Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner, HiJACK log Positiv, mehr geht nicht!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 27.04.2010, 15:23   #1
c0n1909
 
Trojaner, HiJACK log Positiv, mehr geht nicht! - Standard

Trojaner, HiJACK log Positiv, mehr geht nicht!



hi,
ja ich habe das forum öfters nach meinem problem durchsucht, aber komme nicht mehr weiter... seit 4 tagen rechnet mein baby einfach echt die fakschen sachen

alsp folgendes, ich besuchte eine Internet seite via Mozilla.. nach nur kurzer zeit auf der seite, wurde mein Pc bombadiert, Antivir Guard kam dem Ansturm gar nicht mehr nach.

habe es mit Avira versucht die Daten zu löschen bzw in Quarantäne zu verschieben. Obs erfolgreich war kann ich nicht beurteilen, es ist besser geworden aber nicht ganz weg. habe daher HiJackdisk gezogen und ausgeführt, habe auch schon selber veruscht mit hilfe des forums hier zu Fixen bringt nur nichts.

Die verdächtigen schwirren immer noch in der AppData/temp rum
Ebenso sind da Programme die sich versuchen beim Vista-Start auszuführen nur wird gesagt betroffen .DLL kann nicht ausgeführt werden. File missing Atomdzty.dll kann nicht geöffnet werden.

diese Datei ist mir auch fremd, kann sie nicht zuordnen und aber leider auch nicht löschn.

Malware Bytes lässt sich inht starten, kann euch aber mal mein HiJack log da lassen...

danke schonmal im vorraus wenn sich jmd finden lässt der mir helfen kann !


Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:57:30, on 27.04.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Users\***\AppData\Local\Temp\Qds.exe
C:\Users\***s\AppData\Local\Temp\Qdt.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\rundll32.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Valve\Steam\Steam.exe
C:\Program Files\Veoh\Veoh\VeohClient.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\***\Program Files\DNA\btdna.exe
C:\Programme\Sandboxie\SbieCtrl.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\PowerStrip\PStrip.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\***\Desktop\HijackThis.exe
C:\Users\***\Desktop\HijackThis.exe
C:\Users\***\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ezLife browser enhancer atomdzty - {5EFBB77D-E919-497A-8EB8-4A255B947383} - C:\Windows\system32\atomdzty.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TVEService] "C:\Program Files\HomeCinema\TV Enhance\TVEService.exe"
O4 - HKLM\..\Run: [TVBroadcast] C:\Program Files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ezLife] rundll32 "atomdzty.dll",,Run
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BGNewsAgent] "C:\Program Files\BullGuard Software\BullGuard\BgNewsUI.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programe\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\***\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SandboxieControl] "C:\Programme\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [userinit] C:\Users\***\AppData\Roaming\sdra64.exe
O4 - HKCU\..\Run: [QZAIB7KITK] C:\Users\***\AppData\Local\Temp\Qds.exe
O4 - HKCU\..\Run: [YVIBBBHA8C] C:\Users\***\AppData\Local\Temp\Qdt.exe
O4 - HKCU\..\Run: [mcexecwin] rundll32.exe C:\Users\Thomas\AppData\Local\Temp\afb4m0iyo.dll, RestoreWindows
O4 - HKCU\..\Run: [qopqrqdrv] rundll32.exe "c:\users\thomas\appdata\local\temp\fccdbx.dll",s
O4 - HKCU\..\Run: [ljihfdsys] rundll32.exe "c:\users\thomas\appdata\local\temp\khgeff.dll",DllRegisterServer
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: PowerStrip.lnk = C:\Program Files\PowerStrip\PStrip.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\Taskleiste Ding\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Programme\Xilisoft\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Spiele\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Spiele\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU)
O13 - Gopher Prefix: 
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Unknown owner - C:\Windows\TEMP\AVSETUP_4bd35353\avupgsvc.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe
O23 - Service: GnabService - Empolis GmbH - c:\program files\common files\gnab\service\servicecontroller.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programme\Sandboxie\SbieSvc.exe
O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 14350 bytes
         

Geändert von c0n1909 (27.04.2010 um 15:31 Uhr)

Alt 27.04.2010, 22:32   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner, HiJACK log Positiv, mehr geht nicht! - Standard

Trojaner, HiJACK log Positiv, mehr geht nicht!



Hallo und

Poste bitte das Logfile von AntiVir. Wenn Malwarebytes nicht will, könnte das hier helfen => http://www.trojaner-board.de/82699-m...tet-nicht.html

Unabhängig ob das klappt oder nicht, bitte auch OTL ausführen:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 28.04.2010, 15:40   #3
c0n1909
 
Trojaner, HiJACK log Positiv, mehr geht nicht! - Standard

Trojaner, HiJACK log Positiv, mehr geht nicht!



die OTL file erstmal, MAlware sollte später folgen :

Code:
ATTFilter
OTL logfile created on: 28.04.2010 15:34:41 - Run 1
OTL by OldTimer - Version 3.2.3.0     Folder = C:\Users\Thomas\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 48,03 Gb Free Space | 10,77% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 10,52 Gb Free Space | 52,63% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: WOMB3RT
Current User Name: Thomas
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Thomas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Valve\Steam\Steam.exe (Valve Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Users\Thomas\AppData\Local\Temp\Qdt.exe ()
PRC - C:\Users\Thomas\AppData\Local\Temp\Qds.exe ()
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Users\Thomas\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Sandboxie\SbieCtrl.exe (tzuk)
PRC - C:\Programme\Sandboxie\SbieSvc.exe (tzuk)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\ielowutil.exe (Microsoft Corporation)
PRC - C:\Programme\Veoh\Veoh\VeohClient.exe (Veoh Networks)
PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\PowerStrip\PStrip.exe (EnTech Taiwan)
PRC - C:\Programe\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe ()
PRC - C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe ()
PRC - C:\Programme\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)
PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
PRC - C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
PRC - C:\Programme\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\IntelDH\CCU\CCU_Engine.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
PRC - C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH)
PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
PRC - C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Thomas\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirUpgradeService) --  File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Akamai) -- c:\Programme\Common Files\Akamai\rswin_3653.dll ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (GoogleDesktopManager-110309-193829) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (tzuk)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TVECapSvc) TVEnhance Background Capture Service (TBCS) -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe ()
SRV - (TVESched) TVEnhance Task Scheduler (TTS)) -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (srvcPVR) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
SRV - (AlertService) Intel(R) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
SRV - (QualityManager) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe (Intel(R) Corporation)
SRV - (Remote UI Service) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)
SRV - (MCLServiceATL) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)
SRV - (DHTRACE) Intel(R) -- C:\Programme\Common Files\Intel\IntelDH\bin\DHTraceController.exe (Intel(R) Corporation)
SRV - (ISSM) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel(R) Corporation)
SRV - (NMSCore) Intel(R) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe (Intel(R) Corporation)
SRV - (M1 Server) Intel(R) Viiv(TM) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (tzuk)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (IntelDH) -- C:\Windows\System32\drivers\IntelDH.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (acedrv11) -- C:\Windows\System32\drivers\ACEDRV11.sys (Protect Software GmbH)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (NXP Semiconductors Germany GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (PStrip) -- C:\Windows\System32\drivers\pstrip.sys (EnTech Taiwan)
DRV - (TSHWMDTCP) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys ()
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (nmsunidr) -- C:\Windows\System32\drivers\nmsunidr.sys (Gteko Ltd.)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\Windows\System32\drivers\sfsync04.sys (Protection Technology)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:3.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.0.3
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4
FF - prefs.js..extensions.enabledItems: ChoiceGuard@Microsoft:2.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.02.19 14:52:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.27 14:24:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.02 11:06:14 | 000,000,000 | ---D | M]
 
