Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Sperrung Online-Banking / "angeblicher" Trojaner

Sperrung Online-Banking / "angeblicher" Trojaner


Plagegeister aller Art und deren Bekämpfung: Sperrung Online-Banking / "angeblicher" Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 11.08.2010, 20:02   #1
Lucajoel
 
Sperrung Online-Banking / "angeblicher" Trojaner - Standard

Sperrung Online-Banking / "angeblicher" Trojaner


Hallo zusammen,

wie viele andere hier in den letzten Tagen kann auch ich aufgrund eines "angeblichen" Trojaners mein Online Banking bei meiner Bank nicht mehr nutzen.
Folgende Programme habe ich bisher angewendet um den "angeblichen" Trojaner aufzuspüren, Maleware oder ähnliches inkl. Datenmüll zu beseitigen:

- Antivir (aktiv im Hintergrund)
- Stinger
- BitDefender
- Panda Online Scanner
- Ad-Aware (aktiv im Hintergrund)
- CCleaner
- Malewarebytes

Hier der Log von Malewarebytes:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4412

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

11.08.2010 20:45:38
mbam-log-2010-08-11 (20-45-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 258713
Laufzeit: 1 Stunde(n), 1 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
und hier die beiden Logs von OTL:

Code:
ATTFilter
OTL logfile created on: 11.08.2010 20:54:41 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,16 Gb Total Space | 85,36 Gb Free Space | 60,05% Space Free | Partition Type: NTFS
Drive D: | 142,93 Gb Total Space | 56,92 Gb Free Space | 39,82% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CHRIS-PC
Current User Name: Chris
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Chris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\D-Link\DWA-160\AirNCFG.exe (D-Link Corp.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
PRC - C:\Windows\System32\sdclt.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\System32\ANIWConnService.exe ()
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Power Strip\PStrip.exe (EnTech Taiwan)
PRC - D:\Winamp\winampa.exe ()
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\SysMonitor.exe ()
PRC - C:\Programme\Acer\Empowering Technology\Framework.Launcher.exe ()
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Chris\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ANIWConnService) -- C:\Windows\System32\ANIWConnService.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (anodlwf) -- C:\Windows\System32\drivers\anodlwf.sys ()
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (arusb_lh) -- C:\Windows\System32\drivers\dwarusb_lh.sys (Atheros Communications, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan)
DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (PStrip) -- C:\Windows\System32\drivers\pstrip.sys (EnTech Taiwan)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1006&m=aspire_x1700
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1006&m=aspire_x1700
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1006&m=aspire_x1700
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.30
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.25 08:52:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.10 20:44:02 | 000,000,000 | ---D | M]
 
