Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Dldr.Swizzor.Gen infiziertes System

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.12.2009, 15:23   #1
meetee
 
TR/Dldr.Swizzor.Gen infiziertes System - Standard

TR/Dldr.Swizzor.Gen infiziertes System



Hallo,
Antivir meldete mir heute den Fund des TR/Dldr.Swizzor.Gen (in C:\Windows\SysWOW64\pbsvc), da ich noch nie groß Probleme mit Viren hatte, weiß ich auch nicht so recht was ich zu tun habe und erhoffe mir, dass mir jemand sagen kann ob der Trojaner noch auf meinem System sitzt, da Antivir ihn nicht mehr findet, nachdem ich ihn in Quarantäne gesteckt habe.

Hierzu habe ich mal ein HijackThis Logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:55:24, on 01.12.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
c:\program files (x86)\avira\antivir desktop\avscan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0709&m=ipower_g5630
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0709&m=ipower_g5630
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0709&m=ipower_g5630
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0709&m=ipower_g5630
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~2\INSTAL~1\{7F811~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{7F811~1\reboot.ini
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Packard Bell Services - C:\Windows\SYSTEM32\HidService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: O&O Defrag - Unknown owner - C:\Windows\system32\oodag.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sound Blaster MB Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\SBMBLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\Windows\System32\TUProgSt.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9409 bytes


1. Frage: Kann man daran ablesen ob mein System noch in irgendeiner Form mit besagtem Virus infiziert ist und/oder andere sich darauf eingenistet haben? Und wie entferne ich diesen am sinnvollsten?

2. Frage: Da ich mich mit den Logs 0 auskenne, diese aber mal mit denen anderer User mit dem gleichen Problem verglichen habe, ist mir aufgefallen, dass bei meinem Log öfters mal "(file missing)" steht. Hat das etwas zu sagen?

Vielen Dank für die Mühe!

Alt 02.12.2009, 12:01   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Dldr.Swizzor.Gen infiziertes System - Standard

TR/Dldr.Swizzor.Gen infiziertes System



Hallo und

Hinweis: Du benutzt ein 64-Bit-Windows. Viele "Standardprogramme" die wir hier als Hilfsmittel zum Bereinigen einsetzen, sind mit nem 64 Bit Windows NICHT kompatibel - das macht eine Bereinigung schwerer als sie ohnehin schon ist.

Probiere bitte einen Durchlauf mit Malwarebytes und OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 02.12.2009, 13:55   #3
meetee
 
TR/Dldr.Swizzor.Gen infiziertes System - Standard

TR/Dldr.Swizzor.Gen infiziertes System



Huhu, also hier die Logs von OTL:

OTL.Txt Log 1. Teil:
OTL Extras logfile created on: 02.12.2009 14:31:25 - Run 1
OTL by OldTimer - Version 3.1.11.4 Folder = C:\Users\XXX\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911,51 Gb Total Space | 744,98 Gb Free Space | 81,73% Space Free | Partition Type: NTFS
Drive D: | 700,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XXX-PC
Current User Name: XXX
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = EE CC A6 C2 77 3D CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-602752122-2776241754-974533191-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E829B8E5-C74D-48BA-9A49-BBF14B6399BD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07F29B75-D1E7-41BF-AE63-4E1A25CF52D9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{0E276F65-9C2F-4A8A-AC3A-CE4B7B0CFBDF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{1A548311-C8F6-4EA9-AE42-65518E6C5460}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1C56ACA3-F101-4A7C-BE92-BF13C80054FE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{21F0B552-BCC9-44CB-A416-67FB5FAD90F8}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{23CC39D8-7247-4F39-B1B4-BC2B45C9B38B}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{2BD668AA-AEFD-4FFD-A9F8-2815349566B1}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{361D4FC5-AA8C-476D-B092-504BC7C375AF}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{37F716F6-1DF6-49FE-9810-EC0C58BBA2E0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{42F5B646-CC6E-4684-9922-94411891E15C}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{49E49566-B617-4575-BE7D-697388E39F12}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{56663DAE-2752-4CB6-B0C8-020434A10EB0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{5E208E54-0991-49F7-B29D-307C36D57F2A}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx10.exe |
"{60846560-7FAE-4093-8F5F-473536E1B489}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{622AFE69-4A71-4822-9774-A23B2548DBDD}" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{69E949A8-9174-4B2D-850B-12D71EDF1D31}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"{6FE9AEE9-5F02-45EA-9CFF-D942F677F356}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{703E8946-F101-4CAC-9A56-AEB5A5675DC1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{74078ECC-306E-4B3E-BC4B-A03AF790BD14}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{74AEFA6C-74A2-4281-B4E3-2E44806B1496}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx10.exe |
"{7E13310D-822D-4E6E-86DC-239AE3F89ADF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{840C222A-FFC9-4759-A312-2680088C8F38}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{84FDC143-2895-40B7-9AA7-FD85669D53FF}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{8E4A22AB-9801-4734-BCC8-1A8425B3CA16}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{94E0BCE1-EDD7-4A7D-BDC4-72025A06F255}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{962C3C33-AFF2-4E17-B1BC-1FA3170B6645}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |
"{9C33A210-3035-4509-9946-B4D3BB4D66F2}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{A04E796B-2724-489C-8738-B3852FE897E8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A2D91723-FF20-4EBF-97A9-7D52CB8A2A99}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{A67CE2C6-D0A5-4F1E-8513-AF1A483EE92A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{AA8FB834-9AD2-4E1A-9100-D6E5C999849F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{BA00B358-830E-41CE-BE3E-F193020C6A7F}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{BAAFD17C-A8EB-402A-BCCD-829C8EAD29E0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{BBF8580C-91DD-4F75-B2F9-D4F60D456099}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{BEA7CDF2-C1BB-4881-ADFF-A3DCFF72BF2B}" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{CACFDD34-E89A-4DF4-8D26-B3256BC6BD15}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{D4DA7568-95A6-4B74-A99C-B6007A7EC2C0}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |
"{D569ABB5-E912-4C8E-8C9F-794005C9286F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |
"{DCE09C00-BB86-472E-ABB7-276161B96269}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |
"{E02A1303-32EA-463D-8417-EA0B33F5F022}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E0C7D906-6468-4FFF-AB87-A7798B8A86F4}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{E1E78066-02A9-4286-BB44-7E98C5459571}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{E61D294A-7677-4F9F-8BB9-4A88440AB7AA}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{E6C936D5-A5A0-447A-BCAE-5C7C37AF74E1}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"{E8ECF16F-D5B6-4F21-AF83-C20C8E39B5F0}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{EC6E882A-FB4E-4193-805E-763991E59BCE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{EFEF72E0-21E4-49D9-836F-E2C4A40802F1}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx9.exe |
"{F36248B7-5AB4-4981-A163-C4AD7D05B71D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{F4DB5FCC-C9F8-4E92-A925-9AC632B08E35}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{FDC1E1AF-6134-43CB-982B-EEC4EF8F7443}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx9.exe |
"{FDDB7390-3A1E-4DF4-9F8C-DFF1D57DAA68}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"TCP Query User{0E20C7C7-A0FB-4E17-A884-7DCC192EB4C2}C:\program files (x86)\curse\curseclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"TCP Query User{131752C5-C164-41BA-88A3-A9B3E90E0000}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{4C6C1754-7766-47D3-8100-86898F28963C}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{4F7EB4A5-BF26-482C-9029-769B8076D060}C:\program files (x86)\steam\steamapps\gonzo_aag\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gonzo_aag\counter-strike source\hl2.exe |
"TCP Query User{D0011FC4-E42D-4C2B-8829-3FE353A39CBE}C:\program files (x86)\activision\modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mp.exe |
"TCP Query User{D128A83B-F8EE-46C2-BE3B-404F0F351DA4}C:\program files (x86)\steam\steamapps\gonzo_aag\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gonzo_aag\counter-strike\hl.exe |
"UDP Query User{0477D0AD-3293-4A5C-8C21-A3C8EF3F86A2}C:\program files (x86)\steam\steamapps\gonzo_aag\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gonzo_aag\counter-strike source\hl2.exe |
"UDP Query User{468A9547-0E59-4170-ACAE-70061975FBB9}C:\program files (x86)\activision\modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mp.exe |
"UDP Query User{9C6ED9F3-7752-4D37-9125-1817FA2DDF55}C:\program files (x86)\curse\curseclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"UDP Query User{A96928E3-7FC5-4856-BEE6-98548FE76617}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{B4A96E51-2306-49F0-8014-1F4451F79F16}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{C59E90D0-94CF-4B49-8889-F400E037F726}C:\program files (x86)\steam\steamapps\gonzo_aag\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gonzo_aag\counter-strike\hl.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{53480440-E3A9-4EE0-A3EF-709DAAA3D2E2}" = O&O Defrag Professional Edition
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center
"{78F697ED-EC97-4D8D-881D-838984EA9855}" = 64 Bit HP CIO Components Installer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR archiver
__________________