[2008.07.06 22:05:56 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions
[2010.04.28 15:31:01 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\tfl3rq40.default\extensions
[2009.09.02 16:48:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\tfl3rq40.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008.10.23 20:17:07 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\tfl3rq40.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2008.08.25 18:01:24 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\tfl3rq40.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.04.02 14:00:47 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\tfl3rq40.default\extensions\ChoiceGuard@Microsoft
[2009.02.07 22:26:57 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\tfl3rq40.default\extensions\firefox@tvunetworks.com
[2009.03.25 13:42:20 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\tfl3rq40.default\extensions\moveplayer@movenetworks.com
[2010.04.27 15:07:49 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-1.xml
[2009.07.22 23:19:03 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-10.xml
[2009.08.06 18:43:07 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-11.xml
[2009.09.10 22:42:26 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-12.xml
[2009.10.30 11:42:16 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-13.xml
[2009.12.22 22:44:38 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-14.xml
[2010.01.06 21:59:32 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-15.xml
[2010.02.20 12:01:21 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-16.xml
[2010.04.02 13:20:08 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-17.xml
[2008.04.17 18:34:00 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-2.xml
[2008.05.01 00:48:42 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-3.xml
[2009.03.24 17:13:42 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-4.xml
[2009.03.28 20:16:09 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-5.xml
[2009.04.23 23:41:08 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-6.xml
[2009.04.30 03:44:38 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-7.xml
[2009.06.14 00:32:01 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-8.xml
[2009.06.14 01:25:40 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-9.xml
[2009.03.01 14:02:44 | 000,000,944 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin.xml
[2009.03.24 10:51:01 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.03.24 10:50:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.02.19 10:21:33 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.02.19 10:21:33 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.02.19 10:21:33 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.02.19 10:21:33 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.02.19 10:21:33 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (adShotHlpr Object) - {5EFBB77D-E919-497A-8EB8-4A255B947383} - C:\Windows\System32\atomdzty.dll File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Programme\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [ezLife]  File not found
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [AdobeUpdater] C:\Programme\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [BGNewsAgent] C:\Program Files\BullGuard Software\BullGuard\BgNewsUI.exe File not found
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Thomas\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programe\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [jkklmmdrv] c:\users\thomas\appdata\local\temp\fccdbx.DLL ()
O4 - HKCU..\Run: [PlayNC Launcher]  File not found
O4 - HKCU..\Run: [SandboxieControl] C:\Programme\Sandboxie\SbieCtrl.exe (tzuk)
O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] c:\valve\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [userinit] C:\Users\Thomas\AppData\Roaming\sdra64.exe ()
O4 - HKCU..\Run: [Veoh] C:\Program Files\Veoh\Veoh\VeohClient.exe (Veoh Networks)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [YVIBBBHA8C] C:\Users\Thomas\AppData\Local\Temp\Qdt.exe ()
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe ()
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerStrip.lnk = C:\Programme\PowerStrip\PStrip.exe (EnTech Taiwan)
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Programme\Taskleiste Ding\ObjectDock\ObjectDock.exe (Stardock)
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Programme\Xilisoft\Download YouTube Video\upod_link.HTM ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Spiele\PartyPoker\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Spiele\PartyPoker\PartyPoker\RunApp.exe ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{512ecefa-08ba-11dd-8a12-001d927395f1}\Shell - "" = AutoRun
O33 - MountPoints2\{512ecefa-08ba-11dd-8a12-001d927395f1}\Shell\AutoRun\command - "" = I:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.04.28 15:33:07 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
[2010.04.25 09:54:02 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\backups
[2010.04.25 03:14:52 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Thomas\Desktop\HijackThis.exe
[2010.04.25 03:10:15 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Malwarebytes
[2010.04.25 03:10:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.25 03:10:02 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.25 03:10:02 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.25 03:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.25 03:08:21 | 005,918,776 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Thomas\Desktop\mbam-setup.com
[2010.04.24 22:43:47 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Avira
[2010.04.24 22:37:13 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.04.24 22:37:13 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.04.24 22:37:13 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.04.24 22:37:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.04.24 22:37:13 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.04.24 22:05:12 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2010.04.24 16:49:52 | 000,000,000 | ---D | C] -- C:\Programme\ezLife
[2010.04.24 16:47:07 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\6095BE1BF7DDA9FB6113ACE91B4916DC
[2010.04.24 16:47:04 | 000,000,000 | -HSD | C] -- C:\Users\Thomas\AppData\Roaming\lowsec
[2010.04.17 00:05:09 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.04.16 20:16:58 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\RT
[2010.04.15 18:14:04 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\BDR
[2010.04.15 02:35:49 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.15 02:35:48 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.15 02:35:47 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.15 02:35:45 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010.04.15 02:35:45 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010.04.12 02:09:28 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\PokerStars
[2010.04.12 02:09:10 | 000,000,000 | ---D | C] -- C:\Programme\PokerStars
[2010.04.02 14:00:55 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Tracing
[2010.04.02 14:00:00 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft
[2010.04.02 13:59:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010.04.02 13:59:42 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live SkyDrive
[2010.04.02 13:57:52 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Windows Live
[2010.03.30 19:16:36 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.03.30 19:16:36 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.03.30 19:16:36 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.03.30 19:16:36 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.03.30 19:16:36 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.03.30 19:16:36 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.03.30 19:16:36 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.03.30 19:16:36 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.03.30 19:16:36 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.03.30 19:16:36 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.03.30 19:16:35 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.03.30 19:16:35 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.03.30 19:16:35 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.03.30 19:16:35 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.03.30 19:16:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
 