[2009.02.02 19:09:40 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions
[2010.08.11 19:36:03 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\4sb65u9t.default\extensions
[2010.07.05 18:42:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\4sb65u9t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.10 17:19:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\4sb65u9t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.08.10 18:59:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\4sb65u9t.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.03.14 14:43:55 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\4sb65u9t.default\extensions\firefox@tvunetworks.com
[2010.03.09 00:26:52 | 000,001,819 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\FireFox\Profiles\4sb65u9t.default\searchplugins\bing.xml
[2010.07.14 20:34:12 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.07.14 20:34:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.03.24 11:10:44 | 000,114,688 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010.07.22 12:12:16 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.22 12:12:16 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.22 12:12:16 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.22 12:12:16 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.22 12:12:16 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programme\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [D-Link D-Link Wireless N Dual Band DWA-160 ] C:\Programme\D-Link\DWA-160\AirNCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Lau File not found
O4 - HKLM..\Run: [EPSON Stylus DX3800 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [WinampAgent] D:\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerStrip.lnk = C:\Programme\Power Strip\PStrip.exe (EnTech Taiwan)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: treubau-gruppe.de ([owa] https in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.11 19:31:35 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2010.08.10 17:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010.08.10 17:03:58 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2010.08.10 17:03:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.10 17:03:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.10 17:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.10 17:03:34 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.10 13:32:48 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2010.08.10 13:32:26 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security
[2010.07.21 06:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010.07.14 20:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.07.14 20:34:26 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.07.14 20:34:10 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.07.14 20:34:10 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.07.14 20:34:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.07.14 20:34:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2008.10.28 12:31:49 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.11 20:54:05 | 002,359,296 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT
[2010.08.11 20:19:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.11 20:19:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.11 19:31:37 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2010.08.11 19:23:49 | 000,012,827 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\PStrip.ini
[2010.08.11 19:23:41 | 000,003,284 | ---- | M] () -- C:\Windows\System32\ANIWZCS{06616A37-7624-4B51-9A2E-3F6DE1048D0B}
[2010.08.11 19:23:41 | 000,003,284 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\ANIWZCS{06616A37-7624-4B51-9A2E-3F6DE1048D0B}
[2010.08.11 19:23:25 | 000,000,006 | ---- | M] () -- C:\Windows\System32\ANIWZCSUSERNAME{06616A37-7624-4B51-9A2E-3F6DE1048D0B}
[2010.08.11 19:22:37 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010.08.11 19:22:36 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.11 19:22:35 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.11 19:22:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.11 19:22:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.11 19:21:43 | 204,353,644 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.08.11 19:17:00 | 000,293,376 | ---- | M] () -- C:\Users\Chris\Desktop\zgy1mt84.exe
[2010.08.10 20:44:22 | 000,012,827 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\PStrip.bak
[2010.08.10 20:44:19 | 000,012,827 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\PStrip.bko
[2010.08.10 20:42:39 | 000,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.10 20:42:39 | 000,065,536 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.10 20:42:27 | 000,012,850 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\PStrip.bk!
[2010.08.10 20:42:26 | 003,716,758 | -H-- | M] () -- C:\Users\Chris\AppData\Local\IconCache.db
[2010.08.05 15:45:29 | 000,000,282 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\ANICONFIG_{06616A37-7624-4B51-9A2E-3F6DE1048D0B}.ini
[2010.08.05 15:45:24 | 000,000,121 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\ANIOIDCONFIG_{06616A37-7624-4B51-9A2E-3F6DE1048D0B}.ini
[2010.07.25 12:30:25 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.07.25 12:29:52 | 000,040,448 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.24 14:10:26 | 000,012,862 | ---- | M] () -- C:\Windows\EPISMG00.SWB
 
========== Files Created - No Company Name ==========
 
[2010.08.11 19:21:43 | 204,353,644 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.08.11 19:16:58 | 000,293,376 | ---- | C] () -- C:\Users\Chris\Desktop\zgy1mt84.exe
[2010.07.24 14:10:26 | 000,012,862 | ---- | C] () -- C:\Windows\EPISMG00.SWB
[2010.01.15 21:03:01 | 000,315,392 | ---- | C] () -- C:\Windows\System32\ANIOApi.dll
[2010.01.15 21:02:51 | 000,258,048 | ---- | C] () -- C:\Windows\System32\wlanapp.dll
[2010.01.15 21:02:51 | 000,204,800 | ---- | C] () -- C:\Windows\System32\aIPH.dll
[2010.01.15 21:02:51 | 000,049,152 | ---- | C] () -- C:\Windows\System32\JJAKEn.dll
[2010.01.15 21:02:51 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AQCKGen.dll
[2010.01.15 21:02:51 | 000,045,115 | ---- | C] () -- C:\Windows\System32\ANICtl.dll
[2010.01.15 21:02:28 | 000,724,992 | ---- | C] () -- C:\Windows\System32\ANIOWPS.dll
[2010.01.15 20:53:30 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\anodlwf.sys
[2009.09.24 05:45:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.02.19 20:37:58 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.02.02 23:08:21 | 000,000,062 | ---- | C] () -- C:\Windows\wininit.ini
[2009.02.02 19:04:54 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008.10.28 04:18:39 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.10.10 15:27:58 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2006.10.10 15:27:58 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
< End of report >