Alt 02.12.2009, 13:56   #4
meetee
 
TR/Dldr.Swizzor.Gen infiziertes System - Standard

TR/Dldr.Swizzor.Gen infiziertes System



QLT.Txt Log 2. Teil:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{027eeb61-858e-417a-91ef-52101237bc45}" = Nero 9 Essentials
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{143C7D3A-02DD-4163-9880-11B202B7E3E6}" = Creative Sound Blaster MB
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{248e4799-db04-4b1a-902c-194669f995ce}" = Nero Move it
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3A438F62-00EE-4422-906B-6D9E107FC33F}" = Serif DrawPlus X2
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4220_ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8829E394-87E1-41C0-BCED-9B47F7C6DCDD}" = Serif WebPlus X2
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DCFC564-606E-424F-8A1C-56DD14908AF6}" = Serif PhotoPlus X2
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A5154441-DAF4-49A6-BFEE-DE9B1928DEF0}" = Realtek Ethernet Teaming and VLAN Utility for Windows Vista
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{cb1d6ae7-793d-4066-b5c6-1a77200c45a7}" = Nero Move it Essentials
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D87A21CC-34FB-4BD7-AC07-1FB24F39F825}" = Aion
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{defa5390-8533-47b5-81f7-3816916bdc6f}" = Nero Move it Help
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F3CC3463-C6C2-4667-BDAC-BC517A11628F}" = Razer Naga
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}" = Packard Bell ImageWriter
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help
"{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4220_Help
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"ALchemy SB MB" = Creative ALchemy (SB MB Edition)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CurseClient" = Curse Client
"ENTERPRISE" = Microsoft Office Enterprise 2007
"G15_TeamSpeak" = G15_TeamSpeak (NSIS)
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InfoCentre" = InfoCentre
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"mufin player D" = mufin player
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Packard Bell Customer Registration" = Packard Bell Customer Registration
"PackardBell Screensaver" = PackardBell ScreenSaver
"PunkBusterSvc" = PunkBuster Services
"Steam App 10" = Counter-Strike
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Updator" = Updator
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.2
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP 2005" = QIP 2005 8095

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12.11.2009 13:25:35 | Computer Name = XXX-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung aBot.exe, Version 0.0.0.1, Zeitstempel 0x4af06dad,
fehlerhaftes Modul MSVCR90.dll, Version 9.0.30729.1, Zeitstempel 0x488ef6c5, Ausnahmecode
0xc0000417, Fehleroffset 0x0006c955, Prozess-ID 0x4e0, Anwendungsstartzeit 01ca63bd2518f6cb.

Error - 12.11.2009 13:25:43 | Computer Name = XXX-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung aBot.exe, Version 0.0.0.1, Zeitstempel 0x4af06dad,
fehlerhaftes Modul MSVCR90.dll, Version 9.0.30729.1, Zeitstempel 0x488ef6c5, Ausnahmecode
0xc0000417, Fehleroffset 0x0006c955, Prozess-ID 0x12bc, Anwendungsstartzeit 01ca63bd2963bfdb.

Error - 12.11.2009 13:25:48 | Computer Name = XXX-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung aBot.exe, Version 0.0.0.1, Zeitstempel 0x4af06dad,
fehlerhaftes Modul MSVCR90.dll, Version 9.0.30729.1, Zeitstempel 0x488ef6c5, Ausnahmecode
0xc0000417, Fehleroffset 0x0006c955, Prozess-ID 0x9b8, Anwendungsstartzeit 01ca63bd2ce98b3b.

Error - 12.11.2009 13:26:01 | Computer Name = XXX-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung aBot.exe, Version 0.0.0.1, Zeitstempel 0x4af06dad,
fehlerhaftes Modul MSVCR90.dll, Version 9.0.30729.1, Zeitstempel 0x488ef6c5, Ausnahmecode
0xc0000417, Fehleroffset 0x0006c955, Prozess-ID 0xf14, Anwendungsstartzeit 01ca63bd3431b5cb.

