Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Angefangen hat es mit Antimalware Doctor...

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.04.2010, 18:11   #1
dredav
 
Angefangen hat es mit Antimalware Doctor... - Standard

Angefangen hat es mit Antimalware Doctor...



Hallo,

gestern Abend gegen hab 11 habe ich mir leider den "Antimalware Doctor". Seit dem versuche ich gegen die vielen Viren die auf meinem PC sind an zu kämpfen.

Ich habe schon mehrere male die 2 Programme über laufen lassen: "rkill.com" und " Malwarebytes Anti-Malware ".

Doch ich habe das Gefühl es werden immer mehr Viren...

Ich poste mal die Letzten Logs:
rkill:
Code:
ATTFilter
This log file is located at C:\rkill.log. 
Please post this only if requested to by the person helping you. 
Otherwise you can close this log when you wish. 
Ran as *** on 12.04.2010 at 17:47:39. 

Processes terminated by Rkill or while it was running: 

C:\Windows\System32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\msfeedssync.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rkill.com
C:\Windows\system32\WerFault.exe

Rkill completed on 12.04.2010  at 17:48:13.
         
Malwarebytes :
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3978

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

12.04.2010 18:08:04
mbam-log-2010-04-12 (18-08-04).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 107398
Laufzeit: 10 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 22

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_voidenvqmdspwx (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOIDd.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Windows\_VOIDenvqmdspwx (Rootkit.TDSS) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Windows\System32\_VOIDaxugupxmtt.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDbgsmqdronl.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDctutchvlou.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDenlqxxytht.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDhwnppopefl.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDiutxomiwti.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDjofsqnptbi.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDkdpbmtyhrv.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDpxggtvvkoa.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDpxvrepowcq.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDrfudxtrxby.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDrvebnwpcne.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDryaoxpbnlt.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDsuhxrfwvha.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDuofjxprtxt.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\_VOIDenvqmdspwx\_VOIDd.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDkigymrthei.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDpwikyfmrir.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDuretdvqeov.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDwgelyipbtd.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\System32\_VOIDxlfioolxwk.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\_VOID356d.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
         
Es stürtz auch dauernt der Prozess "explorer.exe" ab, und seit gestern abend ist mein Sicherheitsdienst von Windows ausgeschaltet, uind wenn ich in anschalten will kommt immer "Der Sicherheitsdienst konnte nicht gestartet werden".

Ich hoffe ihr könnt mir helfen

Mit freundlichen Grüßen
David

Alt 13.04.2010, 12:17   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Angefangen hat es mit Antimalware Doctor... - Standard

Angefangen hat es mit Antimalware Doctor...



Hallo und

Mach mit Malwarebytes bitte einen Vollscan und poste das Log. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 14.04.2010, 16:35   #3
dredav
 
Angefangen hat es mit Antimalware Doctor... - Standard

Angefangen hat es mit Antimalware Doctor...



Hallo,

Hier der Scann von Malwarebytes, der von OTL folgt:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3978

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

14.04.2010 16:31:23
mbam-log-2010-04-14 (16-31-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 360614
Laufzeit: 3 Stunde(n), 35 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 10

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> No action taken.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\registrymonitor1 (Rootkit.Agent) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\users\***\appdata\roaming\sdra64.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe rundll32.exe bnis.mxo yfklng) Good: (Explorer.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Users\***\AppData\Roaming\sdra64.exe,) Good: (Userinit.exe) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F864BKP6\update[1].exe (Spyware.Zbot) -> No action taken.
C:\Users\***\AppData\Local\Temp\pdfupd.exe (Spyware.Zbot) -> No action taken.
C:\Users\***\AppData\Local\Temp\A6B6.tmp (Spyware.Zbot) -> No action taken.
C:\Users\***\AppData\Roaming\sdra64.exe (Spyware.Zbot) -> No action taken.
C:\Windows\System32\bnis.mxo (Backdoor.Bot) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8X230067\update[1].exe (Malware.Packer.Gen) -> No action taken.
C:\Windows\Temp\3F04.tmp (Malware.Packer.Gen) -> No action taken.
C:\Windows\Temp\3F71.tmp (Malware.Packer.Gen) -> No action taken.
C:\Windows\Temp\9932.tmp (Backdoor.Bot) -> No action taken.
C:\Windows\System32\qtplugin.exe (Rootkit.Agent) -> No action taken.
         
was soll ich machen? in Malwarebytes auf Entferne Auswahl klicken?

OTL:

Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 14.04.2010 16:37:09 - Run 1
OTL by OldTimer - Version 3.2.1.1     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 51,00% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,81 Gb Total Space | 6,71 Gb Free Space | 2,92% Space Free | Partition Type: NTFS
Drive D: | 229,11 Gb Total Space | 119,09 Gb Free Space | 51,98% Space Free | Partition Type: NTFS
Drive E: | 3,92 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 698,63 Gb Total Space | 77,17 Gb Free Space | 11,05% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DAVIDSPC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mp3tag] -- "C:\Program Files\Mp3tag\Mp3tag.exe" "/fp:%1" (Florian Heidenreich)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirstRunDisabled" = 0
"UacDisableNotify" = 0
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- File not found
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05EE2A1E-7F20-443B-8739-1E9F8081FEC1}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{0A09C6F9-0163-4DC1-AFF1-0862CB983110}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1379DD78-D7B9-478A-B0F0-3650C7C59129}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{16AFF1F0-43FB-4CDA-8B37-A2C729AC09A9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{17593071-F416-4ECE-B2D2-8ACB33922866}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{1CD038EE-98AB-445B-BCF8-4E1159D18CE0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2465CFA6-D304-49B5-B96B-9F77CEBA7A01}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{256BC22C-90A4-4ADE-9B6B-8837720E69F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{25CE8382-7873-4B6B-A0C4-A555E79E0657}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2C35F106-6D47-442D-B23E-63AE97106D00}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{3253E367-23DA-4350-819C-79D44D107EFF}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{3F7D3FB4-49F4-48F1-BD8D-DB6E8195FE1A}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{4048701D-5C0D-4B7B-9737-D86B7E6809E2}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{43F20B8C-D4AC-425E-9F30-1EEC2CF7AF66}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{459F4031-FAC4-46CC-AC5D-04F68150F20C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4B6B5258-20EC-48A5-81B4-9573243B10B2}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{5240F548-9701-4E31-91C2-72C8F49863F4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{58DF95CB-C9D0-461A-9D4A-05D933D2350E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6638E1D8-BB5C-4AC0-B742-AA32F882F8C3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{667E89E5-BDDD-4674-9C0B-3DB47DCD6246}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{68CE27F4-F25A-4D4B-962C-4AC111203ADF}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{69BF0E1B-C4A8-446D-BBD4-FFBC05CD9AE9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{713531E6-286A-4C3B-925D-CA091D8EE48D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{762B721F-4F0F-4EF9-A5FC-FAF14FFD4841}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{7A233807-82F2-4D80-AF72-FD943DB0FED0}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{7F5ED039-6784-4024-9FA3-30E112840009}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8017D61C-6745-4CBF-8FD1-318D94A0E385}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{8B656A4D-D706-4C17-9565-5261987B7764}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{94F79589-FEE1-4600-8C05-C38DFAC3709B}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{A34E16B2-EA6A-424C-99B4-822809012A90}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{A751F8E7-DA58-4B43-B648-A0CBF1BBDE33}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{B08E3A34-A3C8-4C49-BD9E-AC4A96761FEA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B14A5A55-42D5-47E8-8549-B9354DAFCF30}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{CE50F26A-B42D-4B82-8F2B-38CFCDF8EB6E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D3087E8E-E87A-4FA5-A12C-CA25D5644A05}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{D7F4E072-A9F5-417D-AED0-0EDCE3448628}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{DAE8F91F-95A3-469A-8CD3-D0AD4E6A94DA}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{DC67F8BB-AE4F-455B-A5F9-9DFFD14846B9}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{E540F1F2-4817-470A-805E-B3840E02DDF8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E7C9E8AC-A0AD-40D5-9CC6-277CBF607DCA}" = lport=57976 | protocol=6 | dir=in | name=akamai netsession interface | 
"{EC7A9E08-0154-4020-A73C-A7055DBB48A5}" = lport=59970 | protocol=6 | dir=in | name=akamai netsession interface | 
"{FC56C63D-6A18-4407-875F-20CDAC2F591D}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{FFCF2230-ED96-4C41-B9B9-2D8F33717F9E}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A5792F9-5A3C-4BE5-8400-9779F45BB1A5}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{14799621-F344-46FC-A273-0FE3BAD5C35A}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{15E3526F-B238-43E1-A5DE-AB6CD4DACDF0}" = protocol=6 | dir=in | app=c:\program files\roxio\digital home 9\roxioupnprenderer9.exe | 
"{1682F178-1A2E-42C0-9D30-93E449BB34C8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{18D9C22E-C60C-46AA-9C68-ADC12B03EF49}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{1AB8B39F-D9BD-40CE-9FA2-74E548EFF867}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2825C47E-B280-4CE5-A860-61596C7017B2}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\apps\2.0\905ltwad.rex\hxogp4mn.n6o\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe | 
"{2A5C9940-44AF-41B2-A17D-62F2A05D6196}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{2DA401AB-1E12-44BB-A8DE-A30D42E16F1B}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{3C3DB1FA-3B18-4546-8DD2-0A7DEADA9504}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{410A7BE2-1CE5-40FF-82DE-184F77E880AA}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{48855CBD-C253-4C7D-9A9A-579DB07FFF02}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{48B25F86-353D-4635-9AE3-A8DDBF375E05}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\apps\2.0\905ltwad.rex\hxogp4mn.n6o\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe | 
"{4CBED3B5-72A8-4CDB-ADF2-A74361BF4D59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{518F4446-0388-42E4-9274-F42683661ADA}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{55DB299D-57DC-4011-81C3-B0FF0E2B6EC5}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{566F5AC6-C549-4D61-9DCB-AD54A7D9AE96}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{5FC1BE43-C5EB-4314-B79D-4EBD9C125EE3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6426E837-D814-41B1-9FE7-2463BDD8CD16}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6699E87D-3AAB-43C3-966F-6C0D4C3090CC}" = protocol=6 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe | 
"{6989DD07-E1D3-4B5D-AA77-417652B681C4}" = protocol=17 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe | 
"{6B89A43F-25B4-4E8E-AD38-2E8CFE0F3201}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{702FACE1-6F8F-4BF8-B640-2AE1EA275829}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{736D5BF6-D440-427D-9999-30EC8C660764}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{73A94B25-E83C-41DC-AE5C-B07E8C53B58F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{77B53372-A875-4511-8D0F-B05A0926865D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7F49931B-C181-4124-9067-13D75D0D5F0F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{85785B36-FD02-4CB1-9A9E-BA90E2E7AFF4}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{912E21DB-9B38-47A9-970E-9201DB9256A6}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe | 
"{92946682-A2EF-4C1B-BB3C-3FFE1586663D}" = protocol=6 | dir=out | app=system | 
"{94FC8C0C-16A9-431D-92FE-DA24192410FB}" = protocol=6 | dir=in | app=c:\program files\roxio\digital home 9\roxioupnprenderer9.exe | 
"{9CAF373E-90C0-4F88-B63A-5A6C1C7329F8}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{A8AC6FC2-8DE8-45B5-A6F4-284C375BDB50}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{ACF60C3C-39EA-4D78-BAD8-86689B265FEA}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{AD8D4707-90FE-4427-9C02-5E15FD294272}" = protocol=17 | dir=in | app=c:\program files\roxio\digital home 9\roxioupnprenderer9.exe | 
"{B0558042-4221-4FD0-B69A-429DF6A1758D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B152572B-AA70-48A3-84A2-7F06C824B4AB}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe | 
"{B5B62133-180B-4A6D-8DFD-709202C5F860}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B7C17E01-BBAF-4788-B05B-8EC39173C781}" = protocol=17 | dir=in | app=c:\program files\roxio\digital home 9\roxioupnprenderer9.exe | 
"{C2190D5A-89FA-4633-B4B7-5C4E420D7B94}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{DD45D94C-C9BE-4371-AA7C-0CFFE544C8EF}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{DE017049-B22F-47C4-B984-AF15AEE80441}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{E8C990F1-7FFF-4BA6-80E8-4756B88E79B8}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{EC49769A-05D9-4EC3-AA50-110E46EF1F98}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{EDA68388-7309-40C6-8222-35A87DDE47C4}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\apps\2.0\905ltwad.rex\hxogp4mn.n6o\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf149dd7a141\fritzbox-usb-fernanschluss.exe | 
"{EFB8C8E5-C335-44B3-8CE8-19955D973C33}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FA6E1A06-2075-4E47-8585-15B518C8B3D6}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\apps\2.0\905ltwad.rex\hxogp4mn.n6o\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf149dd7a141\fritzbox-usb-fernanschluss.exe | 
"TCP Query User{1E29CCC3-3920-4DCD-950E-2D245530C900}C:\program files\autoit3\autoit3.exe" = protocol=6 | dir=in | app=c:\program files\autoit3\autoit3.exe | 
"TCP Query User{240D411A-8739-47E7-847E-50805D375F21}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{2F7F09B3-1AB1-4D8D-9D03-6949891143B0}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{36ACECEC-F244-4E7A-AE74-306D0D12073D}C:\users\***\desktop\ftp\ftp_upload.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\ftp\ftp_upload.exe | 
"TCP Query User{38A36891-2158-4AD3-BADD-158A2E890CF6}C:\program files\eclipse_php\eclipse.exe" = protocol=6 | dir=in | app=c:\program files\eclipse_php\eclipse.exe | 
"TCP Query User{39EFAEA7-C332-4F81-AD92-53688F62959C}D:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=d:\xampp\mercurymail\mercury.exe | 
"TCP Query User{3A69FBC1-2CF4-4AF9-B47C-31B333CEFEF2}C:\program files\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files\free download manager\fdm.exe | 
"TCP Query User{4A1211A5-29C3-415D-8BD0-4AFED1BE0BE6}D:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=d:\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{4D693D86-2987-4A42-BDAF-BAD0EAA38025}C:\program files\free download manager\fdmwi.exe" = protocol=6 | dir=in | app=c:\program files\free download manager\fdmwi.exe | 
"TCP Query User{4ED92FBF-B353-4952-A133-0BF527A628BB}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{5748DA28-609A-4D29-80D4-ECBE5BC3D230}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{58A627D3-F900-48A6-ADAB-62855FE8C463}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{5CF2525E-76F0-49A5-BA56-AE2064681B6C}C:\users\***\appdata\local\temp\java_ee_sdk-5_01-windows.exe2\package\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\java_ee_sdk-5_01-windows.exe2\package\jre\bin\javaw.exe | 
"TCP Query User{6EC2FBFC-52D7-423E-B639-68CCBA02CD43}C:\program files\eclipse_php\eclipse.exe" = protocol=6 | dir=in | app=c:\program files\eclipse_php\eclipse.exe | 
"TCP Query User{7016A29D-2452-401C-9A73-CB98AFCB3CDC}C:\users\***\desktop\ftp_upload.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\ftp_upload.exe | 
"TCP Query User{750D225A-937F-4FA2-B0D5-1985E7802AD2}C:\program files\eclipse_java\eclipse.exe" = protocol=6 | dir=in | app=c:\program files\eclipse_java\eclipse.exe | 