Code:
ATTFilter
OTL Extras logfile created on: 11.08.2010 20:54:41 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,16 Gb Total Space | 85,36 Gb Free Space | 60,05% Space Free | Partition Type: NTFS
Drive D: | 142,93 Gb Total Space | 56,92 Gb Free Space | 39,82% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CHRIS-PC
Current User Name: Chris
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01202F56-BFCD-4119-8DED-93C79D345CCD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{03B1F42F-3A86-44E8-BA96-CCA9528E9ECB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{0539BCC1-5619-4A2B-AAB6-53CEA4326EBA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{2863C0E5-6AA6-4FD0-8634-EC8074CD786A}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{303B9833-829A-4443-8487-E2C562B37B71}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{49E6D984-37B6-4BD8-B34C-F6F1E2BFFE1E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4C8244BF-7018-404E-9C3F-1DA07E406802}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4F930617-4056-4F2F-A7C4-4F3A3E82DB01}" = rport=445 | protocol=6 | dir=out | app=system | 
"{52749251-141B-43B5-B8BE-9B7A68C32F5A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6D45D379-934C-42D4-8EA2-F34BCB06EFE7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{792FA573-14E0-4606-A49D-CB0AD56A24AC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7E1A018E-143C-40BB-9CB5-322AC4D4ED93}" = lport=139 | protocol=6 | dir=in | app=system | 
"{81F4B982-A58A-4590-A2ED-7FD2E7B13288}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{87278016-2AF7-446B-A8D1-8FEBC05D5B0D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8C07B478-C5CB-46BD-A89F-35F48A35510D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8FC0A167-1505-4ED7-86E9-AD57F60C7B8D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B6B2D2DC-C325-488F-80C3-C7069A492FDD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B9936AB1-DAC9-40EC-B3F4-3454EBCE2BCB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DAE3323A-8144-4512-8635-22F1303D0D15}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{E664FFF8-1090-42BB-A82C-66A020978686}" = lport=138 | protocol=17 | dir=in | app=system | 
"{EB36BD36-44E6-4FC5-AFBC-B0571A9D24E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1664C17B-6F3B-4D2A-8234-F6EEBCE33813}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1717417E-9345-41C8-9E41-453C81BD5999}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{368E7E64-B9F3-4895-941E-EF0172E7D41C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{39FE307D-7C1F-4C21-BF5A-D4816C694FED}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9806-to-3.1.1.9835-dede-downloader.exe | 
"{3D5B035F-E003-45CD-AD96-14016954783E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{3E8B8BA7-3305-438F-9E46-8D8D23AD3398}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{44D23A5C-A8B9-4910-8D54-6114A675812B}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9806-to-3.1.1.9835-dede-downloader.exe | 
"{57AAD4A5-C6E0-4AD0-A25A-CDB95318CE99}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{5F89F8FF-8526-464D-9B28-89C616B0372D}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{6E65AC75-4CA4-4AD0-A274-6FF8A64CAF07}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{73E4476F-54FF-45C7-8254-0BF021677B59}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9901-to-3.1.3.9947-dede-downloader.exe | 
"{79ECD430-582B-46BB-A582-26C091A3FF9A}" = protocol=6 | dir=in | app=c:\program files\jens lorek\tubebox!\tubebox.exe | 
"{885C914C-43B7-416B-961F-E0BC9263789A}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{93584CCF-EAE5-4A64-9DF9-CA191EFF64F8}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{9A9AEA28-60B1-477D-A276-B7AE37A3EF71}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A3AE6129-E81D-4EF6-92C0-B8818468DC92}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{A8009488-FE58-4CBD-A059-A16419BAF846}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{AB48091C-8AEA-4F1A-AE09-DBD32E13303E}" = protocol=17 | dir=in | app=c:\program files\jens lorek\tubebox!\tubebox.exe | 