Error - 12.11.2009 13:26:10 | Computer Name = XXX-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung aBot.exe, Version 0.0.0.1, Zeitstempel 0x4af06dad,
fehlerhaftes Modul MSVCR90.dll, Version 9.0.30729.1, Zeitstempel 0x488ef6c5, Ausnahmecode
0xc0000417, Fehleroffset 0x0006c955, Prozess-ID 0x13f0, Anwendungsstartzeit 01ca63bd39bc03bb.

Error - 12.11.2009 13:26:14 | Computer Name = XXX-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung aBot.exe, Version 0.0.0.1, Zeitstempel 0x4af06dad,
fehlerhaftes Modul MSVCR90.dll, Version 9.0.30729.1, Zeitstempel 0x488ef6c5, Ausnahmecode
0xc0000417, Fehleroffset 0x0006c955, Prozess-ID 0xa34, Anwendungsstartzeit 01ca63bd3bfccbfb.

Error - 12.11.2009 13:26:17 | Computer Name = XXX-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung aBot.exe, Version 0.0.0.1, Zeitstempel 0x4af06dad,
fehlerhaftes Modul MSVCR90.dll, Version 9.0.30729.1, Zeitstempel 0x488ef6c5, Ausnahmecode
0xc0000417, Fehleroffset 0x0006c955, Prozess-ID 0x13ac, Anwendungsstartzeit 01ca63bd3e112d0b.

Error - 12.11.2009 13:26:22 | Computer Name = XXX-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung aBot.exe, Version 0.0.0.1, Zeitstempel 0x4af06dad,
fehlerhaftes Modul MSVCR90.dll, Version 9.0.30729.1, Zeitstempel 0x488ef6c5, Ausnahmecode
0xc0000417, Fehleroffset 0x0006c955, Prozess-ID 0x1204, Anwendungsstartzeit 01ca63bd412a7afb.

Error - 12.11.2009 13:26:25 | Computer Name = XXX-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung aBot.exe, Version 0.0.0.1, Zeitstempel 0x4af06dad,
fehlerhaftes Modul MSVCR90.dll, Version 9.0.30729.1, Zeitstempel 0x488ef6c5, Ausnahmecode
0xc0000417, Fehleroffset 0x0006c955, Prozess-ID 0xc08, Anwendungsstartzeit 01ca63bd43015ddb.

Error - 12.11.2009 13:26:36 | Computer Name = XXX-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung aBot.exe, Version 0.0.0.1, Zeitstempel 0x4af06dad,
fehlerhaftes Modul MSVCR90.dll, Version 9.0.30729.1, Zeitstempel 0x488ef6c5, Ausnahmecode
0xc0000417, Fehleroffset 0x0006c955, Prozess-ID 0x4e0, Anwendungsstartzeit 01ca63bd492e7b7b.

[ System Events ]
Error - 15.10.2009 08:26:32 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 16.10.2009 06:24:59 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 16.10.2009 06:24:59 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 16.10.2009 07:22:04 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 16.10.2009 07:22:04 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 17.10.2009 06:53:38 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 17.10.2009 06:53:38 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 17.10.2009 19:45:00 | Computer Name = XXX-PC | Source = W32Time | ID = 39452706
Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um -86320 Sekunden
geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal -54000
Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone korrekt
sind und dass die Zeitquelle time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->207.46.197.32:123)
funktionsfähig ist.

Error - 18.10.2009 07:04:38 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 18.10.2009 07:04:38 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