"TCP Query User{785DD3C1-4B36-4949-992F-EE7A716A6878}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{7BBA5D08-873C-4F1B-99A3-ACA2B84130F2}C:\program files\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files\fritz!\frifax32.exe | 
"TCP Query User{812A91F4-6036-49AA-9E1C-EC7DEB196518}C:\program files\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe | 
"TCP Query User{8D7E8862-7354-4A5B-A992-C8C639A58DB3}D:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=d:\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{94B7B1B5-5783-4765-8728-522C1B7D01D7}C:\program files\roxio\media manager 9\mediamanager9.exe" = protocol=6 | dir=in | app=c:\program files\roxio\media manager 9\mediamanager9.exe | 
"TCP Query User{9CE6D2AB-529B-45C4-9580-C958DD0048A9}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{B1A5C141-334B-4432-B0FF-C7E899987D68}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{B66648B6-AA96-42D9-9F48-681026300F50}D:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=d:\xampp\mercurymail\mercury.exe | 
"TCP Query User{B6E74307-20ED-4161-84A8-76B499133470}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"TCP Query User{C66E6B2A-BC37-4230-B69A-992D979E9C81}C:\users\***\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe | 
"TCP Query User{C8FF536F-FD30-4545-BC2F-1124B4A7DE64}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{CF10F4BD-1A58-436E-99F0-4972A44226BA}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{D50671F9-CDAD-498E-83D8-7E392D7A9925}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe | 
"TCP Query User{D8CF24C1-2C7E-4A5F-9D8A-A7B37858D034}C:\program files\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\program files\eclipse\eclipse.exe | 
"TCP Query User{DD7F8C7B-7639-4280-BE0E-484CEC4C6133}C:\program files\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files\qip infium\infium.exe | 
"TCP Query User{DFD5B921-D41B-4A28-A2A5-FAEE7F3A18DF}S:\ftp_upload.exe" = protocol=6 | dir=in | app=s:\ftp_upload.exe | 
"TCP Query User{EDDFAD7D-4ED8-4CF6-A337-C41A98F36E6E}D:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=d:\xampp\apache\bin\apache.exe | 
"TCP Query User{EF6D0B02-3E68-4894-B6A4-AB11F21417E6}C:\program files\tools&more\ftp-watchdog\ftp-watchdog.exe" = protocol=6 | dir=in | app=c:\program files\tools&more\ftp-watchdog\ftp-watchdog.exe | 
"TCP Query User{FBC27D9D-0715-4339-8608-3ABFE2C35733}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 
"TCP Query User{FFEA5588-0E35-4091-AA72-D145DBC7C631}C:\program files\ea games\battlefield vietnam\bfvietnam.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield vietnam\bfvietnam.exe | 
"UDP Query User{08F4FA9D-FCB7-4F53-B378-E65DE0967133}C:\program files\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe | 
"UDP Query User{1313BE65-48DA-442F-A47A-6808D9E1E247}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe | 
"UDP Query User{2468DAAD-DC98-4754-9515-8654EF29D6D3}C:\program files\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files\free download manager\fdm.exe | 
"UDP Query User{26E54034-0A57-4380-B55D-7315AF3B1D69}C:\program files\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\program files\eclipse\eclipse.exe | 
"UDP Query User{2DC9B90B-BC3C-4547-B543-08B78DA175C8}C:\users\***\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe | 
"UDP Query User{3095CB1E-9456-4B4F-AC8F-69B3A00EB18C}C:\users\***\desktop\ftp\ftp_upload.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\ftp\ftp_upload.exe | 
"UDP Query User{41297A98-EBC4-4D4B-A910-72C55BEB7861}D:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=d:\xampp\apache\bin\apache.exe | 
"UDP Query User{42AB49C0-1487-4535-AFF0-93B78818AB10}C:\program files\ea games\battlefield vietnam\bfvietnam.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield vietnam\bfvietnam.exe | 
"UDP Query User{43E90028-493F-46E9-9434-F57B5881719A}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{44F2B339-0837-43A6-87C4-C334D7B4E560}D:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=d:\xampp\mercurymail\mercury.exe | 
"UDP Query User{4E7A0E5E-F8D8-45D0-A78F-37C1D883259E}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{539745CF-799A-4CE5-92ED-1D2848E985AB}S:\ftp_upload.exe" = protocol=17 | dir=in | app=s:\ftp_upload.exe | 
"UDP Query User{55ED0E9B-B8E3-4D99-BD71-7324F7AF4106}C:\program files\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files\fritz!\frifax32.exe | 
"UDP Query User{58AE65B8-BE52-4B94-98F9-27DFC5EB5C84}D:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=d:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{632A76DF-BAB3-40EB-9F8B-D11FDF75925E}C:\program files\roxio\media manager 9\mediamanager9.exe" = protocol=17 | dir=in | app=c:\program files\roxio\media manager 9\mediamanager9.exe | 
"UDP Query User{6973628D-06F7-41B3-BEC1-788DC8ABCF37}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{69B0D8B3-AE59-4D42-9373-88228A550CFC}C:\program files\free download manager\fdmwi.exe" = protocol=17 | dir=in | app=c:\program files\free download manager\fdmwi.exe | 
"UDP Query User{70B31052-81A2-4D97-A1DE-DC5CEB5107D7}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{73785514-9172-4413-A1F6-0A97ECF442EA}C:\users\***\desktop\ftp_upload.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\ftp_upload.exe | 
"UDP Query User{782D8478-788B-4240-BC24-DD56678F5C4C}C:\program files\tools&more\ftp-watchdog\ftp-watchdog.exe" = protocol=17 | dir=in | app=c:\program files\tools&more\ftp-watchdog\ftp-watchdog.exe | 
"UDP Query User{7BBB0B3C-F346-4878-AFBF-15793E69C9A0}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{84F0DA1C-1ED9-4645-9EB1-D11B84F5811C}C:\program files\eclipse_php\eclipse.exe" = protocol=17 | dir=in | app=c:\program files\eclipse_php\eclipse.exe | 
"UDP Query User{9BF823E1-3DF6-418B-A285-ACF55F7251F7}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{A4113F3C-065A-4038-B3E8-52F8761DB70F}C:\program files\autoit3\autoit3.exe" = protocol=17 | dir=in | app=c:\program files\autoit3\autoit3.exe | 
"UDP Query User{A82F46E7-061D-49F5-BD51-00E20748E9CC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{A994E470-B8EF-4427-AD88-B943AABAD702}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{AACC1587-FC6A-492C-9B79-379A7FD8A2D6}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 
"UDP Query User{AD8CB5FD-2803-4B66-9CB7-A04F8E45C194}C:\users\***\appdata\local\temp\java_ee_sdk-5_01-windows.exe2\package\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\java_ee_sdk-5_01-windows.exe2\package\jre\bin\javaw.exe | 
"UDP Query User{B3142362-6B49-4D27-979A-341FD9599BE2}D:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=d:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{B51EC2D4-E138-422C-B84F-497FC4C20474}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{B5BBF6D2-E581-4FCF-A9D5-C6153490352D}D:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=d:\xampp\mercurymail\mercury.exe | 
"UDP Query User{B8FC186F-1038-4230-A588-2DAE6DFE3173}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{D5D802F1-24D5-4B85-B1DC-309357259B3B}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"UDP Query User{DB902A17-BFE0-43EC-91DA-51B769B8F24C}C:\program files\eclipse_php\eclipse.exe" = protocol=17 | dir=in | app=c:\program files\eclipse_php\eclipse.exe | 
"UDP Query User{E9F6969C-C596-4956-A0B2-61AF1ABA0EB6}C:\program files\eclipse_java\eclipse.exe" = protocol=17 | dir=in | app=c:\program files\eclipse_java\eclipse.exe | 
"UDP Query User{F842293A-406A-4FA9-BF52-8D72114DC6B0}C:\program files\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files\qip infium\infium.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{127B684B-A002-44C8-99A7-6CF8F1E26873}" = PunkBuster für Battlefield 1942
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}" = Microsoft SQL Server Compact 3.5 DEU
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{217B8A26-B479-4361-8771-57E323D6F991}" = EtikettenAssistent 4.0
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 15
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War
"{3248F0A8-6813-11D6-A77B-00B0D0150210}" = J2SE Runtime Environment 5.0 Update 21
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{32A3A4F4-B792-11D6-A78A-00B0D0150210}" = J2SE Development Kit 5.0 Update 21
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52C97E71-DC72-4BFC-8F27-3DD60228FBAF}" = FTP-Watchdog
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{602A58C3-BDF2-4B8A-B9D3-B6D9BACA386A}" = Dir-It!
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B077B8C-5942-4341-0001-3BCE3C625DB1}" = Webclip zu mp3 Konverter
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}" = Symantec AntiVirus
"{7FC5ACB7-6DA1-4774-0001-2A11ECEB8D31}" = i-Studio 4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8944ED10-DBF2-4FA9-8B5D-D7E1B046C761}_is1" = ColdCut
"{89F1F5CF-144F-466B-A939-1675B0022ADE}" = Pacemaker Editor
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{A625D45F-1DC4-47FB-ABCF-6B27684AA717}" = OpenOffice.org 2.3
"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A99968BE-C155-474C-0089-33239DEE1CE2}" = NFS Underground
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEM384L1-28E3-1232-1233-1JD74JDIEK32}_is1" = PDFTigerDriver
"{AFDFC350-C142-4790-BE12-8357AECD028F}" = SyncToy 2.0 (x86)
"{B01CB0F0-63C0-431D-9497-87B9B4131E9D}" = Ski Racing 2006 Demo
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1AD83A0-DC92-41E3-B111-E9472349768C}" = RollerCoaster Tycoon 2: Wacky Worlds
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D9226EB1-C528-48AC-B423-BD9240E1F60B}" = Opera 9.62
"{DE252510-5687-4C60-A705-C43E19F12C9D}_is1" = PDFTiger Kernel
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}" = ANNO 1503
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2981339-823E-4C62-9C6F-6733BAEE9EF5}" = Paragon Festplatten Manager 2009 Kompakt
"{F989306B-9287-444F-AE73-E30C7E4AF0F5}" = Battlefield Vietnam: WW2 Mod
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Akamai" = Akamai NetSession Interface
"ATI Uninstaller" = ATI Uninstaller
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 5.0.0.609
"CCleaner" = CCleaner
"Clickster162" = Clickster
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DJ Music Mixer" = DJ Music Mixer
"FastStone Capture" = FastStone Capture 5.3
"ffdshow_is1" = ffdshow [rev 2946] [2009-05-15]
"FileZilla Client" = FileZilla Client 3.2.4.1
"Flight Simulator 8.0" = Microsoft Flight Simulator 2002
"Free Download Manager_is1" = Free Download Manager 3.0
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"HijackThis" = HijackThis 2.0.2
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"Island Wars_is1" = Island Wars v1.20
"Java Platform, Enterprise Edition 5 SDK" = Java Platform, Enterprise Edition 5 SDK
"KraMixer DJ Software_is1" = KraMixer DJ Software 1.0.3.3
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LogonStudio" = LogonStudio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mein Pferdehof_is1" = Mein Pferdehof 1.0
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mikogo" = Mikogo
"Mixxx" = Mixxx 1.7.2
"Mozilla ActiveX Control v1.7.7" = Mozilla ActiveX Control v1.7.7
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mp3tag" = Mp3tag v2.45a
"Need for Speed High Stakes" = Need for Speed
"PDFTiger_is1" = PDFTiger
"RollerCoaster Tycoon Setup" = Roll
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Vips_is1" = Vips 1.1
"VLC media player" = VLC media player 1.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = GIMP 2.6.8
"xampp" = XAMPP 1.6.8
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 09.07.2009 06:44:48 | Computer Name = Dreher01 | Source = Symantec AntiVirus | ID = 16711725
Description =       SYMANTEC MANIPULATIONSSCHUTZ WARNMELDUNG    Ziel:  C:\Program Files\Symantec
 AntiVirus\Rtvscan.exe  Ereignisinfo:  Informationen festlegen Vorgang  Durchgeführte
 Aktion:  Blockiert  Angreifender Prozess:  C:\Program Files\EA GAMES\Battlefield 
2\BF2.exe (PID 5216)  Zeit:  Donnerstag, 9. Juli 2009  12:44:48
 