"{B1624835-E67E-45E6-AD63-83171307DAEE}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{B2F79A4A-36D5-4345-9107-7CBE019BCAB7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B4DD9959-42D2-4C03-80EE-31CC48E85113}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{B787436A-0A53-4300-9B0E-80931B5F9FD6}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{B7CAD3B5-28AE-4F9F-9986-8B40B05D4CFB}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{BD6FCBF4-95AE-4754-950B-FB6C785B60E6}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{C288CB0C-06E3-49F3-815E-DBFC5879FD64}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9901-to-3.1.3.9947-dede-downloader.exe | 
"{D03357EE-B605-4380-80EF-C2B3235848AB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{DCF03822-3B16-42DC-94B9-D9EF76A43448}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{F0465D2A-2F77-4DD9-BEB7-D5AA9D689123}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"TCP Query User{014D3408-3C8F-4F3F-9E0E-0461E1B06404}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{0F53EE23-665E-4D04-84DD-E7DC0E70C97B}D:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\tmnationsforever\tmforever.exe | 
"TCP Query User{10AA69B9-369C-4CFF-B7DD-F423CAC9A0AC}D:\warcraft\world of warcraft\patches\wow-3.0.8.9464-to-3.0.8.9506-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.0.8.9464-to-3.0.8.9506-dede-downloader.exe | 
"TCP Query User{14D9CAAE-6081-4949-BA2E-357D01E0B3AE}D:\miranda im\miranda32.exe" = protocol=6 | dir=in | app=d:\miranda im\miranda32.exe | 
"TCP Query User{172259A5-EEC0-43DF-A5F2-5DAEC54FEDF3}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"TCP Query User{1BDF797E-FCAE-4454-AD0E-D56D802A7C7E}D:\warcraft\warcraft 3\warcraft 3 frozen throne v. 1.21\war3.exe" = protocol=6 | dir=in | app=d:\warcraft\warcraft 3\warcraft 3 frozen throne v. 1.21\war3.exe | 
"TCP Query User{265D2892-F7A6-4951-911F-1EB22A52FC77}D:\warcraft\world of warcraft\patches\wow-3.1.2.9901-to-3.1.3.9947-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.1.2.9901-to-3.1.3.9947-dede-downloader.exe | 
"TCP Query User{3BAEC50A-B945-4FA1-838A-65FE58D0E9E1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{3EF5B1A5-1468-46EF-BFC3-9AC9438B3E57}D:\counter strike 1.5\counter strike 1.5\cstrike.exe" = protocol=6 | dir=in | app=d:\counter strike 1.5\counter strike 1.5\cstrike.exe | 
"TCP Query User{483EE4B4-5341-40AD-910A-5FA9BCBE3459}D:\counter strike 1.5\hlsw\hlsw.exe" = protocol=6 | dir=in | app=d:\counter strike 1.5\hlsw\hlsw.exe | 
"TCP Query User{489EF77D-089E-434D-A074-EBB451F9C8A0}D:\warcraft\world of warcraft\patches\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe | 
"TCP Query User{53EFC16D-12E6-45A2-9A5E-C1BA63DDD292}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{5C3715B6-68F8-4445-8717-CB0CE6BC6449}D:\warcraft\world of warcraft\patches\wow-3.0.2.9056-to-3.0.3.9183-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.0.2.9056-to-3.0.3.9183-dede-downloader.exe | 
"TCP Query User{688FEDB5-43C2-4743-8BB2-F77CB96202FB}D:\warcraft\world of warcraft\patches\wow-3.0.8.9506-to-3.0.9.9551-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.0.8.9506-to-3.0.9.9551-dede-downloader.exe | 
"TCP Query User{6C046E32-2983-441B-AB3C-F74A78BF6EEC}D:\counter strike 1.5\counter strike 1.5\cstrike.exe" = protocol=6 | dir=in | app=d:\counter strike 1.5\counter strike 1.5\cstrike.exe | 
"TCP Query User{76FE9FFA-F89A-4E0C-B8DD-FA5DAF950841}D:\warcraft\world of warcraft\patches\wow-3.1.1.9835-to-3.1.2.9901-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.1.1.9835-to-3.1.2.9901-dede-downloader.exe | 
"TCP Query User{77853F1A-8F8B-41BF-A10F-0084CA0AD795}D:\miranda im\miranda32.exe" = protocol=6 | dir=in | app=d:\miranda im\miranda32.exe | 
"TCP Query User{81C5F0A0-AC4D-4E15-825D-60D2E287F972}D:\warcraft\world of warcraft\patches\wow-3.1.0.9767-to-3.1.1.9806-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.1.0.9767-to-3.1.1.9806-dede-downloader.exe | 
"TCP Query User{85E47EDB-6260-4140-9F5D-269D79318A37}D:\warcraft\world of warcraft\patches\wow-3.1.1.9806-to-3.1.1.9835-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.1.1.9806-to-3.1.1.9835-dede-downloader.exe | 
"TCP Query User{8A89D7D4-A33E-4A06-97CD-44DD8434F326}D:\warcraft\world of warcraft\patches\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"TCP Query User{8DCFC606-F15C-4BC8-80BB-4E08D37545C3}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | 
"TCP Query User{968B9B75-8BD4-48E5-94A6-12C03AAAC963}D:\warcraft\world of warcraft\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\world of warcraft\launcher.exe | 
