-4091-AA72-D145DBC7C631}C:\program files\ea games\battlefield vietnam\bfvietnam.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield vietnam\bfvietnam.exe | 
"UDP Query User{08F4FA9D-FCB7-4F53-B378-E65DE0967133}C:\program files\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe | 
"UDP Query User{1313BE65-48DA-442F-A47A-6808D9E1E247}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe | 
"UDP Query User{2468DAAD-DC98-4754-9515-8654EF29D6D3}C:\program files\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files\free download manager\fdm.exe | 
"UDP Query User{26E54034-0A57-4380-B55D-7315AF3B1D69}C:\program files\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\program files\eclipse\eclipse.exe | 
"UDP Query User{2DC9B90B-BC3C-4547-B543-08B78DA175C8}C:\users\D****\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\D****\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe | 
"UDP Query User{3095CB1E-9456-4B4F-AC8F-69B3A00EB18C}C:\users\D****\desktop\ftp\ftp_upload.exe" = protocol=17 | dir=in | app=c:\users\D****\desktop\ftp\ftp_upload.exe | 
"UDP Query User{41297A98-EBC4-4D4B-A910-72C55BEB7861}D:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=d:\xampp\apache\bin\apache.exe | 
"UDP Query User{42AB49C0-1487-4535-AFF0-93B78818AB10}C:\program files\ea games\battlefield vietnam\bfvietnam.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield vietnam\bfvietnam.exe | 
"UDP Query User{43E90028-493F-46E9-9434-F57B5881719A}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{44F2B339-0837-43A6-87C4-C334D7B4E560}D:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=d:\xampp\mercurymail\mercury.exe | 
"UDP Query User{4E7A0E5E-F8D8-45D0-A78F-37C1D883259E}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{539745CF-799A-4CE5-92ED-1D2848E985AB}S:\ftp_upload.exe" = protocol=17 | dir=in | app=s:\ftp_upload.exe | 
"UDP Query User{55ED0E9B-B8E3-4D99-BD71-7324F7AF4106}C:\program files\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files\fritz!\frifax32.exe | 
"UDP Query User{58AE65B8-BE52-4B94-98F9-27DFC5EB5C84}D:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=d:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{632A76DF-BAB3-40EB-9F8B-D11FDF75925E}C:\program files\roxio\media manager 9\mediamanager9.exe" = protocol=17 | dir=in | app=c:\program files\roxio\media manager 9\mediamanager9.exe | 
"UDP Query User{6973628D-06F7-41B3-BEC1-788DC8ABCF37}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{69B0D8B3-AE59-4D42-9373-88228A550CFC}C:\program files\free download manager\fdmwi.exe" = protocol=17 | dir=in | app=c:\program files\free download manager\fdmwi.exe | 
"UDP Query User{70B31052-81A2-4D97-A1DE-DC5CEB5107D7}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{73785514-9172-4413-A1F6-0A97ECF442EA}C:\users\D****\desktop\ftp_upload.exe" = protocol=17 | dir=in | app=c:\users\D****\desktop\ftp_upload.exe | 
"UDP Query User{782D8478-788B-4240-BC24-DD56678F5C4C}C:\program files\tools&more\ftp-watchdog\ftp-watchdog.exe" = protocol=17 | dir=in | app=c:\program files\tools&more\ftp-watchdog\ftp-watchdog.exe | 
"UDP Query User{7BBB0B3C-F346-4878-AFBF-15793E69C9A0}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{84F0DA1C-1ED9-4645-9EB1-D11B84F5811C}C:\program files\eclipse_php\eclipse.exe" = protocol=17 | dir=in | app=c:\program files\eclipse_php\eclipse.exe | 
"UDP Query User{9BF823E1-3DF6-418B-A285-ACF55F7251F7}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{A4113F3C-065A-4038-B3E8-52F8761DB70F}C:\program files\autoit3\autoit3.exe" = protocol=17 | dir=in | app=c:\program files\autoit3\autoit3.exe | 
"UDP Query User{A82F46E7-061D-49F5-BD51-00E20748E9CC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{A994E470-B8EF-4427-AD88-B943AABAD702}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{AACC1587-FC6A-492C-9B79-379A7FD8A2D6}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 
"UDP Query User{AD8CB5FD-2803-4B66-9CB7-A04F8E45C194}C:\users\D****\appdata\local\temp\java_ee_sdk-5_01-windows.exe2\package\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\D****\appdata\local\temp\java_ee_sdk-5_01-windows.exe2\package\jre\bin\javaw.exe | 
"UDP Query User{B3142362-6B49-4D27-979A-341FD9599BE2}D:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=d:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{B51EC2D4-E138-422C-B84F-497FC4C20474}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{B5BBF6D2-E581-4FCF-A9D5-C6153490352D}D:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=d:\xampp\mercurymail\mercury.exe | 