Error - 09.07.2009 06:44:49 | Computer Name = Dreher01 | Source = Symantec AntiVirus | ID = 16711725
Description =       SYMANTEC MANIPULATIONSSCHUTZ WARNMELDUNG    Ziel:  C:\Program Files\Common
 Files\Symantec Shared\ccSvcHst.exe  Ereignisinfo:  Informationen festlegen Vorgang
Durchgeführte
 Aktion:  Blockiert  Angreifender Prozess:  C:\Program Files\EA GAMES\Battlefield 
2\BF2.exe (PID 5216)  Zeit:  Donnerstag, 9. Juli 2009  12:44:49
 
Error - 09.07.2009 06:44:49 | Computer Name = Dreher01 | Source = Symantec AntiVirus | ID = 16711725
Description =       SYMANTEC MANIPULATIONSSCHUTZ WARNMELDUNG    Ziel:  C:\Program Files\Symantec
 AntiVirus\DefWatch.exe  Ereignisinfo:  Informationen festlegen Vorgang  Durchgeführte
 Aktion:  Blockiert  Angreifender Prozess:  C:\Program Files\EA GAMES\Battlefield 
2\BF2.exe (PID 5216)  Zeit:  Donnerstag, 9. Juli 2009  12:44:49
 
Error - 09.07.2009 06:44:49 | Computer Name = Dreher01 | Source = Symantec AntiVirus | ID = 16711725
Description =       SYMANTEC MANIPULATIONSSCHUTZ WARNMELDUNG    Ziel:  C:\Program Files\Symantec
 AntiVirus\Rtvscan.exe  Ereignisinfo:  Informationen festlegen Vorgang  Durchgeführte
 Aktion:  Blockiert  Angreifender Prozess:  C:\Program Files\EA GAMES\Battlefield 
2\BF2.exe (PID 5216)  Zeit:  Donnerstag, 9. Juli 2009  12:44:49
 
Error - 09.07.2009 06:44:49 | Computer Name = Dreher01 | Source = Symantec AntiVirus | ID = 16711725
Description =       SYMANTEC MANIPULATIONSSCHUTZ WARNMELDUNG    Ziel:  C:\Program Files\Common
 Files\Symantec Shared\ccSvcHst.exe  Ereignisinfo:  Informationen festlegen Vorgang
Durchgeführte
 Aktion:  Blockiert  Angreifender Prozess:  C:\Program Files\EA GAMES\Battlefield 
2\BF2.exe (PID 5216)  Zeit:  Donnerstag, 9. Juli 2009  12:44:49
 
Error - 09.07.2009 06:44:49 | Computer Name = Dreher01 | Source = Symantec AntiVirus | ID = 16711725
Description =       SYMANTEC MANIPULATIONSSCHUTZ WARNMELDUNG    Ziel:  C:\Program Files\Symantec
 AntiVirus\DefWatch.exe  Ereignisinfo:  Informationen festlegen Vorgang  Durchgeführte
 Aktion:  Blockiert  Angreifender Prozess:  C:\Program Files\EA GAMES\Battlefield 
2\BF2.exe (PID 5216)  Zeit:  Donnerstag, 9. Juli 2009  12:44:49
 
Error - 09.07.2009 06:44:49 | Computer Name = Dreher01 | Source = Symantec AntiVirus | ID = 16711725
Description =       SYMANTEC MANIPULATIONSSCHUTZ WARNMELDUNG    Ziel:  C:\Program Files\Symantec
 AntiVirus\Rtvscan.exe  Ereignisinfo:  Informationen festlegen Vorgang  Durchgeführte
 Aktion:  Blockiert  Angreifender Prozess:  C:\Program Files\EA GAMES\Battlefield 
2\BF2.exe (PID 5216)  Zeit:  Donnerstag, 9. Juli 2009  12:44:49
 