"TCP Query User{A4AE7975-5CE4-498C-B901-E72449C6441E}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | 
"TCP Query User{ABF42030-69E4-4260-8A0B-7DADFEC6CFE3}D:\warcraft\world of warcraft\world of warcraft\patches\wow-3.0.2.9056-to-3.0.3.9183-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\world of warcraft\patches\wow-3.0.2.9056-to-3.0.3.9183-dede-downloader.exe | 
"TCP Query User{B596A1EC-BA91-47D3-B55B-6DC0CB50682F}D:\miranda im\miranda alt\miranda32.exe" = protocol=6 | dir=in | app=d:\miranda im\miranda alt\miranda32.exe | 
"TCP Query User{B6329C39-84D8-406D-BB93-7B61264660F1}C:\users\chris\desktop\blobby volley 2\blobby.exe" = protocol=6 | dir=in | app=c:\users\chris\desktop\blobby volley 2\blobby.exe | 
"TCP Query User{B9B856C8-E444-433E-9693-EC39841C49CD}D:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\tmnationsforever\tmforever.exe | 
"TCP Query User{DDF01C1C-0888-47BB-8AF1-6E5B71835265}D:\warcraft\world of warcraft\patches\wow-3.0.3.9183-to-3.0.8.9464-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.0.3.9183-to-3.0.8.9464-dede-downloader.exe | 
"TCP Query User{E3122978-473C-4F2F-8ACF-96B229892C6C}D:\warcraft\world of warcraft\wow-2.4.2.8278-to-2.4.3.8606-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\wow-2.4.2.8278-to-2.4.3.8606-dede-downloader.exe | 
"TCP Query User{EFD4302E-99BF-4CFD-BE23-78839D3431EF}D:\counter strike 1.5\hlsw\hlsw.exe" = protocol=6 | dir=in | app=d:\counter strike 1.5\hlsw\hlsw.exe | 
"TCP Query User{F2F9EC93-E7F4-48B8-8202-31120E876290}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{FA609952-2B4D-4BB9-BA58-71773C5A639D}D:\miranda alt\miranda32.exe" = protocol=6 | dir=in | app=d:\miranda alt\miranda32.exe | 
"TCP Query User{FA73D6BE-EB37-462A-A757-26C3373FA7B3}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{001C37FE-B9D4-4D59-B77A-9D071863C73B}D:\warcraft\world of warcraft\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\world of warcraft\launcher.exe | 
"UDP Query User{0321AA03-A4A3-4B45-B20C-591E3071179C}D:\counter strike 1.5\counter strike 1.5\cstrike.exe" = protocol=17 | dir=in | app=d:\counter strike 1.5\counter strike 1.5\cstrike.exe | 
"UDP Query User{0EEC9EAE-0F33-45C3-A1E3-8250562D475B}D:\miranda alt\miranda32.exe" = protocol=17 | dir=in | app=d:\miranda alt\miranda32.exe | 
"UDP Query User{102C81D6-F84D-4543-955C-DA6AFAFC511B}D:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\tmnationsforever\tmforever.exe | 
"UDP Query User{18CAFA5D-D1AC-47E1-A209-C9D23CE845A9}D:\warcraft\warcraft 3\warcraft 3 frozen throne v. 1.21\war3.exe" = protocol=17 | dir=in | app=d:\warcraft\warcraft 3\warcraft 3 frozen throne v. 1.21\war3.exe | 
"UDP Query User{203E9D7C-06E2-482F-9945-725C4F9E2F2A}D:\warcraft\world of warcraft\patches\wow-3.1.2.9901-to-3.1.3.9947-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.1.2.9901-to-3.1.3.9947-dede-downloader.exe | 
"UDP Query User{29FFAFEC-37D1-4357-A0CF-7CACCB7D69BA}C:\users\chris\desktop\blobby volley 2\blobby.exe" = protocol=17 | dir=in | app=c:\users\chris\desktop\blobby volley 2\blobby.exe | 
"UDP Query User{34AC9289-7BBF-4EDF-B3EF-3622C2E950B9}D:\counter strike 1.5\hlsw\hlsw.exe" = protocol=17 | dir=in | app=d:\counter strike 1.5\hlsw\hlsw.exe | 
"UDP Query User{57FB403D-F292-4830-A716-7984BB295C92}D:\warcraft\world of warcraft\patches\wow-3.0.2.9056-to-3.0.3.9183-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.0.2.9056-to-3.0.3.9183-dede-downloader.exe | 
"UDP Query User{630442D5-5FDF-4CA9-A9A1-E170EC1645C8}D:\warcraft\world of warcraft\wow-2.4.2.8278-to-2.4.3.8606-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\wow-2.4.2.8278-to-2.4.3.8606-dede-downloader.exe | 
"UDP Query User{63BC11C3-E2C4-4A05-A014-997C2C21C723}D:\warcraft\world of warcraft\patches\wow-3.1.1.9806-to-3.1.1.9835-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.1.1.9806-to-3.1.1.9835-dede-downloader.exe | 
"UDP Query User{6609D66B-1FD7-4B84-931C-FF3B926F8877}D:\warcraft\world of warcraft\patches\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"UDP Query User{6BFC8961-B66C-448B-A386-D2711DAD3F8E}D:\warcraft\world of warcraft\patches\wow-3.1.0.9767-to-3.1.1.9806-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.1.0.9767-to-3.1.1.9806-dede-downloader.exe | 