Alt 02.12.2009, 13:57   #5
meetee
 
TR/Dldr.Swizzor.Gen infiziertes System - Standard

TR/Dldr.Swizzor.Gen infiziertes System



Extras.Txt Log 1.Teil:
OTL Extras logfile created on: 02.12.2009 14:31:25 - Run 1
OTL by OldTimer - Version 3.1.11.4 Folder = C:\Users\XXX\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911,51 Gb Total Space | 744,98 Gb Free Space | 81,73% Space Free | Partition Type: NTFS
Drive D: | 700,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XXX-PC
Current User Name: XXX
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = EE CC A6 C2 77 3D CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-602752122-2776241754-974533191-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E829B8E5-C74D-48BA-9A49-BBF14B6399BD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07F29B75-D1E7-41BF-AE63-4E1A25CF52D9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{0E276F65-9C2F-4A8A-AC3A-CE4B7B0CFBDF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{1A548311-C8F6-4EA9-AE42-65518E6C5460}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1C56ACA3-F101-4A7C-BE92-BF13C80054FE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{21F0B552-BCC9-44CB-A416-67FB5FAD90F8}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{23CC39D8-7247-4F39-B1B4-BC2B45C9B38B}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{2BD668AA-AEFD-4FFD-A9F8-2815349566B1}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{361D4FC5-AA8C-476D-B092-504BC7C375AF}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{37F716F6-1DF6-49FE-9810-EC0C58BBA2E0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{42F5B646-CC6E-4684-9922-94411891E15C}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{49E49566-B617-4575-BE7D-697388E39F12}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{56663DAE-2752-4CB6-B0C8-020434A10EB0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{5E208E54-0991-49F7-B29D-307C36D57F2A}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx10.exe |
"{60846560-7FAE-4093-8F5F-473536E1B489}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{622AFE69-4A71-4822-9774-A23B2548DBDD}" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{69E949A8-9174-4B2D-850B-12D71EDF1D31}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"{6FE9AEE9-5F02-45EA-9CFF-D942F677F356}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{703E8946-F101-4CAC-9A56-AEB5A5675DC1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{74078ECC-306E-4B3E-BC4B-A03AF790BD14}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{74AEFA6C-74A2-4281-B4E3-2E44806B1496}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx10.exe |
"{7E13310D-822D-4E6E-86DC-239AE3F89ADF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{840C222A-FFC9-4759-A312-2680088C8F38}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{84FDC143-2895-40B7-9AA7-FD85669D53FF}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{8E4A22AB-9801-4734-BCC8-1A8425B3CA16}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{94E0BCE1-EDD7-4A7D-BDC4-72025A06F255}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{962C3C33-AFF2-4E17-B1BC-1FA3170B6645}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |
"{9C33A210-3035-4509-9946-B4D3BB4D66F2}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{A04E796B-2724-489C-8738-B3852FE897E8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A2D91723-FF20-4EBF-97A9-7D52CB8A2A99}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{A67CE2C6-D0A5-4F1E-8513-AF1A483EE92A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{AA8FB834-9AD2-4E1A-9100-D6E5C999849F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{BA00B358-830E-41CE-BE3E-F193020C6A7F}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{BAAFD17C-A8EB-402A-BCCD-829C8EAD29E0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{BBF8580C-91DD-4F75-B2F9-D4F60D456099}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{BEA7CDF2-C1BB-4881-ADFF-A3DCFF72BF2B}" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{CACFDD34-E89A-4DF4-8D26-B3256BC6BD15}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{D4DA7568-95A6-4B74-A99C-B6007A7EC2C0}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |
"{D569ABB5-E912-4C8E-8C9F-794005C9286F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |
"{DCE09C00-BB86-472E-ABB7-276161B96269}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |
"{E02A1303-32EA-463D-8417-EA0B33F5F022}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E0C7D906-6468-4FFF-AB87-A7798B8A86F4}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{E1E78066-02A9-4286-BB44-7E98C5459571}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{E61D294A-7677-4F9F-8BB9-4A88440AB7AA}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{E6C936D5-A5A0-447A-BCAE-5C7C37AF74E1}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"{E8ECF16F-D5B6-4F21-AF83-C20C8E39B5F0}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{EC6E882A-FB4E-4193-805E-763991E59BCE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{EFEF72E0-21E4-49D9-836F-E2C4A40802F1}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx9.exe |
"{F36248B7-5AB4-4981-A163-C4AD7D05B71D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{F4DB5FCC-C9F8-4E92-A925-9AC632B08E35}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{FDC1E1AF-6134-43CB-982B-EEC4EF8F7443}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx9.exe |
"{FDDB7390-3A1E-4DF4-9F8C-DFF1D57DAA68}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"TCP Query User{0E20C7C7-A0FB-4E17-A884-7DCC192EB4C2}C:\program files (x86)\curse\curseclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"TCP Query User{131752C5-C164-41BA-88A3-A9B3E90E0000}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{4C6C1754-7766-47D3-8100-86898F28963C}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{4F7EB4A5-BF26-482C-9029-769B8076D060}C:\program files (x86)\steam\steamapps\gonzo_aag\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gonzo_aag\counter-strike source\hl2.exe |
"TCP Query User{D0011FC4-E42D-4C2B-8829-3FE353A39CBE}C:\program files (x86)\activision\modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mp.exe |
"TCP Query User{D128A83B-F8EE-46C2-BE3B-404F0F351DA4}C:\program files (x86)\steam\steamapps\gonzo_aag\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gonzo_aag\counter-strike\hl.exe |
"UDP Query User{0477D0AD-3293-4A5C-8C21-A3C8EF3F86A2}C:\program files (x86)\steam\steamapps\gonzo_aag\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gonzo_aag\counter-strike source\hl2.exe |
"UDP Query User{468A9547-0E59-4170-ACAE-70061975FBB9}C:\program files (x86)\activision\modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mp.exe |
"UDP Query User{9C6ED9F3-7752-4D37-9125-1817FA2DDF55}C:\program files (x86)\curse\curseclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"UDP Query User{A96928E3-7FC5-4856-BEE6-98548FE76617}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{B4A96E51-2306-49F0-8014-1F4451F79F16}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{C59E90D0-94CF-4B49-8889-F400E037F726}C:\program files (x86)\steam\steamapps\gonzo_aag\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gonzo_aag\counter-strike\hl.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{53480440-E3A9-4EE0-A3EF-709DAAA3D2E2}" = O&O Defrag Professional Edition
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center
"{78F697ED-EC97-4D8D-881D-838984EA9855}" = 64 Bit HP CIO Components Installer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR archiver