Error - 09.07.2009 06:44:50 | Computer Name = Dreher01 | Source = Symantec AntiVirus | ID = 16711725
Description =       SYMANTEC MANIPULATIONSSCHUTZ WARNMELDUNG    Ziel:  C:\Program Files\Common
 Files\Symantec Shared\ccSvcHst.exe  Ereignisinfo:  Informationen festlegen Vorgang
Durchgeführte
 Aktion:  Blockiert  Angreifender Prozess:  C:\Program Files\EA GAMES\Battlefield 
2\BF2.exe (PID 5216)  Zeit:  Donnerstag, 9. Juli 2009  12:44:50
 
Error - 09.07.2009 06:44:50 | Computer Name = Dreher01 | Source = Symantec AntiVirus | ID = 16711725
Description =       SYMANTEC MANIPULATIONSSCHUTZ WARNMELDUNG    Ziel:  C:\Program Files\Symantec
 AntiVirus\DefWatch.exe  Ereignisinfo:  Informationen festlegen Vorgang  Durchgeführte
 Aktion:  Blockiert  Angreifender Prozess:  C:\Program Files\EA GAMES\Battlefield 
2\BF2.exe (PID 5216)  Zeit:  Donnerstag, 9. Juli 2009  12:44:50
 
Error - 09.07.2009 06:44:50 | Computer Name = Dreher01 | Source = Symantec AntiVirus | ID = 16711725
Description =       SYMANTEC MANIPULATIONSSCHUTZ WARNMELDUNG    Ziel:  C:\Program Files\Symantec
 AntiVirus\Rtvscan.exe  Ereignisinfo:  Informationen festlegen Vorgang  Durchgeführte
 Aktion:  Blockiert  Angreifender Prozess:  C:\Program Files\EA GAMES\Battlefield 
2\BF2.exe (PID 5216)  Zeit:  Donnerstag, 9. Juli 2009  12:44:50
 
[ System Events ]
Error - 13.04.2010 15:48:29 | Computer Name = DavidsPC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "ACER" aus.
 
Error - 13.04.2010 15:48:29 | Computer Name = DavidsPC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "ACER" aus.
 
Error - 13.04.2010 15:48:29 | Computer Name = DavidsPC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "ACER" aus.
 
Error - 13.04.2010 15:48:29 | Computer Name = DavidsPC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "ACER" aus.
 
Error - 13.04.2010 15:48:29 | Computer Name = DavidsPC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "C:" aus.
 
Error - 13.04.2010 15:48:29 | Computer Name = DavidsPC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "C:" aus.
 
Error - 13.04.2010 15:48:29 | Computer Name = DavidsPC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "ACER" aus.
 
Error - 13.04.2010 23:25:58 | Computer Name = DavidsPC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 13.04.2010 23:25:57 | Computer Name = DavidsPC | Source = BTHUSB | ID = 327685
Description = Der Bluetooth-Treiber hat ein HCI-Ereignis mit einer bestimmten Größe
 erwartet, das aber nicht empfangen wurde.
 
Error - 14.04.2010 07:47:24 | Computer Name = DavidsPC | Source = BTHUSB | ID = 327685
Description = Der Bluetooth-Treiber hat ein HCI-Ereignis mit einer bestimmten Größe
 erwartet, das aber nicht empfangen wurde.
 
[ TuneUp Events ]
Error - 12.04.2010 00:18:03 | Computer Name = DavidsPC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-12 06:18:03', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\test123.exe','4836',0)
 
Error - 12.04.2010 09:56:58 | Computer Name = DavidsPC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-12 15:56:58', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\test123.exe','2776',0)
 
Error - 12.04.2010 11:46:40 | Computer Name = DavidsPC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-12 17:46:40', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\test123.exe','4316',0)
 
Error - 12.04.2010 11:51:16 | Computer Name = DavidsPC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-12 17:51:16', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\test123.exe','1328',0)
 
Error - 12.04.2010 12:37:28 | Computer Name = DavidsPC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-12 18:37:28', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\test123.exe','4580',0)
 
Error - 12.04.2010 12:37:33 | Computer Name = DavidsPC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-12 18:37:33', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\test123.exe','5656',0)
 
Error - 12.04.2010 12:39:03 | Computer Name = DavidsPC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-12 18:39:03', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\test123.exe','4456',0)
 
Error - 13.04.2010 07:19:11 | Computer Name = DavidsPC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-13 13:19:11', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\test123.exe','5608',0)
 
Error - 13.04.2010 14:57:34 | Computer Name = DavidsPC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-13 20:57:34', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\test123.exe','2360',0)
 
Error - 13.04.2010 23:26:10 | Computer Name = DavidsPC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-14 05:26:10', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\test123.exe','2360',1)
 
 
< End of report >
         
__________________

Geändert von dredav (14.04.2010 um 17:12 Uhr)

Alt 14.04.2010, 16:38   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Angefangen hat es mit Antimalware Doctor... - Standard

Angefangen hat es mit Antimalware Doctor...



Ja bitte alles entfernen!!
Mach danach bitte nen Durchgang mit CF:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.04.2010, 17:13   #5
dredav
 
Angefangen hat es mit Antimalware Doctor... - Standard

Angefangen hat es mit Antimalware Doctor...



OTL.txt
Code:
ATTFilter
OTL logfile created on: 14.04.2010 16:37:04 - Run 1
OTL by OldTimer - Version 3.2.1.1     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 51,00% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,81 Gb Total Space | 6,71 Gb Free Space | 2,92% Space Free | Partition Type: NTFS
Drive D: | 229,11 Gb Total Space | 119,09 Gb Free Space | 51,98% Space Free | Partition Type: NTFS
Drive E: | 3,92 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 698,63 Gb Total Space | 77,17 Gb Free Space | 11,05% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DAVIDSPC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\test123.exe (Malwarebytes Corporation)
PRC - C:\Programme\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Windows\System32\msfeedssync.exe (Microsoft Corporation)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\QIP Infium\infium.exe (QIP)
PRC - C:\Programme\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
PRC - d:\xampp\mysql\bin\mysqld-nt.exe ()
PRC - D:\xampp\apache\bin\apache.exe (Apache Software Foundation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Programme\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Programme\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\Weaverslave\weaversl.exe (subjective reality)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (RoxLiveShare9) --  File not found
SRV - (Akamai) -- c:\Programme\Common Files\Akamai\rswin_3653.dll ()
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (B-Service) -- C:\Users\***\AppData\Roaming\Mikogo\B-Service.exe ()
SRV - (mysql) -- d:\xampp\mysql\bin\mysqld-nt.exe ()
SRV - (Apache2.2) -- D:\xampp\apache\bin\apache.exe (Apache Software Foundation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100408.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100408.002\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\vboxnetadp.sys (Sun Microsystems, Inc.)
DRV - (VBoxUSB) -- C:\Windows\System32\drivers\vboxusb.sys (Sun Microsystems, Inc.)
DRV - (avmaura) -- C:\Windows\System32\drivers\avmaura.sys (AVM Berlin)
DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon)
DRV - (hotcore3) -- C:\Windows\system32\DRIVERS\hotcore3.sys (Paragon Software Group)
DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (dsltestSp5) -- C:\Windows\System32\drivers\dsltestsp5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (DslMNLwf) -- C:\Windows\System32\drivers\dslmnlwf.sys (T-Systems Enterprise Services GmbH)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s115mgmt.sys (MCCI Corporation)
DRV - (s115obex) -- C:\Windows\System32\drivers\s115obex.sys (MCCI Corporation)
DRV - (s115mdm) -- C:\Windows\System32\drivers\s115mdm.sys (MCCI Corporation)
DRV - (s115mdfl) -- C:\Windows\System32\drivers\s115mdfl.sys (MCCI Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\e1g60i32.sys (Intel Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (RTLWUSB) -- C:\Windows\System32\drivers\wg111v2.sys (NETGEAR Inc.)
DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\Windows\System32\drivers\k750bus.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://de.intl.acer.yahoo.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = h**p://de.rd.yahoo.com/customize/ycomp/defaults/sp/*h**p://de.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = h**p://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "h**p://www.google.de/search?hl=de&btnG=Suche&meta=&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "h**p://www.christus-portal.net/"
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.6.2
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.3
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}:5.0.21
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.2
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.2
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.8
FF - prefs.js..keyword.URL: "h**p://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.03 00:28:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.03 00:28:04 | 000,000,000 | ---D | M]
 