"UDP Query User{6F8D7D33-BB2E-43AF-9EB7-78A31A730F84}D:\miranda im\miranda32.exe" = protocol=17 | dir=in | app=d:\miranda im\miranda32.exe | 
"UDP Query User{754B791C-B261-480B-BB01-BA4C1B61240F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{75A82D63-B8F8-4864-9DBE-C5D49C0F5B6F}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{77F178E9-7F82-4A13-8AF8-A095BEE98647}D:\warcraft\world of warcraft\patches\wow-3.0.8.9506-to-3.0.9.9551-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.0.8.9506-to-3.0.9.9551-dede-downloader.exe | 
"UDP Query User{7D4A438A-C3B6-4F0C-96B5-F7EBE8EE5269}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | 
"UDP Query User{9F67A858-1B46-40FF-A177-5644B9722743}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{A42BE327-CDD0-4CF2-932E-356772662B06}D:\warcraft\world of warcraft\patches\wow-3.0.3.9183-to-3.0.8.9464-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.0.3.9183-to-3.0.8.9464-dede-downloader.exe | 
"UDP Query User{A64C5229-7FB5-4CE1-8195-3AC35BA862DC}D:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\tmnationsforever\tmforever.exe | 
"UDP Query User{B24D4E91-4F53-4907-AC68-B2425814FE4A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{B53B1BF0-FE3B-4FF5-97CF-CC741FF732D5}D:\warcraft\world of warcraft\patches\wow-3.0.8.9464-to-3.0.8.9506-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.0.8.9464-to-3.0.8.9506-dede-downloader.exe | 
"UDP Query User{B64C4508-09A2-4F21-B0E5-0FAC1415C2CD}D:\warcraft\world of warcraft\patches\wow-3.1.1.9835-to-3.1.2.9901-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.1.1.9835-to-3.1.2.9901-dede-downloader.exe | 
"UDP Query User{BB0828FB-6627-4813-BACC-AC651D691F8C}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | 
"UDP Query User{BC3D18CC-DD7F-4E7E-ABDD-938A10B002DD}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{C673AFC7-5A7D-45C8-9739-6D02E85CEF53}D:\miranda im\miranda alt\miranda32.exe" = protocol=17 | dir=in | app=d:\miranda im\miranda alt\miranda32.exe | 
"UDP Query User{C7BAD277-6407-4BEE-A7FE-4B87CD00FBC1}D:\warcraft\world of warcraft\patches\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe | 
"UDP Query User{CD7C9105-9C69-4F70-A287-6EDC8EC445F6}D:\warcraft\world of warcraft\world of warcraft\patches\wow-3.0.2.9056-to-3.0.3.9183-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\world of warcraft\patches\wow-3.0.2.9056-to-3.0.3.9183-dede-downloader.exe | 
"UDP Query User{D7BEEB7A-1829-4A3C-BAF4-04DE74ED55BF}D:\miranda im\miranda32.exe" = protocol=17 | dir=in | app=d:\miranda im\miranda32.exe | 
"UDP Query User{EE573A79-27BE-41A7-9375-5F2A9F8F830D}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{F92D07A5-953B-46D4-AE25-66EDFFC6099A}D:\counter strike 1.5\hlsw\hlsw.exe" = protocol=17 | dir=in | app=d:\counter strike 1.5\hlsw\hlsw.exe | 
"UDP Query User{F9BD23FC-06DC-413C-B143-5E9A32B2790F}D:\counter strike 1.5\counter strike 1.5\cstrike.exe" = protocol=17 | dir=in | app=d:\counter strike 1.5\counter strike 1.5\cstrike.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 20
"{294A97F8-CC15-41F7-8718-CEE6B0C7D7E0}" = D-Link Wireless N Dual Band DWA-160 
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2E2F9C65-38BC-4400-A27C-D65A507587D0}" = TubeBox!
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{818FB39B-1A57-4F1B-A54D-391C33D6C586}" = Tropico
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{92276389-DD58-4D04-ADB8-64416EE139AD}" = D-Link Wireless N Dual Band DWA-160 
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC14F40D-7C13-4F3A-9F4A-3835D7642036}" = PE585QAEncoder-32
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D761C5D2-E727-415A-BC4E-52642CEA1A1C}" = TubeBox!
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azureus" = Azureus
"BLASC 2.0" = BLASC 2.0
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miranda IM" = Miranda IM 0.8.4
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NVIDIA Drivers" = NVIDIA Drivers
"PowerStrip 3 (remove only)" = PowerStrip 3 (remove only)
"RollerCoaster Tycoon Setup" = Roll
"Tiberian Sun" = Command & Conquer Teil 3: Operation Tiberian Sun
"TmNationsForever_is1" = TmNationsForever
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.07.2010 06:21:56 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b14e, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x01bcb5ed,  Prozess-ID 0x114, Anwendungsstartzeit
 01cb2be333e2ead1.
 