========== Files - Modified Within 30 Days ==========
 
[2010.04.28 15:39:28 | 012,845,056 | -HS- | M] () -- C:\Users\Thomas\NTUSER.DAT
[2010.04.28 15:35:15 | 000,664,044 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.28 15:35:15 | 000,625,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.28 15:35:15 | 000,116,946 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.28 15:35:14 | 001,541,724 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.28 15:35:14 | 000,142,416 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.28 15:35:06 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1C0EC778-19CE-45A0-8E79-D6D5F574167C}.job
[2010.04.28 15:33:07 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
[2010.04.28 15:32:01 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010.04.28 15:31:30 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.04.28 15:28:01 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.04.28 15:27:35 | 000,006,779 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\PStrip.ini
[2010.04.28 15:27:35 | 000,006,779 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\PStrip.bak
[2010.04.28 15:27:16 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.28 15:27:15 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.28 15:27:15 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.28 15:27:12 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.28 15:27:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.28 15:27:08 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.27 16:21:07 | 000,524,288 | -HS- | M] () -- C:\Users\Thomas\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.04.27 16:21:07 | 000,065,536 | -HS- | M] () -- C:\Users\Thomas\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.04.27 16:20:57 | 000,009,180 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\PStrip.bk!
[2010.04.27 16:20:55 | 005,119,217 | -H-- | M] () -- C:\Users\Thomas\AppData\Local\IconCache.db
[2010.04.27 15:48:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.27 14:43:03 | 000,006,779 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\PStrip.bko
[2010.04.25 18:00:04 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan.job
[2010.04.25 18:00:03 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Thomas.job
[2010.04.25 10:50:40 | 000,002,379 | ---- | M] () -- C:\Users\Thomas\Desktop\Skype.lnk
[2010.04.25 10:48:32 | 000,081,920 | ---- | M] () -- C:\Users\Thomas\Desktop\fragebogen für Pat2.222.doc
[2010.04.25 03:14:22 | 000,318,369 | ---- | M] () -- C:\Users\Thomas\Desktop\HiJackThis.zip
[2010.04.25 03:10:06 | 000,000,736 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.25 03:08:27 | 005,918,776 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Thomas\Desktop\mbam-setup.com
[2010.04.24 23:42:33 | 000,007,592 | ---- | M] () -- C:\Users\Thomas\AppData\Local\d3d9caps.dat
[2010.04.24 22:37:20 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.04.24 22:22:56 | 042,341,360 | ---- | M] () -- C:\Users\Thomas\Desktop\avira_antivir_personal_de.exe
[2010.04.23 22:25:45 | 000,002,158 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2010.04.23 20:29:38 | 000,781,454 | ---- | M] () -- C:\Users\Thomas\Desktop\IMG_0306.JPG
[2010.04.23 15:21:36 | 000,174,592 | ---- | M] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.20 09:39:56 | 000,081,920 | ---- | M] () -- C:\Users\Thomas\Desktop\fragebogen für Pat2.1.doc
[2010.04.20 09:37:31 | 000,031,158 | ---- | M] () -- C:\Users\Thomas\Desktop\fragebogen für Pat.2.odt
[2010.04.20 09:11:33 | 000,018,235 | ---- | M] () -- C:\Users\Thomas\Desktop\fragebogen für patienten.odt
[2010.04.15 10:02:51 | 000,088,064 | ---- | M] () -- C:\Users\Thomas\Desktop\Unterricht Psychiatrie.ppt
[2010.04.15 10:02:34 | 000,455,260 | ---- | M] () -- C:\Users\Thomas\Desktop\ZusammenfassungPsychiatrischePflege.pdf
[2010.04.13 15:50:18 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.04.13 13:18:59 | 000,409,600 | ---- | M] () -- C:\Users\Thomas\Desktop\darkfix.exe
[2010.04.12 02:09:26 | 000,000,862 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2010.04.09 13:17:37 | 000,519,975 | ---- | M] () -- C:\Users\Thomas\Desktop\IMG_0330.JPG
[2010.04.09 12:56:26 | 000,626,212 | ---- | M] () -- C:\Users\Thomas\Desktop\IMG_0329.JPG
[2010.04.06 19:53:49 | 000,072,192 | ---- | M] () -- C:\Users\Thomas\Desktop\Bewerbung hamburg1.2.doc
[2010.04.06 19:50:00 | 000,038,400 | ---- | M] () -- C:\Users\Thomas\Desktop\Lebenslauf.doc
[2010.04.06 19:39:01 | 000,033,792 | ---- | M] () -- C:\Users\Thomas\Desktop\Bewerbung hamburg1.doc
[2010.04.03 17:08:07 | 000,003,178 | ---- | M] () -- C:\Users\Thomas\Desktop\cfg.rar
[2010.04.02 14:00:31 | 000,000,764 | ---- | M] () -- C:\Users\Thomas\Documents\Meine freigegebenen Ordner.lnk
[2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2010.04.25 10:50:33 | 000,002,379 | ---- | C] () -- C:\Users\Thomas\Desktop\Skype.lnk
[2010.04.25 10:48:31 | 000,081,920 | ---- | C] () -- C:\Users\Thomas\Desktop\fragebogen für Pat2.222.doc
[2010.04.25 03:14:21 | 000,318,369 | ---- | C] () -- C:\Users\Thomas\Desktop\HiJackThis.zip
[2010.04.25 03:10:06 | 000,000,736 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.24 22:37:20 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.04.24 22:22:22 | 042,341,360 | ---- | C] () -- C:\Users\Thomas\Desktop\avira_antivir_personal_de.exe
[2010.04.24 16:55:05 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.04.24 16:47:06 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010.04.20 09:39:55 | 000,081,920 | ---- | C] () -- C:\Users\Thomas\Desktop\fragebogen für Pat2.1.doc
[2010.04.20 09:37:31 | 000,031,158 | ---- | C] () -- C:\Users\Thomas\Desktop\fragebogen für Pat.2.odt
[2010.04.20 09:11:33 | 000,018,235 | ---- | C] () -- C:\Users\Thomas\Desktop\fragebogen für patienten.odt
[2010.04.15 10:02:50 | 000,088,064 | ---- | C] () -- C:\Users\Thomas\Desktop\Unterricht Psychiatrie.ppt
[2010.04.15 10:02:33 | 000,455,260 | ---- | C] () -- C:\Users\Thomas\Desktop\ZusammenfassungPsychiatrischePflege.pdf
[2010.04.13 22:10:30 | 000,003,178 | ---- | C] () -- C:\Users\Thomas\Desktop\cfg.rar
[2010.04.13 15:50:18 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.04.13 13:18:56 | 000,409,600 | ---- | C] () -- C:\Users\Thomas\Desktop\darkfix.exe
[2010.04.12 02:09:26 | 000,000,862 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2010.04.09 13:24:14 | 000,519,975 | ---- | C] () -- C:\Users\Thomas\Desktop\IMG_0330.JPG
[2010.04.09 13:24:12 | 000,626,212 | ---- | C] () -- C:\Users\Thomas\Desktop\IMG_0329.JPG
[2010.04.06 19:53:47 | 000,072,192 | ---- | C] () -- C:\Users\Thomas\Desktop\Bewerbung hamburg1.2.doc
[2010.04.06 19:49:59 | 000,038,400 | ---- | C] () -- C:\Users\Thomas\Desktop\Lebenslauf.doc
[2010.04.06 19:39:01 | 000,033,792 | ---- | C] () -- C:\Users\Thomas\Desktop\Bewerbung hamburg1.doc
[2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.10.20 14:39:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.11 21:38:11 | 000,002,158 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2008.06.14 16:45:16 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008.06.14 16:45:09 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.05.11 10:29:16 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.05.11 10:29:16 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.05.04 18:56:46 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2008.04.21 14:01:07 | 000,000,063 | ---- | C] () -- C:\Windows\wininit.ini
[2008.04.12 19:59:11 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.02.19 16:49:56 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.02.19 16:49:48 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2008.02.19 16:49:48 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2008.02.19 15:05:59 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.02.19 15:05:58 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.02.19 15:04:36 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI
[2008.02.19 11:28:59 | 000,009,824 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.06.23 11:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
< End of report >
         
