Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Sperrung Online-Banking / "angeblicher" Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.08.2010, 21:02   #1
Lucajoel
 
Sperrung Online-Banking / "angeblicher" Trojaner - Standard

Sperrung Online-Banking / "angeblicher" Trojaner



Hallo zusammen,

wie viele andere hier in den letzten Tagen kann auch ich aufgrund eines "angeblichen" Trojaners mein Online Banking bei meiner Bank nicht mehr nutzen.
Folgende Programme habe ich bisher angewendet um den "angeblichen" Trojaner aufzuspüren, Maleware oder ähnliches inkl. Datenmüll zu beseitigen:

- Antivir (aktiv im Hintergrund)
- Stinger
- BitDefender
- Panda Online Scanner
- Ad-Aware (aktiv im Hintergrund)
- CCleaner
- Malewarebytes

Hier der Log von Malewarebytes:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4412

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

11.08.2010 20:45:38
mbam-log-2010-08-11 (20-45-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 258713
Laufzeit: 1 Stunde(n), 1 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
und hier die beiden Logs von OTL:

Code:
ATTFilter
OTL logfile created on: 11.08.2010 20:54:41 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,16 Gb Total Space | 85,36 Gb Free Space | 60,05% Space Free | Partition Type: NTFS
Drive D: | 142,93 Gb Total Space | 56,92 Gb Free Space | 39,82% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CHRIS-PC
Current User Name: Chris
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Chris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\D-Link\DWA-160\AirNCFG.exe (D-Link Corp.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
PRC - C:\Windows\System32\sdclt.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\System32\ANIWConnService.exe ()
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Power Strip\PStrip.exe (EnTech Taiwan)
PRC - D:\Winamp\winampa.exe ()
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\SysMonitor.exe ()
PRC - C:\Programme\Acer\Empowering Technology\Framework.Launcher.exe ()
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Chris\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ANIWConnService) -- C:\Windows\System32\ANIWConnService.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (anodlwf) -- C:\Windows\System32\drivers\anodlwf.sys ()
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (arusb_lh) -- C:\Windows\System32\drivers\dwarusb_lh.sys (Atheros Communications, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan)
DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (PStrip) -- C:\Windows\System32\drivers\pstrip.sys (EnTech Taiwan)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1006&m=aspire_x1700
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1006&m=aspire_x1700
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1006&m=aspire_x1700
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.30
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.25 08:52:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.10 20:44:02 | 000,000,000 | ---D | M]
 
[2009.02.02 19:09:40 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions
[2010.08.11 19:36:03 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\4sb65u9t.default\extensions
[2010.07.05 18:42:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\4sb65u9t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.10 17:19:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\4sb65u9t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.08.10 18:59:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\4sb65u9t.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.03.14 14:43:55 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\4sb65u9t.default\extensions\firefox@tvunetworks.com
[2010.03.09 00:26:52 | 000,001,819 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\FireFox\Profiles\4sb65u9t.default\searchplugins\bing.xml
[2010.07.14 20:34:12 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.07.14 20:34:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.03.24 11:10:44 | 000,114,688 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010.07.22 12:12:16 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.22 12:12:16 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.22 12:12:16 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.22 12:12:16 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.22 12:12:16 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programme\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [D-Link D-Link Wireless N Dual Band DWA-160 ] C:\Programme\D-Link\DWA-160\AirNCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Lau File not found
O4 - HKLM..\Run: [EPSON Stylus DX3800 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [WinampAgent] D:\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerStrip.lnk = C:\Programme\Power Strip\PStrip.exe (EnTech Taiwan)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: treubau-gruppe.de ([owa] https in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.11 19:31:35 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2010.08.10 17:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010.08.10 17:03:58 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2010.08.10 17:03:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.10 17:03:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.10 17:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.10 17:03:34 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.10 13:32:48 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2010.08.10 13:32:26 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security
[2010.07.21 06:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010.07.14 20:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.07.14 20:34:26 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.07.14 20:34:10 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.07.14 20:34:10 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.07.14 20:34:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.07.14 20:34:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2008.10.28 12:31:49 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.11 20:54:05 | 002,359,296 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT
[2010.08.11 20:19:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.11 20:19:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.11 19:31:37 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2010.08.11 19:23:49 | 000,012,827 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\PStrip.ini
[2010.08.11 19:23:41 | 000,003,284 | ---- | M] () -- C:\Windows\System32\ANIWZCS{06616A37-7624-4B51-9A2E-3F6DE1048D0B}
[2010.08.11 19:23:41 | 000,003,284 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\ANIWZCS{06616A37-7624-4B51-9A2E-3F6DE1048D0B}
[2010.08.11 19:23:25 | 000,000,006 | ---- | M] () -- C:\Windows\System32\ANIWZCSUSERNAME{06616A37-7624-4B51-9A2E-3F6DE1048D0B}
[2010.08.11 19:22:37 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010.08.11 19:22:36 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.11 19:22:35 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.11 19:22:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.11 19:22:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.11 19:21:43 | 204,353,644 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.08.11 19:17:00 | 000,293,376 | ---- | M] () -- C:\Users\Chris\Desktop\zgy1mt84.exe
[2010.08.10 20:44:22 | 000,012,827 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\PStrip.bak
[2010.08.10 20:44:19 | 000,012,827 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\PStrip.bko
[2010.08.10 20:42:39 | 000,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.10 20:42:39 | 000,065,536 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.10 20:42:27 | 000,012,850 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\PStrip.bk!
[2010.08.10 20:42:26 | 003,716,758 | -H-- | M] () -- C:\Users\Chris\AppData\Local\IconCache.db
[2010.08.05 15:45:29 | 000,000,282 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\ANICONFIG_{06616A37-7624-4B51-9A2E-3F6DE1048D0B}.ini
[2010.08.05 15:45:24 | 000,000,121 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\ANIOIDCONFIG_{06616A37-7624-4B51-9A2E-3F6DE1048D0B}.ini
[2010.07.25 12:30:25 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.07.25 12:29:52 | 000,040,448 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.24 14:10:26 | 000,012,862 | ---- | M] () -- C:\Windows\EPISMG00.SWB
 
