Hi Leute,
ich habe leider vor kurzem meine ersten grausamen Erfahrungen mit Fake-Antivirus Software gemacht. Am 30.05 habe ich mir das erste mal die Malware
Antyspyware Soft eingefangen und mit Hilfe der Trojaner Board Anleitungen vermutlich erfolgreich beseitigen können (Malwarebytes' Anti Malware, Super Antispyware & CCleaner).
Etwa eine Woche später habe ich mir dann auf völlig anderem Wege den
Antimalware Doctor geangelt. Ich habe direkt reagiert, rkill gestartet, Windows im abgesicherten Modus mit Netzwerktreibern neu gestartet, Malwarebytes & Super Anti Spyware mit neuesten Updates laufen und Funde entfernen lassen.
Ich habe zusätzlich ominöse Einträge aus dem Systemstart mittels CCleaner entfernt (Werte habe ich vergessen, aber alles vorher gegoogelt um sicherzugehen, dass es sich um schädliche Einträge handelt), die Proxy Einstellungen gecheckt und auch OTL laut Anleitung laufen lassen. OTL sagt mir nur, dass keine Fixes vorgesehen sind.
Nachdem ich mir sicher war, dass ich alles erdenkliche erledigt habe, habe ich normal neu gestartet und als ich mittels Firefox ins Internet gehen wollte, kamen direkt diverse Meldungen von Antivir, dass diverse .exe Programme mit seltsamen Namen irgendetwas anstellen wollten.
Ich habe auf Zugriff verweigern geklickt, direkt alle Programme beendet und den Rechner wieder neugestartet im abgesicherten Modus mit Netzwerktreibern. Malwarebytes hat im Quick Scan nichts mehr gefunden, Super Anti Spyware hatte schon wieder einen Trojan/Gen. Der wurde gelöscht, wieder neugestartet, wieder beide Tools im Quick Scan laufen lassen und diesmal keine Funde mehr.
Ich vermute folglich, dass immernoch Spuren oder gar ganze Viren auf meinem Rechner bestehen. Was kann ich noch tun?
Hier der letzte Log von Malwarebytes:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4178
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18904
08.06.2010 15:57:26
mbam-log-2010-06-08 (15-57-26).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 122162
Laufzeit: 3 Minute(n), 38 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
soweit, so gut...
Hier noch OTL Logs:
EXTRAS:
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 08.06.2010 12:40:55 - Run 5
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Admin\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 7,00 Gb Available Physical Memory | 85,00% Memory free
16,00 Gb Paging File | 15,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 300,62 Gb Free Space | 64,54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 2,79 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
Drive G: | 27,08 Gb Total Space | 26,99 Gb Free Space | 99,67% Space Free | Partition Type: NTFS
Drive H: | 957,03 Gb Total Space | 518,74 Gb Free Space | 54,20% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Computer Name: ****
Current User Name: Admin
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2689648100-524463370-2763475101-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = UltraEdit.ini] -- C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\UEdit32.exe (IDM Computer Solutions, Inc.)
.js [@ = UltraEdit.js] -- C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\UEdit32.exe (IDM Computer Solutions, Inc.)
.txt [@ = UltraEdit.txt] -- C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\UEdit32.exe (IDM Computer Solutions, Inc.)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 6F 56 51 9D 3B E1 C8 01 [binary data]
"VistaSp2" = 16 F9 1E 1F F7 57 CA 01 [binary data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7A3CCC8D-3BAF-45CE-9333-7797B9F85D03}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03E92BC8-9D89-4421-9605-1CD6F396B29B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1D02957A-C012-4D9B-AE12-13078A10FED4}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\prototype\prototypef.exe |
"{22C4CF2F-8C29-4F8B-86AA-79EB50579B13}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{2A2DF771-1871-49D5-9B21-7EB37829DBA0}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2010\pes2010.exe |
"{3B1245F5-FA25-4764-A7AD-0861095A18A5}" = protocol=6 | dir=in | app=c:\users\admin\desktop\pes2009.exe |
"{3E1FC93D-6CF5-43CD-AA75-AEDC9175FC7C}" = protocol=17 | dir=in | app=c:\program files (x86)\sightspeed\sightspeed.exe |
"{47C806A5-90E7-40B6-A9CD-9553F8F88FA2}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4C4134BC-215D-4E52-83D9-DAAF50D86FA7}" = protocol=17 | dir=in | app=c:\program files (x86)\melloware\intelliremote\intelliremote.exe |
"{4C4AF63E-BCAC-4BFE-8D1A-D87677CA27D5}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{4C70ECA6-E55E-4245-BBD9-BAC3D905880F}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2009\pes2009.exe |
"{55F96F31-2783-44F8-9AD3-15C68CB48063}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe |
"{5A21F97C-3720-42BB-99FA-BE3262878EC1}" = protocol=17 | dir=in | app=c:\users\admin\appdata\roaming\miranda\received files\433573467\utorrent15.exe |