__________________

Alt 28.04.2010, 15:43   #4
c0n1909
 
Trojaner, HiJACK log Positiv, mehr geht nicht! - Standard

Trojaner, HiJACK log Positiv, mehr geht nicht!



und die OTL Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 28.04.2010 15:34:41 - Run 1
OTL by OldTimer - Version 3.2.3.0     Folder = C:\Users\Thomas\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 48,03 Gb Free Space | 10,77% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 10,52 Gb Free Space | 52,63% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: WOMB3RT
Current User Name: Thomas
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01212A57-44D4-4039-9B78-2103B597717B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe | 
"{02B19D77-266C-4116-8326-E080DC71949A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{05FAF54E-D9C2-41CD-BAA9-18EBB97A584F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{106933CF-BA83-4CEB-BC6A-CAAA2146AD95}" = rport=137 | protocol=17 | dir=out | app=system | 
"{14F46104-A5C5-4EB2-8F2A-ABD088D045C0}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{16DA6AE4-DBA7-4F58-91FD-C8AACA268B63}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery | 
"{25A4CA32-8173-4909-A12D-62F5583DC3DE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3F3ECE08-D866-4AD0-858C-4C64EE7D03CE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{404E5100-763F-4D51-A5E4-1B6023873B38}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{449340CC-CD1E-4679-83C5-449E6F69B103}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe | 
"{4B05DD1F-BAE6-4BC0-9662-FDD97F169F4B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4C82585B-DB79-4B0F-A954-79923D464162}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe | 
"{4E42CAA0-999A-4447-BD51-51293B7EAD59}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{607A16F7-07FB-4D94-A5E2-5F3D59C90EF4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6CCFF1E0-5A30-4C08-8EF3-0A45BF98906F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{718F5A09-6615-4CAA-A32C-929499A86AA9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe | 
"{73F5FA9B-47D2-484D-8157-FB58202796D2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7473E83E-D439-40BE-BA04-785E0136833E}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{75DCCF0F-46A0-4107-9D81-0943B8F8750A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{833DA793-6FC9-47F9-884B-FC4455C1CC1C}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{8F2DF4FC-FD1C-4C40-8622-BE3D64349693}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery | 
"{92962189-9CF4-4E1A-828D-5CEAF54C497E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9317E70F-B91F-41BF-9228-25AA224D3914}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9B7D29EB-8401-45F9-9A2F-5239CB8EFA74}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{9BD1BE4F-EA1C-48D5-83FD-5B012C1ED070}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AC218812-9EF2-4AAD-AC77-26575F86CFFE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{AE38952A-6FBC-4A20-BCC9-5585E4318AEB}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B56C4B3B-B919-4016-A18E-6D0A1C6B7306}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BD95086A-DECB-4C5E-8379-8BF09FDD81BD}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C901F090-AD82-4546-B5A3-7FACC1582659}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D5D9F8F6-1368-466B-AB89-DA8DEB9BE7B4}" = lport=49169 | protocol=6 | dir=in | name=akamai netsession interface | 
"{D9BF3BCB-6B52-414C-A2E2-97AC93E2EB9A}" = lport=28366 | protocol=6 | dir=in | name=azureus | 
"{E06AD4A5-6288-49A3-9260-25495BEB6B8B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FA4EAA-0EB0-4FD1-BCDF-0994D3498FEE}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | 
"{0103BA84-73D4-4560-9A15-B95243B6856E}" = protocol=17 | dir=in | app=c:\spiele\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{06BDD21C-0A69-458A-AC74-BB1458C4E1B1}" = protocol=6 | dir=in | app=c:\spiele\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{08BF464A-27CC-4A73-9DA7-3B4096851584}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{09D70BC7-64EC-4B3D-89BB-C594ACD9D04B}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | 
"{1BF7AE71-CD80-4CE2-B1E4-CCFF10E62A9C}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{20028EB4-015E-45BB-9BF4-0FA2400C87E5}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | 
"{2060CB42-CDD1-4CA4-9C88-5DD4DADDC42B}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{2209B862-0FC6-41D0-AF7E-0685A9F34742}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{2261E2B2-7B92-4881-9803-89A2BC444ACF}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{23141A48-3CA1-44E7-80E9-5BC4993C0C06}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{26E72F3E-AC7A-4D0E-8FAE-00E69000FE70}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2EF4C937-07CA-4FEC-A672-1ACA2B9F9BE6}" = protocol=17 | dir=in | app=c:\spiele\capcom\lostplanetcolonies\lostplanetcoloniesdx9.exe | 
"{33B60BE0-F651-45D4-A5AE-3A6F066547C5}" = protocol=6 | dir=in | app=c:\valve\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe | 
"{3FCD6E52-9137-425C-B6BA-2B330958009A}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{46008ADD-40B4-4AC7-A691-ABC443E7A505}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4A19AB5D-5312-4EE9-B59E-4BA7249B0BF0}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | 
"{4C77FD1F-0A87-4C4B-8ADD-476A4D9A448D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5087BE1E-1068-4359-ACE9-A972E3ECB5A4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{5DD10A86-F424-4C7C-BBA9-1F63B3663A47}" = protocol=6 | dir=in | app=c:\spiele\capcom\lostplanetcolonies\lostplanetcoloniesdx10.exe | 