Geändert von meetee (02.12.2009 um 14:05 Uhr)

Alt 02.12.2009, 13:59   #6
meetee
 
TR/Dldr.Swizzor.Gen infiziertes System - Standard

TR/Dldr.Swizzor.Gen infiziertes System



Extras.Txt Log 2.Teil:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{027eeb61-858e-417a-91ef-52101237bc45}" = Nero 9 Essentials
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{143C7D3A-02DD-4163-9880-11B202B7E3E6}" = Creative Sound Blaster MB
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{248e4799-db04-4b1a-902c-194669f995ce}" = Nero Move it
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3A438F62-00EE-4422-906B-6D9E107FC33F}" = Serif DrawPlus X2
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4220_ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8829E394-87E1-41C0-BCED-9B47F7C6DCDD}" = Serif WebPlus X2
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DCFC564-606E-424F-8A1C-56DD14908AF6}" = Serif PhotoPlus X2
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A5154441-DAF4-49A6-BFEE-DE9B1928DEF0}" = Realtek Ethernet Teaming and VLAN Utility for Windows Vista
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{cb1d6ae7-793d-4066-b5c6-1a77200c45a7}" = Nero Move it Essentials
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D87A21CC-34FB-4BD7-AC07-1FB24F39F825}" = Aion
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{defa5390-8533-47b5-81f7-3816916bdc6f}" = Nero Move it Help
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F3CC3463-C6C2-4667-BDAC-BC517A11628F}" = Razer Naga
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}" = Packard Bell ImageWriter
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help
"{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4220_Help
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"ALchemy SB MB" = Creative ALchemy (SB MB Edition)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CurseClient" = Curse Client
"ENTERPRISE" = Microsoft Office Enterprise 2007
"G15_TeamSpeak" = G15_TeamSpeak (NSIS)
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InfoCentre" = InfoCentre
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"mufin player D" = mufin player
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Packard Bell Customer Registration" = Packard Bell Customer Registration
"PackardBell Screensaver" = PackardBell ScreenSaver
"PunkBusterSvc" = PunkBuster Services
"Steam App 10" = Counter-Strike
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Updator" = Updator
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.2
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP 2005" = QIP 2005 8095

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12.11.2009 13:25:35 | Computer Name = XXX-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung aBot.exe, Version 0.0.0.1, Zeitstempel 0x4af06dad,
fehlerhaftes Modul MSVCR90.dll, Version 9.0.30729.1, Zeitstempel 0x488ef6c5, Ausnahmecode
0xc0000417, Fehleroffset 0x0006c955, Prozess-ID 0x4e0, Anwendungsstartzeit 01ca63bd2518f6cb.

Error - 12.11.2009 13:25:43 | Computer Name = XXX-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung aBot.exe, Version 0.0.0.1, Zeitstempel 0x4af06dad,
fehlerhaftes Modul MSVCR90.dll, Version 9.0.30729.1, Zeitstempel 0x488ef6c5, Ausnahmecode
0xc0000417, Fehleroffset 0x0006c955, Prozess-ID 0x12bc, Anwendungsstartzeit 01ca63bd2963bfdb.