[2009.11.23 23:07:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2009.11.23 23:07:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org
[2010.04.13 16:49:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions
[2010.03.17 06:25:16 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009.09.03 18:37:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.26 19:14:45 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010.02.22 20:09:01 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010.01.19 06:39:32 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010.03.31 05:27:33 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010.02.19 11:15:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.03.29 19:10:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions\twitternotifier@naan.net
[2010.04.11 21:03:22 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.09.24 20:55:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
[2008.06.18 15:11:35 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\inspector@mozilla.org
[2010.03.14 20:22:17 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.14 20:22:17 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.14 20:22:17 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.14 20:22:18 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.14 20:22:18 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\test123.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (rootkit-scan)] C:\Program Files\Malwarebytes' Anti-Malware\test123.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RegistryMonitor1] C:\Windows\System32\qtplugin.exe ()
O4 - HKCU..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rkill.com ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {162247AF-26A7-44FC-A93A-69506EA244F3} https://maxdomeaccount.1und1.de/presentation/script/HWTest.CAB (HWTest.HWTestControl)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} h**p://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} h**p://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab (Java Plug-in 1.5.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} h**p://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (rundll32.exe) -  File not found
O20 - HKLM Winlogon: Shell - (bnis.mxo) - C:\Windows\System32\bnis.mxo ()
O20 - HKLM Winlogon: Shell - (yfklng) -  File not found
O20 - HKLM Winlogon: UserInit - (C:\Users\***\AppData\Roaming\sdra64.exe) - C:\Users\***\AppData\Roaming\sdra64.exe ()
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.02.25 18:24:44 | 000,000,051 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{44462aac-3261-11dd-be1d-001c253200eb}\Shell\AutoRun\command - "" = J:\setupSNK.exe -- File not found
O33 - MountPoints2\{896f6dc2-2250-11dd-8142-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{896f6dc2-2250-11dd-8142-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Install.exe -- [2004.10.21 19:38:02 | 000,126,976 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\{bc3d89bc-6556-11dd-b14d-001c253200eb}\Shell - "" = AutoRun
O33 - MountPoints2\{bc3d89bc-6556-11dd-b14d-001c253200eb}\Shell\AutoRun\command - "" = L:\autorun.exe -- File not found
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.04.13 15:57:05 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Roaming\lowsec
[2010.04.13 13:18:11 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.04.12 18:15:12 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.04.12 18:15:11 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.11 22:55:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.04.11 22:52:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.11 22:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.11 22:52:42 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.11 22:52:41 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.11 22:32:13 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\stu2.exe
[2010.04.10 10:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2010.04.06 20:16:18 | 000,147,456 | ---- | C] (Bullzip) -- C:\Windows\System32\bzpdfc.dll
[2010.04.06 20:16:15 | 000,187,392 | ---- | C] (BullZip) -- C:\Windows\System32\bzpdf.dll
[2010.04.06 20:16:11 | 000,000,000 | ---D | C] -- C:\Programme\Bullzip
[2010.04.06 19:59:05 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\HERMA
[2010.04.06 19:59:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\HERMA
[2010.04.06 19:56:09 | 000,000,000 | ---D | C] -- C:\Programme\HERMA
[2010.04.06 19:56:09 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\HERMA
[2010.04.06 19:53:18 | 000,000,000 | ---D | C] -- C:\HERMA
[2010.04.05 19:23:25 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\TikGames
[2010.03.22 13:35:49 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\monopoly
[2010.03.17 14:12:59 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\DivX Movies
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.04.14 16:42:49 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{68DF07D3-E9A3-4CD2-BB5C-FD15BB6BA5B3}.job
[2010.04.14 16:42:43 | 003,932,160 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.04.14 16:10:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.14 15:47:21 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.14 15:47:21 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.14 13:47:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.14 06:10:04 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ca5ac8caf1400.job
[2010.04.13 20:24:25 | 001,427,404 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.13 20:24:25 | 000,621,704 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.13 20:24:25 | 000,589,884 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.13 20:24:25 | 000,123,654 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.13 20:24:25 | 000,101,896 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.13 13:18:49 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.04.13 06:06:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.13 06:05:34 | 3489,128,448 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.13 05:40:52 | 000,481,280 | ---- | M] () -- C:\Windows\System32\qtplugin.exe
[2010.04.12 21:59:50 | 000,019,968 | ---- | M] () -- C:\Windows\System32\bnis.mxo
[2010.04.12 21:39:07 | 002,467,747 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.04.12 21:29:18 | 000,008,192 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\AtiPcie.sys
[2010.04.12 19:57:29 | 000,244,736 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.12 19:06:38 | 310,854,656 | ---- | M] () -- C:\Users\***\Desktop\backup.pst
[2010.04.12 17:58:37 | 000,781,909 | ---- | M] () -- C:\Users\***\Desktop\RSIT.exe
[2010.04.12 06:38:44 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.04.12 06:38:42 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.04.12 06:38:42 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.04.11 23:11:30 | 000,000,945 | ---- | M] () -- C:\Users\***\Desktop\test123 - Verknüpfung.lnk
[2010.04.11 23:08:44 | 002,279,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.04.11 22:39:22 | 000,001,181 | ---- | M] () -- C:\ProgramData\_VOIDmfeklnmal.dll
[2010.04.11 22:37:21 | 000,363,520 | ---- | M] () -- C:\Users\***\Desktop\rkill.com
[2010.04.11 22:37:21 | 000,363,520 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rkill.com
[2010.04.11 17:55:33 | 000,001,498 | ---- | M] () -- C:\Users\***\.recently-used.xbel
[2010.04.10 20:46:25 | 000,089,176 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.04.10 10:05:07 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
[2010.04.10 07:34:48 | 000,000,256 | ---- | M] () -- C:\Windows\System32\pool.bin
[2010.04.10 00:06:00 | 000,558,846 | ---- | M] () -- C:\Users\***\Desktop\IMG00271.jpg
[2010.04.10 00:05:51 | 000,053,364 | ---- | M] () -- C:\Users\***\Desktop\IMG00269.jpg
[2010.04.10 00:03:11 | 000,000,256 | ---- | M] () -- C:\Users\***\Documents\pool.bin
[2010.04.09 23:33:42 | 004,357,332 | ---- | M] () -- C:\Users\***\Documents\LoaderBackup-(2010-04-09).ipd
[2010.04.09 23:09:43 | 004,357,133 | ---- | M] () -- C:\Users\***\Documents\AutoBackup-(2010-04-09).ipd
[2010.04.09 22:58:32 | 000,000,292 | ---- | M] () -- C:\Windows\win.ini
[2010.04.07 15:11:29 | 000,190,464 | ---- | M] () -- C:\Users\***\Desktop\Bericht.doc
[2010.04.06 22:42:55 | 000,008,785 | ---- | M] () -- C:\Users\***\Desktop\ZeitRechner.jar
[2010.04.06 22:29:29 | 000,000,127 | ---- | M] () -- C:\Users\***\AppData\Roaming\Rest_Rechner.dat
[2010.04.06 20:09:09 | 000,020,480 | ---- | M] () -- C:\Users\***\Documents\Alberts Hauslikör.doc
[2010.04.06 20:09:09 | 000,000,300 | ---- | M] () -- C:\Users\***\Documents\Alberts Hauslikör.hea
[2010.04.06 20:09:09 | 000,000,162 | -H-- | M] () -- C:\Users\***\Documents\~$berts Hauslikör.doc
[2010.04.06 10:06:41 | 004,948,829 | ---- | M] () -- C:\Users\***\Desktop\Right Round.mp3
[2010.04.06 10:01:51 | 000,000,463 | ---- | M] () -- C:\Users\***\Desktop\Spielfilme.lnk
[2010.04.06 10:01:37 | 000,000,447 | ---- | M] () -- C:\Users\***\Desktop\Serien.lnk
[2010.04.03 10:57:16 | 000,138,384 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.04.03 10:56:53 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.04.02 20:54:23 | 000,012,582 | ---- | M] () -- C:\Users\***\Desktop\Rechnung_4951368774631300138423.pdf