"{5F729969-C49F-48A4-9793-386678AD269C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{620F6F8E-F791-4F2A-9A1C-557419CC9D87}" = protocol=6 | dir=in | app=c:\spiele\capcom\lostplanetcolonies\lostplanetcoloniesdx9.exe | 
"{63A2D57C-F466-41DD-B2A0-910B0D90EC72}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{6595D3AD-0FBB-41A6-8E5F-5F5EF9C3662A}" = protocol=6 | dir=in | app=c:\spiele\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{700753F8-0BC6-469F-8CAE-6069CDCC0371}" = dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe | 
"{70799646-B73A-40C6-8717-F91B6E38C168}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{73C75508-F1BD-4A28-BB67-56C57C79A573}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{7BF2D859-36AA-4EB2-B71E-A471BCEF5539}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe | 
"{83B8F66E-4862-4FD4-B744-3F44F56B6765}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{850CBDDC-B319-41D0-828D-5B182D38EBCB}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe | 
"{85223B3A-2D6C-4359-9A68-9C6B31FB1B81}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{8770E655-2C68-4DF5-B5C4-702B68CAF5AB}" = protocol=17 | dir=in | app=c:\spiele\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{93572C49-0CFE-44F8-8256-58E25C132FCF}" = protocol=6 | dir=in | app=c:\spiele\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{93EE9637-2D2F-47F5-AB42-237760B22282}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{95ADDE3D-E2E7-4D45-964F-FE6342E813C7}" = protocol=17 | dir=in | app=c:\valve\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe | 
"{999F367E-1A74-4543-9B47-AF6A535088D0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{9D595453-CD4A-4CFF-9FFD-136623996ED8}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe | 
"{9F501015-5EEA-49F7-87E6-507D3B1A9D47}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{A2AAE02A-335B-427D-AC74-005710FABA80}" = protocol=17 | dir=in | app=c:\spiele\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{A7D5C559-78E8-4172-ADD1-5BD35E1F5088}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{A96BB2BD-409A-42B9-A526-2B3717225E15}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe | 
"{B0F3A79B-994A-40E5-9FCE-BD658D40D43E}" = protocol=17 | dir=in | app=c:\spiele\capcom\lostplanetcolonies\lostplanetcoloniesdx10.exe | 
"{B2B7A17A-C346-40E4-91DB-6E32448FE1AF}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{B5A9E8A1-4646-41C1-919A-CCC1FC15FCEF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{BEB8776E-1940-443C-B0CB-5C7603B59201}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C256B297-66B2-47C9-A5C1-13634F018CAF}" = protocol=17 | dir=in | app=c:\valve\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe | 
"{C338D500-CB52-4FC9-93A8-A083C9048E23}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{C545E12F-4671-4657-A8F8-D33777DA5D29}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{C6812261-0A3C-43C2-8949-9AE5157D671F}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe | 
"{CADD04FB-0028-492F-99AD-8C962115A357}" = protocol=6 | dir=in | app=c:\valve\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe | 
"{CCD7356D-4D90-4FE0-8CD9-3C268DC1C236}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D0FF87D6-8FF7-4970-AAE7-0F7F0F116DA4}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | 
"{F16DA657-8928-4778-8937-BB90910F5002}" = dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe | 
"{F3ECBA52-9DCC-47F6-A021-9E923C2C2B01}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe | 
"{FAB39011-5016-4568-B726-7064EE53E7F3}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{FB0CBA55-13A8-40B5-8221-598E452745FE}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | 
"TCP Query User{0513570A-B9F5-4308-91EC-4C0CB134DAAE}C:\valve\steam\steamapps\wandersmann\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\valve\steam\steamapps\wandersmann\counter-strike\hl.exe | 
"TCP Query User{0A922DC4-B089-45C0-86A6-0DDC54760B3E}C:\users\thomas\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"TCP Query User{1B777E43-924B-40B8-AE45-32B917489FA2}C:\valve\steam\steamapps\wandersmann\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\valve\steam\steamapps\wandersmann\counter-strike source\hl2.exe | 
"TCP Query User{1E2CC95F-5B05-4993-BC90-F41FE8FA1B1A}C:\programe\azureusneu\azureus.exe" = protocol=6 | dir=in | app=c:\programe\azureusneu\azureus.exe | 
"TCP Query User{1FE4DB7B-8565-4C8A-A15F-9A540DF48D50}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | 
"TCP Query User{27FEC7EF-38FA-4CD1-928B-8042430F715A}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe | 
"TCP Query User{2F45887D-63C3-4C5F-A1B8-AD71E9BFDA55}C:\spiele\capcom\lostplanetcolonies\lostplanetcoloniesdx9.exe" = protocol=6 | dir=in | app=c:\spiele\capcom\lostplanetcolonies\lostplanetcoloniesdx9.exe | 
"TCP Query User{4B7C037E-CD04-4530-8109-D261846256C3}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"TCP Query User{5177332C-0505-44F0-924E-C362E5EBD118}C:\spiele\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\spiele\tmnationsforever\tmforever.exe | 
"TCP Query User{5A070264-1806-483C-820F-4ACCD07AF252}C:\programe\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\programe\azureus\azureus.exe | 
"TCP Query User{756EAA51-BABB-4DB6-9710-505129D6C9D4}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{82347B93-EE1A-4152-BC2D-B2A35D5527BF}C:\valve\steam\steamapps\wandersmann\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\valve\steam\steamapps\wandersmann\counter-strike source\hl2.exe | 
"TCP Query User{8B32BA07-DED8-4F6A-8DBF-7069546508F3}C:\spiele\codemasters\dirt\dirt.exe" = protocol=6 | dir=in | app=c:\spiele\codemasters\dirt\dirt.exe | 
"TCP Query User{8CF23B72-367D-4F99-BE34-4611D214F34F}C:\users\thomas\desktop\wow-burningcrusade-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\thomas\desktop\wow-burningcrusade-dede-installer-downloader.exe | 