========== Files Created - No Company Name ==========
 
[2010.08.11 19:21:43 | 204,353,644 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.08.11 19:16:58 | 000,293,376 | ---- | C] () -- C:\Users\Chris\Desktop\zgy1mt84.exe
[2010.07.24 14:10:26 | 000,012,862 | ---- | C] () -- C:\Windows\EPISMG00.SWB
[2010.01.15 21:03:01 | 000,315,392 | ---- | C] () -- C:\Windows\System32\ANIOApi.dll
[2010.01.15 21:02:51 | 000,258,048 | ---- | C] () -- C:\Windows\System32\wlanapp.dll
[2010.01.15 21:02:51 | 000,204,800 | ---- | C] () -- C:\Windows\System32\aIPH.dll
[2010.01.15 21:02:51 | 000,049,152 | ---- | C] () -- C:\Windows\System32\JJAKEn.dll
[2010.01.15 21:02:51 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AQCKGen.dll
[2010.01.15 21:02:51 | 000,045,115 | ---- | C] () -- C:\Windows\System32\ANICtl.dll
[2010.01.15 21:02:28 | 000,724,992 | ---- | C] () -- C:\Windows\System32\ANIOWPS.dll
[2010.01.15 20:53:30 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\anodlwf.sys
[2009.09.24 05:45:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.02.19 20:37:58 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.02.02 23:08:21 | 000,000,062 | ---- | C] () -- C:\Windows\wininit.ini
[2009.02.02 19:04:54 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008.10.28 04:18:39 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.10.10 15:27:58 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2006.10.10 15:27:58 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
< End of report >
         