"{6946B03A-D5CE-47E0-8586-ABA3AA9A5AE6}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{6B8504FA-BAC6-41CF-B16C-690CE8677937}" = protocol=17 | dir=in | app=c:\program files (x86)\concept design\onlinetv 5\onlinetv.exe |
"{75593F06-6F77-4918-9028-8EF7785AC508}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{77BE3E79-6E80-4212-8F05-80BBD9E2F270}" = dir=in | app=c:\windows\explorer.exe |
"{7ACC6E87-8C12-4adb-91B7-EFC3F2F4705A}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{7E698001-A21A-4CBE-AEC5-5971CF5FEF99}" = protocol=6 | dir=in | app=c:\program files (x86)\concept design\onlinetv 5\onlinetv.exe |
"{805BFD95-772C-4935-B851-7D3683537F07}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{8D4DF3B7-3E67-48E3-9DB4-CD15B93FC108}" = protocol=17 | dir=in | app=c:\program files (x86)\concept design\onlinetv 5\onlinetv.exe |
"{92459C5E-D350-4cba-AA74-C8F989C9336F}" = protocol=17 | dir=out | app=c:\windows\explorer.exe |
"{97FBB594-379A-4B97-BBF1-2DD9BC3ABDBB}" = protocol=17 | dir=in | app=c:\users\admin\desktop\pes2009.exe |
"{9B4D4BBA-7498-4E0D-875F-851C4EE536BD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{A1F88CA9-7AFE-4B24-9BE4-769DA8B22D3D}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A1FB3EA1-B56F-4163-BD65-7890CCEFF4DC}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2009\pes2009.exe |
"{A6C26DF9-B90B-40DB-8BA0-E8A876ECFAA8}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{A943992C-C3C8-4910-8DAB-2D25F4D01DA0}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2010\pes2010.exe |
"{AC616ED1-F44C-4A17-9662-701BE52E0C7E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{ACC0A4DC-0AB6-4810-8187-CCD23FFD8200}" = protocol=6 | dir=in | app=c:\program files (x86)\melloware\intelliremote\intelliremote.exe |
"{AD61F82C-C298-4FB8-B45F-4D11B58DDF36}" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\asam.exe |
"{B078B2B6-A878-44ff-9BCC-458257924F96}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{B1A40E4F-58DB-490f-9D18-55B5194E8BD5}" = protocol=6 | dir=out | app=c:\windows\explorer.exe |
"{B645DC53-26F0-468B-8C72-8AF53E9BDE63}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{C3E9B20A-B7E2-4aab-9835-3C548937E46F}" = dir=out | app=c:\windows\explorer.exe |
"{C5F37A26-D13C-4BBF-8D91-42535AA6B7E4}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2009\pes2009.exe |
"{C6EA0247-2374-4FB7-AD3C-255A3CA428A3}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C8999DEA-AF67-4340-BD77-A8A6FBE4D778}" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\asam.exe |
"{CFA74FCA-BCCF-40F5-95DB-D5AFF4800D2D}" = protocol=6 | dir=in | app=c:\program files (x86)\concept design\onlinetv 5\onlinetv.exe |
"{D686A19E-C3B1-4798-975F-175B92530A7C}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{EB9CA098-E47B-4220-BF63-7F9FB9B050DD}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\prototype\prototypef.exe |
"{EF953611-2C18-4967-9F02-9A7404532EE8}" = protocol=6 | dir=in | app=c:\program files (x86)\sightspeed\sightspeed.exe |
"{F0EFED77-E4A8-41AE-8D60-42C3E6799358}" = protocol=6 | dir=in | app=c:\users\admin\appdata\roaming\miranda\received files\433573467\utorrent15.exe |
"{F925CD87-812C-45BA-8995-A3060E3ACFC3}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe |
"{FCCFBDAD-5D50-449B-98CE-D6E201568654}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2009\pes2009.exe |
"TCP Query User{27D4C0AD-E2AA-4B2E-843D-3D18B8670A0A}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{2BF86EBA-9821-4739-8F7E-57DF8D5B1A5E}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{3CDE5E43-9B0A-4332-B5A0-55209AB04EDA}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{4474EC4D-DD89-4F61-9E80-7BBDBE5F4F9B}C:\program files (x86)\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\launch4j-tmp\jdownloader.exe |
"TCP Query User{492CA494-8D41-46D3-8E93-D3714DE5EECA}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{5DDF32B4-49EF-4CC8-96AE-1889D00F9337}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe |
"TCP Query User{6EB6B5BB-9FCB-4CB9-98A4-3183F1106DB3}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{7B0B0412-3286-4CC2-AB9F-1F02C7E82812}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{D1413031-318A-407D-9564-34CCF8F32931}C:\program files (x86)\inner four inc\fone2mouse\fone2mouse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\inner four inc\fone2mouse\fone2mouse.exe |
"TCP Query User{DC75E453-631A-4E0F-868D-88B4AD5F7436}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{E35A7DA6-E01B-4B7D-9C7F-DD0EFF96B16C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{E4479CFD-E98E-418F-B5E6-B6D72E696DCC}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{E4BB9B1D-2060-4B60-A1BB-54B89659D48F}C:\program files (x86)\saints row 2\sr2_pc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\saints row 2\sr2_pc.exe |