"TCP Query User{8DB46259-9728-491B-A9A0-F3E1BFF210E5}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{974817BC-0D45-4891-9CDD-A66671DFF3C3}C:\valve\steam\steamapps\wandersmann\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\valve\steam\steamapps\wandersmann\day of defeat source\hl2.exe | 
"TCP Query User{9A6996B1-61CF-48A6-9425-CB606E578270}C:\users\thomas\desktop\wow-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\thomas\desktop\wow-dede-installer-downloader.exe | 
"TCP Query User{9B3F5298-C001-4FA7-9EB2-1E586C1FEAFD}C:\program files\veoh\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh\veoh\veohclient.exe | 
"TCP Query User{A31EF5CD-A91E-4F8F-B847-CD09A70B713C}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"TCP Query User{B6A0ED3D-97BE-4B64-ADFC-00171F6C48A2}C:\users\thomas\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\thomas\program files\dna\btdna.exe | 
"TCP Query User{B6BC4731-C08F-4600-B5D8-F487DD122D58}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{B7804516-76D9-43F3-91EC-0A393F9A23B5}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe | 
"TCP Query User{BFE4B3A5-C0D7-48E7-A17C-E43FE096ED24}C:\users\thomas\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\thomas\program files\dna\btdna.exe | 
"TCP Query User{C257F0D8-7005-4F8A-BE1E-75DF60535207}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{D177F33B-A984-4D71-BD57-A3FEA08C9080}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{E08130AD-7A14-4B22-83BD-B059456C9F1A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{E7823984-35B5-44E4-95E5-D1497F4BEEEA}C:\program files\veoh\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh\veoh\veohclient.exe | 
"TCP Query User{E78BF628-3C12-466F-AC33-BE7685D214BB}C:\valve\steam\steamapps\wandersmann\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\valve\steam\steamapps\wandersmann\half-life 2 deathmatch\hl2.exe | 
"TCP Query User{EDAEC49B-006E-48C1-A624-EDD6C30EA46A}C:\valve\steam\steamapps\common\lost planet dx10 trial\lostplanetdx10.exe" = protocol=6 | dir=in | app=c:\valve\steam\steamapps\common\lost planet dx10 trial\lostplanetdx10.exe | 
"TCP Query User{EE5398C4-1626-439F-BDCF-8442DD210EE4}C:\spiele\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\spiele\tmnationsforever\tmforever.exe | 
"TCP Query User{F2DEB97B-681C-4C1E-AF36-C05645B0CD36}C:\valve\steam\steamapps\wandersmann\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\valve\steam\steamapps\wandersmann\day of defeat source\hl2.exe | 
"TCP Query User{F33A5DB7-FFAF-4197-83E7-7C693FFA5F7A}C:\programe\azureusneu\azureus.exe" = protocol=6 | dir=in | app=c:\programe\azureusneu\azureus.exe | 
"TCP Query User{FF7CECCB-C7FF-4ADC-892C-D404D9043CE0}C:\valve\steam\steamapps\wandersmann\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\valve\steam\steamapps\wandersmann\counter-strike\hl.exe | 
"UDP Query User{0BCF05B1-5D57-438D-9E49-B10884CAA5F4}C:\users\thomas\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"UDP Query User{152C7085-DAE0-450A-ADE5-E0B177457A07}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{1E5F289D-ED7B-41D0-82DA-0459E4E0A588}C:\spiele\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\spiele\tmnationsforever\tmforever.exe | 
"UDP Query User{2BCF3053-C44B-4CAD-9665-CA7F70E946D8}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{2C8C2B56-E4D6-4CDA-8286-6476F2AFAFA0}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe | 
"UDP Query User{3C1CDD87-D818-4AE2-BD85-C7D5955B6F4A}C:\valve\steam\steamapps\wandersmann\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\valve\steam\steamapps\wandersmann\counter-strike\hl.exe | 
"UDP Query User{3D59F897-DEF3-4EB1-B11A-915ABD72CC83}C:\program files\veoh\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh\veoh\veohclient.exe | 
"UDP Query User{3F0B03EB-6111-4370-9A2B-F3D52C6DA764}C:\valve\steam\steamapps\common\lost planet dx10 trial\lostplanetdx10.exe" = protocol=17 | dir=in | app=c:\valve\steam\steamapps\common\lost planet dx10 trial\lostplanetdx10.exe | 
"UDP Query User{46E6475C-A7EF-4A52-87BD-A42DD440DFFC}C:\valve\steam\steamapps\wandersmann\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\valve\steam\steamapps\wandersmann\counter-strike source\hl2.exe | 
"UDP Query User{511705D9-A958-4CD8-BBB2-7D4D3486ED8A}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe | 
"UDP Query User{634D50D6-BB40-44E2-AA12-91A85F45B32D}C:\valve\steam\steamapps\wandersmann\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\valve\steam\steamapps\wandersmann\counter-strike source\hl2.exe | 
"UDP Query User{64EBD7B2-2E58-4877-86AC-526B71C6535B}C:\valve\steam\steamapps\wandersmann\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\valve\steam\steamapps\wandersmann\day of defeat source\hl2.exe | 
"UDP Query User{8154B5B8-BA18-4F93-A13B-1CE19EA81097}C:\spiele\capcom\lostplanetcolonies\lostplanetcoloniesdx9.exe" = protocol=17 | dir=in | app=c:\spiele\capcom\lostplanetcolonies\lostplanetcoloniesdx9.exe | 
"UDP Query User{84123C1D-5006-4B5F-A88A-046EF3CF4625}C:\users\thomas\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\thomas\program files\dna\btdna.exe | 
"UDP Query User{8705B6B5-6FE0-4C3B-BCBE-6FB99FC40E02}C:\users\thomas\desktop\wow-burningcrusade-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\thomas\desktop\wow-burningcrusade-dede-installer-downloader.exe | 
"UDP Query User{9370B4CF-D2AB-4C8B-937A-81E26CFFE2CC}C:\spiele\codemasters\dirt\dirt.exe" = protocol=17 | dir=in | app=c:\spiele\codemasters\dirt\dirt.exe | 
"UDP Query User{948FB4C8-CCAC-4150-A62D-36D9C0785338}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"UDP Query User{98C9C5DF-CE99-4750-B2FD-D7DABCDECDC7}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"UDP Query User{AA476116-FFE1-4A98-B13F-8BFB4FA8B0F6}C:\programe\azureusneu\azureus.exe" = protocol=17 | dir=in | app=c:\programe\azureusneu\azureus.exe | 