Code:
ATTFilter
OTL Extras logfile created on: 11.08.2010 20:54:41 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,16 Gb Total Space | 85,36 Gb Free Space | 60,05% Space Free | Partition Type: NTFS
Drive D: | 142,93 Gb Total Space | 56,92 Gb Free Space | 39,82% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CHRIS-PC
Current User Name: Chris
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01202F56-BFCD-4119-8DED-93C79D345CCD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{03B1F42F-3A86-44E8-BA96-CCA9528E9ECB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{0539BCC1-5619-4A2B-AAB6-53CEA4326EBA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{2863C0E5-6AA6-4FD0-8634-EC8074CD786A}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{303B9833-829A-4443-8487-E2C562B37B71}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{49E6D984-37B6-4BD8-B34C-F6F1E2BFFE1E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4C8244BF-7018-404E-9C3F-1DA07E406802}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4F930617-4056-4F2F-A7C4-4F3A3E82DB01}" = rport=445 | protocol=6 | dir=out | app=system | 
"{52749251-141B-43B5-B8BE-9B7A68C32F5A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6D45D379-934C-42D4-8EA2-F34BCB06EFE7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{792FA573-14E0-4606-A49D-CB0AD56A24AC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7E1A018E-143C-40BB-9CB5-322AC4D4ED93}" = lport=139 | protocol=6 | dir=in | app=system | 
"{81F4B982-A58A-4590-A2ED-7FD2E7B13288}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{87278016-2AF7-446B-A8D1-8FEBC05D5B0D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8C07B478-C5CB-46BD-A89F-35F48A35510D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8FC0A167-1505-4ED7-86E9-AD57F60C7B8D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B6B2D2DC-C325-488F-80C3-C7069A492FDD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B9936AB1-DAC9-40EC-B3F4-3454EBCE2BCB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DAE3323A-8144-4512-8635-22F1303D0D15}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{E664FFF8-1090-42BB-A82C-66A020978686}" = lport=138 | protocol=17 | dir=in | app=system | 
"{EB36BD36-44E6-4FC5-AFBC-B0571A9D24E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1664C17B-6F3B-4D2A-8234-F6EEBCE33813}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1717417E-9345-41C8-9E41-453C81BD5999}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{368E7E64-B9F3-4895-941E-EF0172E7D41C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{39FE307D-7C1F-4C21-BF5A-D4816C694FED}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9806-to-3.1.1.9835-dede-downloader.exe | 
"{3D5B035F-E003-45CD-AD96-14016954783E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{3E8B8BA7-3305-438F-9E46-8D8D23AD3398}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{44D23A5C-A8B9-4910-8D54-6114A675812B}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9806-to-3.1.1.9835-dede-downloader.exe | 
"{57AAD4A5-C6E0-4AD0-A25A-CDB95318CE99}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{5F89F8FF-8526-464D-9B28-89C616B0372D}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{6E65AC75-4CA4-4AD0-A274-6FF8A64CAF07}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{73E4476F-54FF-45C7-8254-0BF021677B59}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9901-to-3.1.3.9947-dede-downloader.exe | 
"{79ECD430-582B-46BB-A582-26C091A3FF9A}" = protocol=6 | dir=in | app=c:\program files\jens lorek\tubebox!\tubebox.exe | 
"{885C914C-43B7-416B-961F-E0BC9263789A}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{93584CCF-EAE5-4A64-9DF9-CA191EFF64F8}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{9A9AEA28-60B1-477D-A276-B7AE37A3EF71}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A3AE6129-E81D-4EF6-92C0-B8818468DC92}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{A8009488-FE58-4CBD-A059-A16419BAF846}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{AB48091C-8AEA-4F1A-AE09-DBD32E13303E}" = protocol=17 | dir=in | app=c:\program files\jens lorek\tubebox!\tubebox.exe | 
"{B1624835-E67E-45E6-AD63-83171307DAEE}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{B2F79A4A-36D5-4345-9107-7CBE019BCAB7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B4DD9959-42D2-4C03-80EE-31CC48E85113}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{B787436A-0A53-4300-9B0E-80931B5F9FD6}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{B7CAD3B5-28AE-4F9F-9986-8B40B05D4CFB}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{BD6FCBF4-95AE-4754-950B-FB6C785B60E6}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{C288CB0C-06E3-49F3-815E-DBFC5879FD64}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9901-to-3.1.3.9947-dede-downloader.exe | 