"TCP Query User{EBBB8502-14EC-406F-A244-3286B6B058EB}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{035B0C99-3000-432F-B1C5-07AD7BDABB0C}C:\program files (x86)\saints row 2\sr2_pc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\saints row 2\sr2_pc.exe |
"UDP Query User{1B802FBF-F607-4E85-A38C-526F8ABBF16C}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe |
"UDP Query User{1D4587B2-B23B-4EEA-A3F6-2F834F83BFEF}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{1E051191-EA97-4CFD-9FE6-B8FA6A05E8B8}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{3CA0D460-C0DE-4B20-95C9-2C6D99093086}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{3FF32223-9B64-4682-9ADF-3F8AEC37104A}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{6BF95A3A-32A6-404D-82D7-16A3BE26F4DD}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{6DAC724C-2CF2-4FB8-B6AF-44F72560DA8E}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{842AA8BB-1010-49A3-991F-535C593DCBCF}C:\program files (x86)\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\launch4j-tmp\jdownloader.exe |
"UDP Query User{8C6518CA-D830-4ED1-AF7E-F43CC19272BE}C:\program files (x86)\inner four inc\fone2mouse\fone2mouse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\inner four inc\fone2mouse\fone2mouse.exe |
"UDP Query User{902F0FA7-4945-4772-9128-0D6802664DF1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{A065AACD-3D89-47A5-B5C2-E5E034D808BB}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{A7B1A0B7-29C3-46BF-A389-4B6E09CCE1D4}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{D2632A1F-ED52-424A-904C-C0519BD12FE6}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2BEA2CD8-1A5D-4ADC-B000-C2A3207A6FCD}" = MobileMe Control Panel
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{850C7AF6-7376-464D-A69C-E8419EC7ACA7}" = Microsoft IntelliType Pro 7.0
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D5EB02-DE18-4DCD-A713-929B4461CA8D}" = iTunes
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour
"{C74A84EC-7C5F-4C36-A4A6-381E516D643B}" = Microsoft IntelliPoint 7.0
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"Creative VF0420" = Creative Live! Cam Vista IM Driver (1.00.03.0000)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"StreamedComparison" = StreamedComparison
"VistaFirewallControl (i386)_is1" = VistaFirewallControl 2.5.7.25
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 07.06.2010 12:13:26 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung vlc.exe, Version 0.8.6.0, Zeitstempel 0x47f2ba07,
fehlerhaftes Modul msvcrt.dll, Version 7.0.6002.18005, Zeitstempel 0x49e0379e,
Ausnahmecode 0xc0000005, Fehleroffset 0x00009db9, Prozess-ID 0xef4, Anwendungsstartzeit
01cb065c5b42ccca.
Error - 07.06.2010 16:02:08 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 07.06.2010 16:02:11 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 07.06.2010 16:02:22 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung cxgxdna.exe, Version 2.4.4587.1000, Zeitstempel
0x47ac125f, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00331698, Prozess-ID 0x1394, Anwendungsstartzeit
01cb067c57203eaa.
Error - 07.06.2010 16:03:23 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RocketDock.exe, Version 0.0.0.0, Zeitstempel
0x46db07ea, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03824,
Ausnahmecode 0xc0000005, Fehleroffset 0x0006020b, Prozess-ID 0x878, Anwendungsstartzeit
01cb061dd2f111da.
Error - 07.06.2010 16:08:39 | Computer Name = Admin-PC | Source = EventSystem | ID = 4609
Description =
Error - 07.06.2010 17:16:39 | Computer Name = Admin-PC | Source = EventSystem | ID = 4609
Description =
Error - 07.06.2010 20:43:54 | Computer Name = Admin-PC | Source = EventSystem | ID = 4609
Description =
Error - 08.06.2010 04:37:20 | Computer Name = Admin-PC | Source = EventSystem | ID = 4609
Description =
Error - 08.06.2010 05:54:25 | Computer Name = Admin-PC | Source = EventSystem | ID = 4609
Description =
[ System Events ]
Error - 08.06.2010 04:37:20 | Computer Name = Admin-PC | Source = DCOM | ID = 10005
Description =
Error - 08.06.2010 04:37:24 | Computer Name = Admin-PC | Source = DCOM | ID = 10005
Description =
Error - 08.06.2010 04:38:04 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 08.06.2010 04:38:04 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 08.06.2010 05:54:16 | Computer Name = Admin-PC | Source = DCOM | ID = 10005
Description =
Error - 08.06.2010 05:54:25 | Computer Name = Admin-PC | Source = DCOM | ID = 10005
Description =
Error - 08.06.2010 05:54:28 | Computer Name = Admin-PC | Source = DCOM | ID = 10005
Description =
Error - 08.06.2010 05:55:16 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 08.06.2010 05:55:16 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 08.06.2010 06:35:07 | Computer Name = Admin-PC | Source = DCOM | ID = 10005
Description =
< End of report >
--- --- ---
Was kann ich noch tun? Sieht eigentlich meiner Meinung nach sauber aus...
Pinzi