Error - 12.11.2009 13:25:48 | Computer Name = XXX-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung aBot.exe, Version 0.0.0.1, Zeitstempel 0x4af06dad,
fehlerhaftes Modul MSVCR90.dll, Version 9.0.30729.1, Zeitstempel 0x488ef6c5, Ausnahmecode
0xc0000417, Fehleroffset 0x0006c955, Prozess-ID 0x9b8, Anwendungsstartzeit 01ca63bd2ce98b3b.

Error - 12.11.2009 13:26:01 | Computer Name = XXX-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung aBot.exe, Version 0.0.0.1, Zeitstempel 0x4af06dad,
fehlerhaftes Modul MSVCR90.dll, Version 9.0.30729.1, Zeitstempel 0x488ef6c5, Ausnahmecode
0xc0000417, Fehleroffset 0x0006c955, Prozess-ID 0xf14, Anwendungsstartzeit 01ca63bd3431b5cb.

Error - 12.11.2009 13:26:10 | Computer Name = XXX-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung aBot.exe, Version 0.0.0.1, Zeitstempel 0x4af06dad,
fehlerhaftes Modul MSVCR90.dll, Version 9.0.30729.1, Zeitstempel 0x488ef6c5, Ausnahmecode
0xc0000417, Fehleroffset 0x0006c955, Prozess-ID 0x13f0, Anwendungsstartzeit 01ca63bd39bc03bb.

Error - 12.11.2009 13:26:14 | Computer Name = XXX-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung aBot.exe, Version 0.0.0.1, Zeitstempel 0x4af06dad,
fehlerhaftes Modul MSVCR90.dll, Version 9.0.30729.1, Zeitstempel 0x488ef6c5, Ausnahmecode
0xc0000417, Fehleroffset 0x0006c955, Prozess-ID 0xa34, Anwendungsstartzeit 01ca63bd3bfccbfb.

Error - 12.11.2009 13:26:17 | Computer Name = XXX-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung aBot.exe, Version 0.0.0.1, Zeitstempel 0x4af06dad,
fehlerhaftes Modul MSVCR90.dll, Version 9.0.30729.1, Zeitstempel 0x488ef6c5, Ausnahmecode
0xc0000417, Fehleroffset 0x0006c955, Prozess-ID 0x13ac, Anwendungsstartzeit 01ca63bd3e112d0b.

Error - 12.11.2009 13:26:22 | Computer Name = XXX-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung aBot.exe, Version 0.0.0.1, Zeitstempel 0x4af06dad,
fehlerhaftes Modul MSVCR90.dll, Version 9.0.30729.1, Zeitstempel 0x488ef6c5, Ausnahmecode
0xc0000417, Fehleroffset 0x0006c955, Prozess-ID 0x1204, Anwendungsstartzeit 01ca63bd412a7afb.

Error - 12.11.2009 13:26:25 | Computer Name = XXX-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung aBot.exe, Version 0.0.0.1, Zeitstempel 0x4af06dad,
fehlerhaftes Modul MSVCR90.dll, Version 9.0.30729.1, Zeitstempel 0x488ef6c5, Ausnahmecode
0xc0000417, Fehleroffset 0x0006c955, Prozess-ID 0xc08, Anwendungsstartzeit 01ca63bd43015ddb.

Error - 12.11.2009 13:26:36 | Computer Name = XXX-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung aBot.exe, Version 0.0.0.1, Zeitstempel 0x4af06dad,
fehlerhaftes Modul MSVCR90.dll, Version 9.0.30729.1, Zeitstempel 0x488ef6c5, Ausnahmecode
0xc0000417, Fehleroffset 0x0006c955, Prozess-ID 0x4e0, Anwendungsstartzeit 01ca63bd492e7b7b.

[ System Events ]
Error - 15.10.2009 08:26:32 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 16.10.2009 06:24:59 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 16.10.2009 06:24:59 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 16.10.2009 07:22:04 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 16.10.2009 07:22:04 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 17.10.2009 06:53:38 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 17.10.2009 06:53:38 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 17.10.2009 19:45:00 | Computer Name = XXX-PC | Source = W32Time | ID = 39452706
Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um -86320 Sekunden
geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal -54000
Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone korrekt
sind und dass die Zeitquelle time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->207.46.197.32:123)
funktionsfähig ist.