"UDP Query User{AACAC9C1-797E-4C8F-9D53-D76B30E6EDCA}C:\valve\steam\steamapps\wandersmann\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\valve\steam\steamapps\wandersmann\counter-strike\hl.exe | 
"UDP Query User{B9A64FB4-261A-4219-8924-55FF39A3592D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{BA79BE0C-D027-4E64-B5C0-162AE33FDB8C}C:\spiele\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\spiele\tmnationsforever\tmforever.exe | 
"UDP Query User{BE1D43CA-A85E-4185-8765-B55433C33B83}C:\programe\azureusneu\azureus.exe" = protocol=17 | dir=in | app=c:\programe\azureusneu\azureus.exe | 
"UDP Query User{BF784F69-B158-461B-BEFB-F906A6756C5A}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{BF9E368D-5E4F-486B-9A15-4106329D1DE8}C:\valve\steam\steamapps\wandersmann\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\valve\steam\steamapps\wandersmann\half-life 2 deathmatch\hl2.exe | 
"UDP Query User{C34B53B8-1417-40DC-801C-D601C9E3BF81}C:\users\thomas\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\thomas\program files\dna\btdna.exe | 
"UDP Query User{C6DE5825-6D7A-4391-B4E5-380E01E5D129}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | 
"UDP Query User{D28EA19C-4D0B-4F37-A3E2-181FEB47C2CF}C:\valve\steam\steamapps\wandersmann\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\valve\steam\steamapps\wandersmann\day of defeat source\hl2.exe | 
"UDP Query User{E0662AC3-AB5B-46CD-B4E9-497B1EBB1DF4}C:\users\thomas\desktop\wow-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\thomas\desktop\wow-dede-installer-downloader.exe | 
"UDP Query User{E4325CF2-97C6-4842-B6C2-2B920F6F2E73}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{EE2B9BD2-4D62-4B88-A8DA-F1684BE38AE4}C:\programe\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\programe\azureus\azureus.exe | 
"UDP Query User{F9D1B3EF-6F1E-433B-9174-53EA89CD6C6D}C:\program files\veoh\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh\veoh\veohclient.exe | 
"UDP Query User{FBDB2CE3-4C02-4592-91D3-355295206BAA}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A4E47DC-6701-4A85-AA16-C1F99A44598C}" = SpellForce 2 - Shadow Wars
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{262DA23B-4BAB-463F-B1DC-9B5287CAB5CA}_is1" = Deinstallation der Arcor Online Software
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3
"{5BB977A4-E843-4E31-9859-745F442B1031}" = Nero 8 Essentials
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6EEEF30E-0AD2-4AD9-B854-22F1488637C7}" = Two Worlds Control Panel 1.0.7
"{6FCFA783-CE7B-4018-AC48-0E6EEAAEA322}" = LOST PLANET COLONIES
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80A97464-A741-44B0-8AD6-0C16B1FEF7F6}" = Norton Security Scan
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7472CEE-6E85-4D43-9C71-BDFC0D471F70}" = Intel® Viiv™ Software
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BBBF4CFE-9D26-4D93-A869-B2B021B3CA85}" = Intel(R) PRO Network Connections 12.2.41.0
"{BD5AEA80-86E6-4227-A093-6610BA0DF735}" = Windows Sidebar Styler
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD90636-D97D-4130-A44A-3AD4E63B9220}" = OpenOffice.org 2.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D16D8A48-65A4-4B19-8A02-DC9A40FB80C4}" = Norton Security Scan
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F06EB29F-FA6A-48E6-8F89-3BCB4B015383}" = Aion
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F916C6DF-2601-4385-9500-C45FF398D4CB}" = Install(GE)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Akamai" = Akamai NetSession Interface
"ALDI Foto Manager Free Nord D" = ALDI Foto Manager Free Nord
"ALDI Foto Service Nord D" = ALDI Foto Service Nord
"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice
"ALDI Online Druck Service (Nord)" = ALDI Online Druck Service (Nord)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azureus" = Azureus
"bwin" = bwin Poker (remove only)
"Counter-Strike: Condition Zero" = Counter-Strike: Condition Zero
"Desktop DiaShow" = Desktop DiaShow
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Foto-Mosaik_is1" = Foto-Mosaik 4.1.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GTK 2.0" = GTK+ Runtime 2.12.8 rev a (nur entfernen)
"Handbrake" = Handbrake 0.9.4
"ICQToolbar" = ICQ Toolbar
"InfernalGame" = Infernal
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Intel(R) Configuration Center" = Intel® Viiv™ Software
"LetsTrade" = LetsTrade Komponenten
"MakeTorrent 2" = MakeTorrent v2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MEDION Fotos auf CD Nord D" = MEDION Fotos auf CD Nord
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"NSSSetup.{D16D8A48-65A4-4B19-8A02-DC9A40FB80C4}" = Norton Security Scan (Symantec Corporation)
"NVIDIA Drivers" = NVIDIA Drivers
"ObjectDock" = ObjectDock
"OpenAL" = OpenAL
"PartyPoker" = PartyPoker
"PokerStars" = PokerStars
"PowerStrip 3 (remove only)" = PowerStrip 3 (remove only)
"PROSetDX" = Intel(R) PRO Network Connections 12.2.41.0
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 6.0" = RealPlayer
"Sandboxie" = Sandboxie 3.38
"Steam" = Steam
"Steam App 10" = Counter-Strike
"Steam App 13210" = Unreal Tournament 3
"Steam App 300" = Day of Defeat: Source
"Steam App 302" = Day of Defeat: Source Beta
"Steam App 400" = Portal
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 5" = TeamViewer 5
"TmNationsForever_is1" = TmNationsForever
"TVUPlayer" = TVUPlayer 2.3.7.1
"Two Worlds" = Two Worlds
"Uninstall_is1" = Uninstall 1.0.0.1
"Vampire Slayer : Chapter V_is1" = Chapter V
"VentriloMIX" = VentriloMIX
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"X10Hardware" = X10 Hardware(TM)
"Xilisoft Download YouTube Video" = Xilisoft Download YouTube Video
"Xvid_is1" = Xvid 1.1.3 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         