Error - 25.07.2010 06:22:01 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b14e, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x02cdb5ed,  Prozess-ID 0x650, Anwendungsstartzeit
 01cb2be336528b41.
 
Error - 25.07.2010 06:22:06 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b14e, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0201b5ed,  Prozess-ID 0x17c0, Anwendungsstartzeit
 01cb2be339788361.
 
Error - 25.07.2010 06:22:10 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b14e, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x019cb5ed,  Prozess-ID 0x1f4, Anwendungsstartzeit
 01cb2be33c9d9121.
 
Error - 25.07.2010 06:22:15 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b14e, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0208b5ed,  Prozess-ID 0x1560, Anwendungsstartzeit
 01cb2be33f067ad1.
 
Error - 25.07.2010 06:29:53 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
 0x49e01da5, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00000080,  Prozess-ID 0xb98, Anwendungsstartzeit
 01cb2bd002829b61.
 
Error - 25.07.2010 11:50:37 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b14e, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0056b5ed,  Prozess-ID 0x17d0, Anwendungsstartzeit
 01cb2c111ef31b50.
 
Error - 25.07.2010 11:50:45 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b14e, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x020cb5ed,  Prozess-ID 0x1408, Anwendungsstartzeit
 01cb2c1122ddc300.
 
Error - 26.07.2010 00:11:47 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b14e, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0153b5ed,  Prozess-ID 0x1dc, Anwendungsstartzeit
 01cb2c78a963e528.
 
Error - 26.07.2010 11:51:50 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 09.08.2010 11:54:26 | Computer Name = Chris-PC | Source = nvstor32 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.
 
Error - 09.08.2010 11:54:39 | Computer Name = Chris-PC | Source = nvstor32 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.
 
Error - 09.08.2010 11:54:51 | Computer Name = Chris-PC | Source = nvstor32 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.
 
Error - 09.08.2010 11:55:04 | Computer Name = Chris-PC | Source = nvstor32 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.
 
Error - 09.08.2010 11:55:17 | Computer Name = Chris-PC | Source = nvstor32 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.
 
Error - 09.08.2010 11:55:30 | Computer Name = Chris-PC | Source = nvstor32 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.
 
Error - 10.08.2010 14:25:59 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.08.2010 14:43:57 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 11.08.2010 13:22:19 | Computer Name = Chris-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 11.08.2010 um 19:19:41 unerwartet heruntergefahren.
 
Error - 11.08.2010 13:22:47 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

Gmer verursacht bei mir leider einen Systemcrash, daher kann ich den Log-File nicht beifügen.