[2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.03.29 19:46:00 | 001,113,692 | ---- | M] () -- C:\Users\***\Documents\englisch_zeiten.jpg
[2010.03.29 19:46:00 | 000,128,673 | ---- | M] () -- C:\Users\***\Documents\johanna_passbild.jpg
[2010.03.18 07:56:27 | 005,260,393 | ---- | M] () -- C:\Users\***\Desktop\Whatcha say.mp3
[2010.03.16 21:51:16 | 000,000,256 | ---- | M] () -- C:\Users\***\AppData\Roaming\Rest_Rechner_V1_2.ini
[2010.03.16 21:51:06 | 000,018,672 | ---- | M] () -- C:\Users\***\Desktop\Rest_Rechner_V1.2.jar
[2010.03.16 21:49:31 | 000,056,320 | ---- | M] () -- C:\Users\***\Documents\Kriegsverlauf.doc
[2010.03.15 22:25:59 | 005,034,065 | ---- | M] () -- C:\Users\***\Documents\AutoBackup-(2010-03-15).ipd
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.04.13 05:41:21 | 000,481,280 | ---- | C] () -- C:\Windows\System32\qtplugin.exe
[2010.04.12 22:00:22 | 000,019,968 | ---- | C] () -- C:\Windows\System32\bnis.mxo
[2010.04.12 18:58:37 | 310,854,656 | ---- | C] () -- C:\Users\***\Desktop\backup.pst
[2010.04.12 17:57:43 | 000,781,909 | ---- | C] () -- C:\Users\***\Desktop\RSIT.exe
[2010.04.12 17:45:05 | 3489,128,448 | -HS- | C] () -- C:\hiberfil.sys
[2010.04.12 05:45:08 | 000,363,520 | ---- | C] () -- C:\Users\***\Desktop\rkill.com
[2010.04.11 23:11:30 | 000,000,945 | ---- | C] () -- C:\Users\***\Desktop\test123 - Verknüpfung.lnk
[2010.04.11 23:10:09 | 000,363,520 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rkill.com
[2010.04.11 22:39:22 | 000,001,181 | ---- | C] () -- C:\ProgramData\_VOIDmfeklnmal.dll
[2010.04.11 17:55:33 | 000,001,498 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2010.04.10 10:05:07 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
[2010.04.10 00:03:11 | 000,000,256 | ---- | C] () -- C:\Users\***\Documents\pool.bin
[2010.04.09 23:33:42 | 004,357,332 | ---- | C] () -- C:\Users\***\Documents\LoaderBackup-(2010-04-09).ipd
[2010.04.09 23:31:08 | 000,053,364 | ---- | C] () -- C:\Users\***\Desktop\IMG00269.jpg
[2010.04.09 23:28:08 | 000,558,846 | ---- | C] () -- C:\Users\***\Desktop\IMG00271.jpg
[2010.04.09 23:09:42 | 004,357,133 | ---- | C] () -- C:\Users\***\Documents\AutoBackup-(2010-04-09).ipd
[2010.04.07 15:11:29 | 000,190,464 | ---- | C] () -- C:\Users\***\Desktop\Bericht.doc
[2010.04.06 22:42:54 | 000,008,785 | ---- | C] () -- C:\Users\***\Desktop\ZeitRechner.jar
[2010.04.06 22:29:29 | 000,000,127 | ---- | C] () -- C:\Users\***\AppData\Roaming\Rest_Rechner.dat
[2010.04.06 20:09:09 | 000,020,480 | ---- | C] () -- C:\Users\***\Documents\Alberts Hauslikör.doc
[2010.04.06 20:09:09 | 000,000,162 | -H-- | C] () -- C:\Users\***\Documents\~$berts Hauslikör.doc
[2010.04.06 20:09:08 | 000,000,300 | ---- | C] () -- C:\Users\***\Documents\Alberts Hauslikör.hea
[2010.04.06 10:01:12 | 000,000,463 | ---- | C] () -- C:\Users\***\Desktop\Spielfilme.lnk
[2010.04.06 10:01:12 | 000,000,447 | ---- | C] () -- C:\Users\***\Desktop\Serien.lnk
[2010.04.05 00:37:17 | 004,948,829 | ---- | C] () -- C:\Users\***\Desktop\Right Round.mp3
[2010.04.02 20:54:23 | 000,012,582 | ---- | C] () -- C:\Users\***\Desktop\Rechnung_4951368774631300138423.pdf
[2010.03.29 19:46:00 | 001,113,692 | ---- | C] () -- C:\Users\***\Documents\englisch_zeiten.jpg
[2010.03.29 19:46:00 | 000,128,673 | ---- | C] () -- C:\Users\***\Documents\johanna_passbild.jpg
[2010.03.16 21:51:16 | 000,000,256 | ---- | C] () -- C:\Users\***\AppData\Roaming\Rest_Rechner_V1_2.ini
[2010.03.16 21:51:06 | 000,018,672 | ---- | C] () -- C:\Users\***\Desktop\Rest_Rechner_V1.2.jar
[2010.03.16 21:06:51 | 000,056,320 | ---- | C] () -- C:\Users\***\Documents\Kriegsverlauf.doc
[2010.03.16 07:29:14 | 005,260,393 | ---- | C] () -- C:\Users\***\Desktop\Whatcha say.mp3
[2010.03.15 22:25:59 | 005,034,065 | ---- | C] () -- C:\Users\***\Documents\AutoBackup-(2010-03-15).ipd
[2010.02.21 20:29:36 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2010.02.19 09:41:02 | 000,207,360 | R--- | C] () -- C:\Users\***\AppData\Roaming\sdra64.exe
[2010.02.19 09:40:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.02.16 15:13:55 | 000,102,462 | ---- | C] () -- C:\Windows\System32\DspFx.dll
[2010.01.28 17:50:50 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.01.24 00:10:29 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2010.01.24 00:10:29 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2010.01.24 00:10:27 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009.12.14 22:57:25 | 000,000,701 | ---- | C] () -- C:\Users\***\AppData\Roaming\init.dll
[2009.12.14 22:57:18 | 000,000,701 | ---- | C] () -- C:\Users\***\AppData\Roaming\sound.dll
[2009.12.13 22:41:20 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.12.13 08:17:28 | 000,000,534 | ---- | C] () -- C:\Users\***\AppData\Roaming\flashplayer.html
[2009.12.11 07:34:59 | 000,116,736 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.12.11 07:34:40 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL
[2009.11.21 08:43:35 | 000,000,311 | ---- | C] () -- C:\Users\***\.authorrc1
[2009.11.21 08:41:01 | 000,000,097 | ---- | C] () -- C:\Users\***\EditLiveForJava.ini
[2009.09.29 21:32:40 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2009.09.24 20:40:34 | 000,000,112 | ---- | C] () -- C:\Users\***\.asadminpass
[2009.09.24 20:40:25 | 000,000,773 | ---- | C] () -- C:\Users\***\.asadmintruststore
[2009.08.31 14:03:42 | 000,262,144 | ---- | C] () -- C:\Windows\System32\EMRegSys.dll
[2009.07.09 18:59:41 | 000,138,384 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.06.27 11:20:42 | 000,000,753 | ---- | C] () -- C:\Users\***\SciTE.session
[2009.06.27 11:00:22 | 000,031,076 | ---- | C] () -- C:\Users\***\abbrev.properties
[2008.11.11 22:56:34 | 000,018,944 | ---- | C] () -- C:\Windows\System32\wk32.dll
[2008.11.11 22:56:34 | 000,003,584 | ---- | C] () -- C:\Windows\System32\ic32.dll
[2008.10.22 06:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008.09.16 02:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.09.16 02:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008.09.16 02:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008.09.16 02:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.09.15 17:28:34 | 003,035,136 | ---- | C] () -- C:\Users\***\AppData\Local\filesync.metadata
[2008.08.31 20:25:49 | 014,417,509 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2008.08.08 16:28:51 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.07.12 16:08:35 | 000,000,613 | -H-- | C] () -- C:\Users\***\AppData\Roaming\vispa.ini
[2008.07.08 18:13:58 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.07.01 15:49:51 | 000,004,038 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2008.06.17 17:52:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.06.02 16:10:50 | 000,077,824 | ---- | C] () -- C:\Windows\System32\HPZIDS01.dll
[2008.06.01 22:06:57 | 000,010,456 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008.05.31 14:23:31 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.05.31 14:18:27 | 000,000,552 | ---- | C] () -- C:\Users\***\AppData\Local\d3d8caps.dat
[2008.05.31 14:18:04 | 000,244,736 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.31 13:55:56 | 000,008,160 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2008.05.31 13:55:55 | 003,932,160 | -HS- | C] () -- C:\Users\***\NTUSER.DAT
[2008.05.31 13:55:55 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2008.05.31 13:55:55 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2008.05.31 13:55:55 | 000,262,144 | -H-- | C] () -- C:\Users\***\ntuser.dat.LOG1
[2008.05.31 13:55:55 | 000,065,536 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2008.05.31 13:55:55 | 000,000,020 | -HS- | C] () -- C:\Users\***\ntuser.ini
[2008.05.31 13:55:55 | 000,000,000 | -H-- | C] () -- C:\Users\***\ntuser.dat.LOG2
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.05.07 10:41:16 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007.05.07 09:22:38 | 000,000,834 | ---- | C] () -- C:\Windows\generic.ini
[2007.05.07 09:22:38 | 000,000,123 | ---- | C] () -- C:\Windows\Alaunch.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.02.23 18:37:18 | 000,047,104 | ---- | C] () -- C:\Windows\System32\dsfFLACEncoder.dll
[2006.02.23 17:37:06 | 000,047,616 | ---- | C] () -- C:\Windows\System32\dsfVorbisDecoder.dll
[2006.02.23 17:36:22 | 000,102,400 | ---- | C] () -- C:\Windows\System32\dsfOggDemux2.dll
[2006.02.23 17:35:56 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dsfOGMDecoder.dll
[2006.02.23 17:35:44 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dsfNativeFLACSource.dll
[2006.02.23 17:35:40 | 000,049,664 | ---- | C] () -- C:\Windows\System32\dsfFLACDecoder.dll
[2006.02.23 17:34:58 | 000,083,456 | ---- | C] () -- C:\Windows\System32\libFLAC++.dll
[2006.02.23 17:34:56 | 000,106,496 | ---- | C] () -- C:\Windows\System32\libFishSound.dll
[2006.02.23 17:34:38 | 000,029,696 | ---- | C] () -- C:\Windows\System32\libOOOggSeek.dll
[2006.02.23 17:34:26 | 001,108,480 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2006.02.23 17:34:16 | 000,049,152 | ---- | C] () -- C:\Windows\System32\libOOogg.dll
[2006.02.23 17:33:54 | 000,140,288 | ---- | C] () -- C:\Windows\System32\libFLAC.dll
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
< End of report >
         