Error - 18.10.2009 07:04:38 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 18.10.2009 07:04:38 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

Geändert von meetee (02.12.2009 um 14:04 Uhr)

Alt 02.12.2009, 14:00   #7
meetee
 
TR/Dldr.Swizzor.Gen infiziertes System - Standard

TR/Dldr.Swizzor.Gen infiziertes System



Sorry ich musste das leider splitten, da sonst die maximale Zeichenmenge überschritten wäre. Reichen diese Logs?

Alt 02.12.2009, 14:46   #8
meetee
 
TR/Dldr.Swizzor.Gen infiziertes System - Standard

TR/Dldr.Swizzor.Gen infiziertes System



So hier noch die Malwarebytes Analyse:
Malwarebytes' Anti-Malware 1.41
Datenbank Version: 3275
Windows 6.0.6002 Service Pack 2

02.12.2009 15:45:27
mbam-log-2009-12-02 (15-45-27).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 293646
Laufzeit: 31 minute(s), 52 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Antwort

Themen zu TR/Dldr.Swizzor.Gen infiziertes System
antivir guard, avira, bho, browser, desktop, firefox, frage, hijack, hijackthis, hijackthis logfile, internet, internet explorer, logfile, magix, mozilla, packard bell, rundll, safer networking, security, senden, software, system, syswow64, teamspeak, trojaner, viren, virus, vista, windows



Ähnliche Themen: TR/Dldr.Swizzor.Gen infiziertes System


  1. Blackscreen mit Hinweis auf infiziertes System und Zahlungsaufforderung
    Log-Analyse und Auswertung - 24.02.2012 (1)
  2. Trojan-BNK.Win32.Keylogger.gen gaukelt infiziertes System vor - keine .exe-Datei ist mehr ausführbar
    Log-Analyse und Auswertung - 08.01.2012 (47)
  3. Ist der Versuch möglich/sinnvoll ein infiziertes System per Fernzugriff reparieren zu wollen?
    Alles rund um Windows - 13.12.2011 (7)
  4. Infiziertes System - doch keine Virenfunde
    Plagegeister aller Art und deren Bekämpfung - 03.11.2010 (3)
  5. TR/Dldr.Swizzor.Gen
    Mülltonne - 03.12.2009 (1)
  6. Wie bereite ich ein infiziertes System für ein Backup vor?
    Plagegeister aller Art und deren Bekämpfung - 21.11.2009 (2)
  7. Infiziertes System! Ich bitte um schnelle Hilfe
    Log-Analyse und Auswertung - 02.02.2009 (0)
  8. TR/Dldr.Swizzor.Gen log
    Mülltonne - 26.06.2008 (0)
  9. TR/Dldr.Swizzor.Gen und TR/Dldr.Swizzor.AG.2 bitte Log durchsehen, wenn jemand Zeit h
    Mülltonne - 26.01.2008 (0)
  10. TR/Dldr.Swizzor.Gen
    Plagegeister aller Art und deren Bekämpfung - 09.12.2007 (0)
  11. TR/dldr.Swizzor.gen
    Plagegeister aller Art und deren Bekämpfung - 21.09.2007 (1)
  12. TR/Dldr.Swizzor.Gen
    Mülltonne - 07.09.2007 (0)
  13. TR/Dldr.Swizzor.Gen
    Log-Analyse und Auswertung - 13.03.2007 (10)
  14. TR/Dldr.Swizzor.Gen
    Plagegeister aller Art und deren Bekämpfung - 04.03.2007 (5)
  15. TR.Dldr.Swizzor.gen
    Log-Analyse und Auswertung - 04.12.2006 (1)
  16. Infiziertes System, brauche Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 04.01.2006 (13)
  17. Infiziertes System direkt nach Neuinstallation
    Log-Analyse und Auswertung - 16.08.2005 (6)

Zum Thema TR/Dldr.Swizzor.Gen infiziertes System - Hallo, Antivir meldete mir heute den Fund des TR/Dldr.Swizzor.Gen (in C:\Windows\SysWOW64\pbsvc), da ich noch nie groß Probleme mit Viren hatte, weiß ich auch nicht so recht was ich zu tun - TR/Dldr.Swizzor.Gen infiziertes System...
Archiv
Du betrachtest: TR/Dldr.Swizzor.Gen infiziertes System auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.