"UDP Query User{B8FC186F-1038-4230-A588-2DAE6DFE3173}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{D5D802F1-24D5-4B85-B1DC-309357259B3B}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"UDP Query User{DB902A17-BFE0-43EC-91DA-51B769B8F24C}C:\program files\eclipse_php\eclipse.exe" = protocol=17 | dir=in | app=c:\program files\eclipse_php\eclipse.exe | 
"UDP Query User{E9F6969C-C596-4956-A0B2-61AF1ABA0EB6}C:\program files\eclipse_java\eclipse.exe" = protocol=17 | dir=in | app=c:\program files\eclipse_java\eclipse.exe | 
"UDP Query User{EA180EC4-B6F3-4423-B483-06434EAFFE1B}C:\sun\sdk\jdk\bin\java.exe" = protocol=17 | dir=in | app=c:\sun\sdk\jdk\bin\java.exe | 
"UDP Query User{F842293A-406A-4FA9-BF52-8D72114DC6B0}C:\program files\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files\qip infium\infium.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{127B684B-A002-44C8-99A7-6CF8F1E26873}" = PunkBuster für Battlefield 1942
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}" = Microsoft SQL Server Compact 3.5 DEU
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{217B8A26-B479-4361-8771-57E323D6F991}" = EtikettenAssistent 4.0
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 15
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War
"{3248F0A8-6813-11D6-A77B-00B0D0150210}" = J2SE Runtime Environment 5.0 Update 21
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{32A3A4F4-B792-11D6-A78A-00B0D0150210}" = J2SE Development Kit 5.0 Update 21
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52C97E71-DC72-4BFC-8F27-3DD60228FBAF}" = FTP-Watchdog
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B077B8C-5942-4341-0001-3BCE3C625DB1}" = Webclip zu mp3 Konverter
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}" = Symantec AntiVirus
"{7FC5ACB7-6DA1-4774-0001-2A11ECEB8D31}" = i-Studio 4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8944ED10-DBF2-4FA9-8B5D-D7E1B046C761}_is1" = ColdCut
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{A625D45F-1DC4-47FB-ABCF-6B27684AA717}" = OpenOffice.org 2.3
"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B1AD83A0-DC92-41E3-B111-E9472349768C}" = RollerCoaster Tycoon 2: Wacky Worlds
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}" = ANNO 1503
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F989306B-9287-444F-AE73-E30C7E4AF0F5}" = Battlefield Vietnam: WW2 Mod
"2f55e719" = Contextual Tool Profitmuse
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Akamai" = Akamai NetSession Interface
"Application_X_1.0" = JFrameBuilder 3.3.1
"ATI Uninstaller" = ATI Uninstaller
"AutoItv3" = AutoIt v3.3.6.1
"bnpdivwrrkqxmuwep" = Performance Maximizer Profitizeme
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 5.0.0.609
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"DJ Music Mixer" = DJ Music Mixer
"FastStone Capture" = FastStone Capture 5.3
"ffdshow_is1" = ffdshow [rev 2946] [2009-05-15]
"FileZilla Client" = FileZilla Client 3.2.4.1
"Flight Simulator 8.0" = Microsoft Flight Simulator 2002
"Free Download Manager_is1" = Free Download Manager 3.0
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"Icy Tower v1.4_is1" = Icy Tower v1.4
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"Java Platform, Enterprise Edition 5 SDK" = Java Platform, Enterprise Edition 5 SDK
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LogonStudio" = LogonStudio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla ActiveX Control v1.7.7" = Mozilla ActiveX Control v1.7.7
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mp3tag" = Mp3tag v2.45a
"RollerCoaster Tycoon Setup" = Roll
"Shock 4Way 3D v1.29" = Shock 4Way 3D v1.29
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"TrueCrypt" = TrueCrypt
"Vips_is1" = Vips 1.1
"VLC media player" = VLC media player 1.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = GIMP 2.6.8
"xampp" = XAMPP 1.6.8
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 05.07.2009 11:03:04 | Computer Name = Dreher01 | Source = Symantec AntiVirus | ID = 16711725
Description =       SYMANTEC MANIPULATIONSSCHUTZ WARNMELDUNG    Ziel:  C:\Program Files\Symantec
 AntiVirus\SavUI.exe  Ereignisinfo:  Informationen festlegen Vorgang  Durchgeführte 
Aktion:  Blockiert  Angreifender Prozess:  C:\Program Files\EA GAMES\Battlefield 2\BF2.exe
 (PID 5900)  Zeit:  Sonntag, 5. Juli 2009  17:03:04
 