Über eure Hilfe zur weiteren Vorgehensweise wäre ich dankbar. Ich hoffe das Problem lässt sich auch ohne Neuinstallation des Systems beheben.

by the way: Neue Bankzugangsdaten habe ich bereits angefodert. In Zukunft erfolgt die TAN mittels Handy, das sollte sicher sein.

Gruß Lucajoel

 

Themen zu Sperrung Online-Banking / "angeblicher" Trojaner
0x00000001, acroiehelper.dll, ad-aware, adblock, antivir, avgntflt.sys, avira, bho, components, corp./icp, dllhost.exe, downloader, e-banking, error, excel, excel.exe, firefox, firefox.exe, flash player, google, home, home premium, install.exe, location, logfile, maleware, mozilla, nvlddmkm.sys, nvstor.sys, oldtimer, otl.exe, plug-in, popup, problem, programdata, realtek, registry, saver, scan, sched.exe, searchplugins, shell32.dll, software, start menu, studio, svchost.exe, trojane, trojaner, tubebox, usb, vista


« Antivir-Meldung: TR/PSW.Papras.AB | Programme/Games starten nach Antimalware Doctor nicht mehr »


Ähnliche Themen: Sperrung Online-Banking / "angeblicher" Trojaner


  1. Danke an COSINUS betr. "Online-Banking-Account gesperrt - Verdacht auf Trojaner"
    Lob, Kritik und Wünsche - 06.09.2015 (1)
  2. Meldung Sperrung des Browsers durch "Interpol" mit Paysafe Zahlungsaufforderung
    Plagegeister aller Art und deren Bekämpfung - 29.06.2015 (14)
  3. Warnung vor E-Banking Trojaner "Dyre" in der Schweiz
    Diskussionsforum - 11.05.2015 (2)
  4. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  5. Windows 7 Trojaner führt zur Sperrung von Online Banking
    Log-Analyse und Auswertung - 29.06.2014 (16)
  6. Wiederholte sperrung der Online-Banking funktion
    Plagegeister aller Art und deren Bekämpfung - 13.08.2013 (11)
  7. Online Banking – Sicherheitsabfrage und andere Probleme - laut Kripo "guter Virus"
    Plagegeister aller Art und deren Bekämpfung - 11.07.2013 (17)
  8. Angeblicher "LulzSec-Anführer" nur ein Möchtegern-Hacker
    Nachrichten - 26.04.2013 (0)
  9. Banking-Trojaner "Gauss" vermutlich mit staatlichem Auftrag
    Nachrichten - 09.08.2012 (0)
  10. Trojaner stört Online-Banking "Umstrukturierung..."
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (3)
  11. Links auf Antiviren Seiten werden mit Google 404 abgefangen, Online Banking Daten "gestohlen"
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (2)
  12. größere Downloads brechen ab / Online Banking wird mit "Sicherheitsmaske" überdeckt
    Log-Analyse und Auswertung - 12.04.2012 (18)
  13. Sparkasse Online Banking Meldung "Ihrer Computer wird identifiziert..."
    Plagegeister aller Art und deren Bekämpfung - 07.12.2011 (6)
  14. Online Banking Trojaner "AppData\Local\Temp\charover.dll"
    Plagegeister aller Art und deren Bekämpfung - 06.11.2010 (14)
  15. Online-Banking wegen Trojaner "gozi" gesperrt
    Plagegeister aller Art und deren Bekämpfung - 04.11.2010 (28)
  16. Trojanerangriff auf Comdirect-Konto und Sperrung, Java-Virus, "Christian..."??
    Plagegeister aller Art und deren Bekämpfung - 28.10.2010 (10)
  17. "gutmütiger" Trojaner - online in "befreundeten" pc einloggen
    Alles rund um Windows - 19.10.2007 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Sperrung Online-Banking / "angeblicher" Trojaner - Hallo zusammen, wie viele andere hier in den letzten Tagen kann auch ich aufgrund eines "angeblichen" Trojaners mein Online Banking bei meiner Bank nicht mehr nutzen. Folgende Programme habe ich - Sperrung Online-Banking / "angeblicher" Trojaner...
Archiv
Du betrachtest: Sperrung Online-Banking / "angeblicher" Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131