Alt 14.04.2010, 22:41   #6
dredav
 
Angefangen hat es mit Antimalware Doctor... - Standard

Angefangen hat es mit Antimalware Doctor...



Zitat:
Zitat von cosinus Beitrag anzeigen
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Ich habe ComboFix ausgeführt und bin dann schnell runter gegangen, wo ich wieder da war hat grad mein PC neu gestartet. Unter C:\ComboFix.txt ist keine Datei zu finden. Im Arbeitsplatz wird in C:\ nur eine Datei Combofix angezeigt, welche keine txt Datei ist. Wenn ich diese Anklicke bin ich wieder im Arbeitsplatz...

was mache ich falsch?

man könnte auch in der cmd folgendes machen: copy c:\combofix c:\combofix.txt
weiß aber nicht ob dass das richtige ist

Geändert von dredav (14.04.2010 um 22:56 Uhr)

Alt 15.04.2010, 10:43   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Angefangen hat es mit Antimalware Doctor... - Standard

Angefangen hat es mit Antimalware Doctor...



Probier den Durchgang mit CF erneut. Dann sehen wir weiter.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Angefangen hat es mit Antimalware Doctor...
.dll, anti-malware, antimalware, appdata, code, dateien, dll, explorer, explorer.exe, file, gen, local\temp, log file, malwarebytes, malwarebytes' anti-malware, microsoft, programme, rkill.com, roaming, rundll, services, start, start menu, system, system32, temp, this, viren, windows



Ähnliche Themen: Angefangen hat es mit Antimalware Doctor...


  1. Antimalware Doctor
    Plagegeister aller Art und deren Bekämpfung - 22.09.2010 (22)
  2. antimalware doctor
    Plagegeister aller Art und deren Bekämpfung - 18.09.2010 (1)
  3. Antimalware Doctor
    Plagegeister aller Art und deren Bekämpfung - 14.09.2010 (19)
  4. Antimalware Doctor
    Plagegeister aller Art und deren Bekämpfung - 09.09.2010 (11)
  5. Antimalware Doctor...
    Plagegeister aller Art und deren Bekämpfung - 09.09.2010 (6)
  6. Antimalware Doctor
    Plagegeister aller Art und deren Bekämpfung - 08.09.2010 (1)
  7. Antimalware Doctor
    Plagegeister aller Art und deren Bekämpfung - 06.09.2010 (14)
  8. Antimalware doctor Virus
    Plagegeister aller Art und deren Bekämpfung - 06.09.2010 (1)
  9. Antimalware Doctor
    Diskussionsforum - 30.08.2010 (8)
  10. Antimalware Doctor auf PC
    Plagegeister aller Art und deren Bekämpfung - 30.08.2010 (2)
  11. Antimalware Doctor
    Plagegeister aller Art und deren Bekämpfung - 27.07.2010 (1)
  12. Antimalware Doctor entfernt?
    Log-Analyse und Auswertung - 26.07.2010 (1)
  13. antimalware Doctor
    Plagegeister aller Art und deren Bekämpfung - 07.07.2010 (2)
  14. Antimalware Doctor
    Plagegeister aller Art und deren Bekämpfung - 11.06.2010 (15)
  15. Antimalware Doctor
    Plagegeister aller Art und deren Bekämpfung - 03.06.2010 (12)
  16. Antimalware Doctor
    Plagegeister aller Art und deren Bekämpfung - 23.05.2010 (1)
  17. Antimalware Doctor beseitigt?
    Plagegeister aller Art und deren Bekämpfung - 16.05.2010 (9)

Zum Thema Angefangen hat es mit Antimalware Doctor... - Hallo, gestern Abend gegen hab 11 habe ich mir leider den "Antimalware Doctor". Seit dem versuche ich gegen die vielen Viren die auf meinem PC sind an zu kämpfen. Ich - Angefangen hat es mit Antimalware Doctor......
Archiv
Du betrachtest: Angefangen hat es mit Antimalware Doctor... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.