Error - 05.07.2009 11:03:04 | Computer Name = Dreher01 | Source = Symantec AntiVirus | ID = 16711725
Description =       SYMANTEC MANIPULATIONSSCHUTZ WARNMELDUNG    Ziel:  C:\Program Files\Symantec
 AntiVirus\SavUI.exe  Ereignisinfo:  Informationen festlegen Vorgang  Durchgeführte 
Aktion:  Blockiert  Angreifender Prozess:  C:\Program Files\EA GAMES\Battlefield 2\BF2.exe
 (PID 5900)  Zeit:  Sonntag, 5. Juli 2009  17:03:04
 
Error - 05.07.2009 11:03:05 | Computer Name = Dreher01 | Source = Symantec AntiVirus | ID = 16711725
Description =       SYMANTEC MANIPULATIONSSCHUTZ WARNMELDUNG    Ziel:  C:\Program Files\Symantec
 AntiVirus\SavUI.exe  Ereignisinfo:  Informationen festlegen Vorgang  Durchgeführte 
Aktion:  Blockiert  Angreifender Prozess:  C:\Program Files\EA GAMES\Battlefield 2\BF2.exe
 (PID 5900)  Zeit:  Sonntag, 5. Juli 2009  17:03:05
 
Error - 05.07.2009 11:03:05 | Computer Name = Dreher01 | Source = Symantec AntiVirus | ID = 16711725
Description =       SYMANTEC MANIPULATIONSSCHUTZ WARNMELDUNG    Ziel:  C:\Program Files\Symantec
 AntiVirus\SavUI.exe  Ereignisinfo:  Informationen festlegen Vorgang  Durchgeführte 
Aktion:  Blockiert  Angreifender Prozess:  C:\Program Files\EA GAMES\Battlefield 2\BF2.exe
 (PID 5900)  Zeit:  Sonntag, 5. Juli 2009  17:03:05
 
Error - 05.07.2009 11:03:06 | Computer Name = Dreher01 | Source = Symantec AntiVirus | ID = 16711725
Description =       SYMANTEC MANIPULATIONSSCHUTZ WARNMELDUNG    Ziel:  C:\Program Files\Symantec
 AntiVirus\SavUI.exe  Ereignisinfo:  Informationen festlegen Vorgang  Durchgeführte 
Aktion:  Blockiert  Angreifender Prozess:  C:\Program Files\EA GAMES\Battlefield 2\BF2.exe
 (PID 5900)  Zeit:  Sonntag, 5. Juli 2009  17:03:06
 
Error - 05.07.2009 11:03:06 | Computer Name = Dreher01 | Source = Symantec AntiVirus | ID = 16711725
Description =       SYMANTEC MANIPULATIONSSCHUTZ WARNMELDUNG    Ziel:  C:\Program Files\Symantec
 AntiVirus\SavUI.exe  Ereignisinfo:  Informationen festlegen Vorgang  Durchgeführte 
Aktion:  Blockiert  Angreifender Prozess:  C:\Program Files\EA GAMES\Battlefield 2\BF2.exe
 (PID 5900)  Zeit:  Sonntag, 5. Juli 2009  17:03:06
 
Error - 05.07.2009 11:03:07 | Computer Name = Dreher01 | Source = Symantec AntiVirus | ID = 16711725
Description =       SYMANTEC MANIPULATIONSSCHUTZ WARNMELDUNG    Ziel:  C:\Program Files\Symantec
 AntiVirus\SavUI.exe  Ereignisinfo:  Informationen festlegen Vorgang  Durchgeführte 
Aktion:  Blockiert  Angreifender Prozess:  C:\Program Files\EA GAMES\Battlefield 2\BF2.exe
 (PID 5900)  Zeit:  Sonntag, 5. Juli 2009  17:03:07
 
Error - 05.07.2009 11:03:07 | Computer Name = Dreher01 | Source = Symantec AntiVirus | ID = 16711725
Description =       SYMANTEC MANIPULATIONSSCHUTZ WARNMELDUNG    Ziel:  C:\Program Files\Symantec
 AntiVirus\SavUI.exe  Ereignisinfo:  Informationen festlegen Vorgang  Durchgeführte 
Aktion:  Blockiert  Angreifender Prozess:  C:\Program Files\EA GAMES\Battlefield 2\BF2.exe
 (PID 5900)  Zeit:  Sonntag, 5. Juli 2009  17:03:07
 