Alt 28.04.2010, 18:19   #5
c0n1909
 
Trojaner, HiJACK log Positiv, mehr geht nicht! - Standard

Trojaner, HiJACK log Positiv, mehr geht nicht!



so Malware ist auch durchgelaufen, habe die infizierten datein direkt über Malware löschen lassen und den reboot ausgeführt.
jedoch meldet nach dem neustart antivir wieder Malware gefunden.

hier das log:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3930

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

28.04.2010 18:02:39
mbam-log-2010-04-28 (18-02-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 463401
Laufzeit: 2 Stunde(n), 16 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 14
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 25

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_CLASSES_ROOT\CscrptXt.CscrptXt (Adware.EZlife) -> No action taken.
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> No action taken.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5efbb77d-e919-497a-8eb8-4a255b947383} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5efbb77d-e919-497a-8eb8-4a255b947383} (Trojan.BHO) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ezlife (Adware.EZlife) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jkklmmdrv (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.Agent) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Program Files\ezLife (Adware.EzLife) -> No action taken.
C:\Program Files\ezLife\ezLife (Adware.EzLife) -> No action taken.

Infizierte Dateien:
C:\Program Files\Maketorrent 2\uninstall.exe (Password.Stealer) -> No action taken.
C:\Users\***\AppData\Local\Temp\Qdp.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\***\AppData\Local\Temp\Qdq.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\***\AppData\Local\Temp\6_ldry3no.exe (Trojan.Zbot) -> No action taken.
C:\Users\***\AppData\Local\Temp\q1.exe (Trojan.Clicker) -> No action taken.
C:\Users\***\AppData\Local\Temp\Qdt.exe (Trojan.FakeAlert) -> No action taken.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
C:\Users\***\AppData\Local\Temp\4_pinnew.exe (Trojan.Downloader) -> No action taken.
C:\Users\***\AppData\Local\Temp\60325cahp25ca0.exe (Trojan.Agent) -> No action taken.
C:\Users\***\AppData\Local\Temp\60325cahp25ca1.exe (Trojan.Agent) -> No action taken.
C:\Users\***\AppData\Local\Temp\60325cahp25caa.exe (Trojan.Agent) -> No action taken.
C:\Users\***\AppData\Local\Temp\avto.exe (Trojan.Agent) -> No action taken.
C:\Users\***\AppData\Local\Temp\lsass.exe (Trojan.Agent) -> No action taken.
C:\Users\***\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> No action taken.
C:\Users\***\AppData\Local\Temp\win32.exe (Trojan.Downloader) -> No action taken.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
c:\Users\***\AppData\Local\Temp\fccdbx.dll (Trojan.Agent) -> No action taken.
C:\Users\***\AppData\Roaming\sdra64.exe (Trojan.Agent) -> No action taken.
C:\Users\***\AppData\Local\Temp\teste1_p.exe (Trojan.Agent) -> No action taken.
C:\Users\***\AppData\Local\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> No action taken.
C:\Users\***\AppData\Local\Temp\0.3798802323586561.eXe (Trojan.Dropper) -> No action taken.
C:\Users\***\AppData\Local\Temp\0.7401020057264719.eXe (Trojan.Dropper) -> No action taken.
C:\Users\***\AppData\Local\Temp\miragge.exe (Trojan.Dropper) -> No action taken.
C:\Users\***\AppData\Local\Temp\svchosty.exe (Trojan.Agent) -> No action taken.
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> No action taken.
         

mfg


Alt 28.04.2010, 20:28   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner, HiJACK log Positiv, mehr geht nicht! - Standard

Trojaner, HiJACK log Positiv, mehr geht nicht!



Zitat:
Datenbank Version: 3930
Klappte das Signaturen Update von Malwarebytes nicht oder haste es vergessen? Falls vergessen bitte nachholen und den Vollscan wiederholen.
__________________
--> Trojaner, HiJACK log Positiv, mehr geht nicht!

Antwort

Themen zu Trojaner, HiJACK log Positiv, mehr geht nicht!
adobe, alert, antivir, antivir guard, avg, avira, bho, defender, desktop, ebay, fremd, google, gupdate, hijack, hijackthis, internet, internet explorer, local\temp, logfile, magix, problem, rundll, software, starten, system, taskleiste, thomas, tracker, trojaner, windows



Ähnliche Themen: Trojaner, HiJACK log Positiv, mehr geht nicht!


  1. USB Maus geht nicht mehr - neue Maus geht nach 2 Tagen auch nicht mehr!
    Netzwerk und Hardware - 26.10.2015 (4)
  2. Malwarebytes Anti-Malware geht erst nicht, findet dann Security.Hijack - Ist da noch mehr?
    Log-Analyse und Auswertung - 21.08.2014 (17)
  3. GVU Trojaner Win7 abgesichertes Modus geht nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 23.04.2013 (17)
  4. Bundespolizei-Trojaner: Abgesicherter Modus geht nicht mehr
    Log-Analyse und Auswertung - 05.12.2012 (8)
  5. Staatsministerium Trojaner - nun geht nicht´s mehr...
    Log-Analyse und Auswertung - 30.08.2012 (5)
  6. Trojaner...Outlook geht nicht mehr
    Alles rund um Windows - 20.05.2012 (1)
  7. Win7 herunterfahren Button reagiert nicht, strg+alt+entf geht nicht mehr & cmd.exe geht nicht auf
    Plagegeister aller Art und deren Bekämpfung - 15.12.2011 (25)
  8. Windows XP geht nicht mehr Virus, Trojaner ?
    Plagegeister aller Art und deren Bekämpfung - 01.12.2010 (0)
  9. Trojaner gefunden nun geht MKV2Vob nicht mehr
    Alles rund um Windows - 01.11.2010 (3)
  10. 2 Trojaner - Internet langsam/geht nicht mehr (Netzwerk?) - Was tun?
    Log-Analyse und Auswertung - 07.03.2010 (1)
  11. Hijack? Trojaner? Firefox kann Bankingseite nicht mehr öffnen ...
    Log-Analyse und Auswertung - 26.05.2009 (0)
  12. Trojaner zlob - Exel geht nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 06.06.2008 (1)
  13. Internet geht auf einem PC nicht mehr, Laptop (am gleichen Router angeschlossen) geht
    Plagegeister aller Art und deren Bekämpfung - 04.12.2007 (0)
  14. Maus geht nicht mehr java geht nicht mehr...
    Log-Analyse und Auswertung - 05.09.2007 (3)
  15. hijack geht nicht mehr!!!
    Log-Analyse und Auswertung - 02.05.2005 (4)
  16. Trojaner? -> PC spinnt - vieles geht nicht mehr
    Log-Analyse und Auswertung - 10.04.2005 (6)
  17. I need help! Es geht gar nichts mehr. Hier mein HiJack Log
    Log-Analyse und Auswertung - 10.01.2005 (9)

Zum Thema Trojaner, HiJACK log Positiv, mehr geht nicht! - hi, ja ich habe das forum öfters nach meinem problem durchsucht, aber komme nicht mehr weiter... seit 4 tagen rechnet mein baby einfach echt die fakschen sachen alsp folgendes, ich - Trojaner, HiJACK log Positiv, mehr geht nicht!...
Archiv
Du betrachtest: Trojaner, HiJACK log Positiv, mehr geht nicht! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.