Error - 05.07.2009 11:03:08 | Computer Name = Dreher01 | Source = Symantec AntiVirus | ID = 16711725
Description =       SYMANTEC MANIPULATIONSSCHUTZ WARNMELDUNG    Ziel:  C:\Program Files\Symantec
 AntiVirus\SavUI.exe  Ereignisinfo:  Informationen festlegen Vorgang  Durchgeführte 
Aktion:  Blockiert  Angreifender Prozess:  C:\Program Files\EA GAMES\Battlefield 2\BF2.exe
 (PID 5900)  Zeit:  Sonntag, 5. Juli 2009  17:03:08
 
Error - 05.07.2009 11:03:09 | Computer Name = Dreher01 | Source = Symantec AntiVirus | ID = 16711725
Description =       SYMANTEC MANIPULATIONSSCHUTZ WARNMELDUNG    Ziel:  C:\Program Files\Symantec
 AntiVirus\SavUI.exe  Ereignisinfo:  Informationen festlegen Vorgang  Durchgeführte 
Aktion:  Blockiert  Angreifender Prozess:  C:\Program Files\EA GAMES\Battlefield 2\BF2.exe
 (PID 5900)  Zeit:  Sonntag, 5. Juli 2009  17:03:09
 
[ System Events ]
Error - 05.05.2010 07:47:44 | Computer Name = D****-PC | Source = BTHUSB | ID = 327685
Description = Der Bluetooth-Treiber hat ein HCI-Ereignis mit einer bestimmten Größe
 erwartet, das aber nicht empfangen wurde.
 
Error - 05.05.2010 07:49:35 | Computer Name = D****-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 05.05.2010 07:49:35 | Computer Name = D****-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 05.05.2010 07:49:45 | Computer Name = D****-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 05.05.2010 07:51:24 | Computer Name = D****-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 05.05.2010 07:56:27 | Computer Name = D****-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 05.05.2010 um 13:54:07 unerwartet heruntergefahren.
 
Error - 05.05.2010 07:55:36 | Computer Name = D****-PC | Source = BTHUSB | ID = 327685
Description = Der Bluetooth-Treiber hat ein HCI-Ereignis mit einer bestimmten Größe
 erwartet, das aber nicht empfangen wurde.
 
Error - 05.05.2010 07:57:24 | Computer Name = D****-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 05.05.2010 07:57:24 | Computer Name = D****-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 05.05.2010 07:57:36 | Computer Name = D****-PC | Source = Service Control Manager | ID = 7026
Description = 
 
[ TuneUp Events ]
Error - 12.04.2010 11:46:40 | Computer Name = D****-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 12.04.2010 11:51:16 | Computer Name = D****-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 12.04.2010 12:37:28 | Computer Name = D****-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 12.04.2010 12:37:33 | Computer Name = D****-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 12.04.2010 12:39:03 | Computer Name = D****-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 13.04.2010 07:19:11 | Computer Name = D****-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 13.04.2010 14:57:34 | Computer Name = D****-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 13.04.2010 23:26:10 | Computer Name = D****-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 14.04.2010 07:47:29 | Computer Name = D****-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 17.04.2010 03:24:56 | Computer Name = D****-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
 
< End of report >
         

Bild von den Prozessen: hxxp://img64.imageshack.us/img64/5937/20100505141843.gif
Miniaturansicht angehängter Grafiken
Viren ohne ende...-2010-05-05_141843.jpg  
__________________


Alt 05.05.2010, 16:27   #3
hacki1942
 
Viren ohne ende... - Standard

Viren ohne ende...



Es werden immer mehr ? o.O
Ich würde sagen statt sich weiterhin mit ihnen zu Quällen einfach
System - Neu aufsetzen.
Den ich weiss nicht wie lange eine Reinigung dauern würde und
ob sie überhaupt helfen würde.
Ich glaube es würde schneller gehen wenn du einfach System neuaufsetzt.

__________________

Alt 05.05.2010, 18:47   #4
dredav
 
Viren ohne ende... - Standard

Viren ohne ende...



Zitat:
Zitat von hacki1942 Beitrag anzeigen
Es werden immer mehr ? o.O
Ich würde sagen statt sich weiterhin mit ihnen zu Quällen einfach
System - Neu aufsetzen.
Den ich weiss nicht wie lange eine Reinigung dauern würde und
ob sie überhaupt helfen würde.
Ich glaube es würde schneller gehen wenn du einfach System neuaufsetzt.

naja die Sache ist halt ich habe vom Aufsetzten keine Ahnung, und auch keine recovery CD

Alt 05.05.2010, 19:11   #5
dredav
 
Viren ohne ende... - Standard

Viren ohne ende...



Habe jetzt mal noch schnell Malwarebytes laufen gelassen:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4069

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

05.05.2010 20:10:27
mbam-log-2010-05-05 (20-10-27).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 122928
Laufzeit: 11 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 9
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3479441f-9783-76c9-c150-3269d45a0cd6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3479441f-9783-76c9-c150-3269d45a0cd6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3479441f-9783-76c9-c150-3269d45a0cd6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bnpdivwrrkqxmuwep (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{136e74a4-9153-4ef6-fea5-c6039a817743} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{136e74a4-9153-4ef6-fea5-c6039a817743} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{136e74a4-9153-4ef6-fea5-c6039a817743} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{136e74a4-9153-4ef6-fea5-c6039a817743} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\System32\5782b950.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\bnpdivwrrkqxmuwep.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Windows\System32\scstbfkfgquyzup.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\Windows\Temp\vuwp.tmp\svchost.exe (Adware.Agent) -> Quarantined and deleted successfully.
         
hoffe man kann noch irgendwas machen...


Alt 07.05.2010, 13:21   #6
dredav
 
Viren ohne ende... - Standard

Viren ohne ende...



Hallo,

keiner eine Lösung/Hilfe für mich?

Mit freundlichen Grüßen
David

Alt 10.05.2010, 04:47   #7
dredav
 
Viren ohne ende... - Standard

Viren ohne ende...



***push***

Antwort

Themen zu Viren ohne ende...
0x00000001, akamai, antivirus, aufrufe, bho, c:\windows\system32\cmd.exe, components, corp./icp, desktop, dsl, error, excel, excel.exe, firefox, firefox 3.6.3, firefox.exe, free download, google, home, home premium, install.exe, location, log file, logfile, manuel, mozilla, mp3, netgear, nvstor.sys, oldtimer, otl logfile, otl.exe, plug-in, programdata, realtek, registry, rkill.com, searchplugins, software, sptd.sys, start menu, symantec, system, twitter, viren, vista, werbung, windows




Ähnliche Themen: Viren ohne ende...


  1. Threema-Audit abgeschlossen: "Ende-zu-Ende-Verschlüsselung ohne Schwächen"
    Nachrichten - 03.11.2015 (0)
  2. Viren ohne Ende
    Plagegeister aller Art und deren Bekämpfung - 11.08.2015 (38)
  3. Popups ohne Ende
    Plagegeister aller Art und deren Bekämpfung - 25.09.2014 (14)
  4. Win 7 Pro N und Popups ohne Ende...
    Plagegeister aller Art und deren Bekämpfung - 19.09.2014 (7)
  5. Beistriche ohne ende
    Plagegeister aller Art und deren Bekämpfung - 03.04.2011 (1)
  6. Bluescreens ohne Ende!
    Log-Analyse und Auswertung - 02.09.2010 (27)
  7. Viren ohne Ende
    Log-Analyse und Auswertung - 22.02.2010 (1)
  8. Viren ohne Ende, oder?
    Mülltonne - 19.09.2007 (2)
  9. Grafikbugs ohne Ende
    Plagegeister aller Art und deren Bekämpfung - 20.07.2007 (5)
  10. Drivecleaner/pop ups ohne ende
    Plagegeister aller Art und deren Bekämpfung - 26.06.2007 (2)
  11. werbungen ohne ende...
    Plagegeister aller Art und deren Bekämpfung - 14.04.2006 (8)
  12. Lag ohne Ende! Hilfe!
    Netzwerk und Hardware - 16.01.2006 (15)
  13. Würmer ohne Ende
    Plagegeister aller Art und deren Bekämpfung - 04.01.2006 (6)
  14. eSCan zeigt Viren ohne Ende an.....
    Plagegeister aller Art und deren Bekämpfung - 01.12.2005 (5)
  15. Trojaner ohne ende
    Log-Analyse und Auswertung - 01.03.2005 (8)
  16. Trojaner ohne Ende
    Plagegeister aller Art und deren Bekämpfung - 23.02.2005 (1)
  17. PLEASE HELP! Virenbefall ohne Ende!
    Plagegeister aller Art und deren Bekämpfung - 16.01.2005 (1)

Zum Thema Viren ohne ende... - Hallo, ich brauche eure Hilfe... In meinem Firefox ist überall Werbung die nicht hingehört... Ich habe des Gefühl es werden immer mehr Viren... Grad eben hat sich ein Fenster geöffnet - Viren ohne ende......
Archiv
Du betrachtest: Viren ohne ende... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.