"{D03357EE-B605-4380-80EF-C2B3235848AB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{DCF03822-3B16-42DC-94B9-D9EF76A43448}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{F0465D2A-2F77-4DD9-BEB7-D5AA9D689123}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"TCP Query User{014D3408-3C8F-4F3F-9E0E-0461E1B06404}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{0F53EE23-665E-4D04-84DD-E7DC0E70C97B}D:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\tmnationsforever\tmforever.exe | 
"TCP Query User{10AA69B9-369C-4CFF-B7DD-F423CAC9A0AC}D:\warcraft\world of warcraft\patches\wow-3.0.8.9464-to-3.0.8.9506-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.0.8.9464-to-3.0.8.9506-dede-downloader.exe | 
"TCP Query User{14D9CAAE-6081-4949-BA2E-357D01E0B3AE}D:\miranda im\miranda32.exe" = protocol=6 | dir=in | app=d:\miranda im\miranda32.exe | 
"TCP Query User{172259A5-EEC0-43DF-A5F2-5DAEC54FEDF3}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"TCP Query User{1BDF797E-FCAE-4454-AD0E-D56D802A7C7E}D:\warcraft\warcraft 3\warcraft 3 frozen throne v. 1.21\war3.exe" = protocol=6 | dir=in | app=d:\warcraft\warcraft 3\warcraft 3 frozen throne v. 1.21\war3.exe | 
"TCP Query User{265D2892-F7A6-4951-911F-1EB22A52FC77}D:\warcraft\world of warcraft\patches\wow-3.1.2.9901-to-3.1.3.9947-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.1.2.9901-to-3.1.3.9947-dede-downloader.exe | 
"TCP Query User{3BAEC50A-B945-4FA1-838A-65FE58D0E9E1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{3EF5B1A5-1468-46EF-BFC3-9AC9438B3E57}D:\counter strike 1.5\counter strike 1.5\cstrike.exe" = protocol=6 | dir=in | app=d:\counter strike 1.5\counter strike 1.5\cstrike.exe | 
"TCP Query User{483EE4B4-5341-40AD-910A-5FA9BCBE3459}D:\counter strike 1.5\hlsw\hlsw.exe" = protocol=6 | dir=in | app=d:\counter strike 1.5\hlsw\hlsw.exe | 
"TCP Query User{489EF77D-089E-434D-A074-EBB451F9C8A0}D:\warcraft\world of warcraft\patches\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe | 
"TCP Query User{53EFC16D-12E6-45A2-9A5E-C1BA63DDD292}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{5C3715B6-68F8-4445-8717-CB0CE6BC6449}D:\warcraft\world of warcraft\patches\wow-3.0.2.9056-to-3.0.3.9183-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.0.2.9056-to-3.0.3.9183-dede-downloader.exe | 
"TCP Query User{688FEDB5-43C2-4743-8BB2-F77CB96202FB}D:\warcraft\world of warcraft\patches\wow-3.0.8.9506-to-3.0.9.9551-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.0.8.9506-to-3.0.9.9551-dede-downloader.exe | 
"TCP Query User{6C046E32-2983-441B-AB3C-F74A78BF6EEC}D:\counter strike 1.5\counter strike 1.5\cstrike.exe" = protocol=6 | dir=in | app=d:\counter strike 1.5\counter strike 1.5\cstrike.exe | 
"TCP Query User{76FE9FFA-F89A-4E0C-B8DD-FA5DAF950841}D:\warcraft\world of warcraft\patches\wow-3.1.1.9835-to-3.1.2.9901-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.1.1.9835-to-3.1.2.9901-dede-downloader.exe | 
"TCP Query User{77853F1A-8F8B-41BF-A10F-0084CA0AD795}D:\miranda im\miranda32.exe" = protocol=6 | dir=in | app=d:\miranda im\miranda32.exe | 
"TCP Query User{81C5F0A0-AC4D-4E15-825D-60D2E287F972}D:\warcraft\world of warcraft\patches\wow-3.1.0.9767-to-3.1.1.9806-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.1.0.9767-to-3.1.1.9806-dede-downloader.exe | 
"TCP Query User{85E47EDB-6260-4140-9F5D-269D79318A37}D:\warcraft\world of warcraft\patches\wow-3.1.1.9806-to-3.1.1.9835-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.1.1.9806-to-3.1.1.9835-dede-downloader.exe | 
"TCP Query User{8A89D7D4-A33E-4A06-97CD-44DD8434F326}D:\warcraft\world of warcraft\patches\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"TCP Query User{8DCFC606-F15C-4BC8-80BB-4E08D37545C3}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | 
"TCP Query User{968B9B75-8BD4-48E5-94A6-12C03AAAC963}D:\warcraft\world of warcraft\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\world of warcraft\launcher.exe | 
"TCP Query User{A4AE7975-5CE4-498C-B901-E72449C6441E}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | 
"TCP Query User{ABF42030-69E4-4260-8A0B-7DADFEC6CFE3}D:\warcraft\world of warcraft\world of warcraft\patches\wow-3.0.2.9056-to-3.0.3.9183-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\world of warcraft\patches\wow-3.0.2.9056-to-3.0.3.9183-dede-downloader.exe | 
"TCP Query User{B596A1EC-BA91-47D3-B55B-6DC0CB50682F}D:\miranda im\miranda alt\miranda32.exe" = protocol=6 | dir=in | app=d:\miranda im\miranda alt\miranda32.exe | 
"TCP Query User{B6329C39-84D8-406D-BB93-7B61264660F1}C:\users\chris\desktop\blobby volley 2\blobby.exe" = protocol=6 | dir=in | app=c:\users\chris\desktop\blobby volley 2\blobby.exe | 
"TCP Query User{B9B856C8-E444-433E-9693-EC39841C49CD}D:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\tmnationsforever\tmforever.exe | 
"TCP Query User{DDF01C1C-0888-47BB-8AF1-6E5B71835265}D:\warcraft\world of warcraft\patches\wow-3.0.3.9183-to-3.0.8.9464-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.0.3.9183-to-3.0.8.9464-dede-downloader.exe | 
"TCP Query User{E3122978-473C-4F2F-8ACF-96B229892C6C}D:\warcraft\world of warcraft\wow-2.4.2.8278-to-2.4.3.8606-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\wow-2.4.2.8278-to-2.4.3.8606-dede-downloader.exe | 
"TCP Query User{EFD4302E-99BF-4CFD-BE23-78839D3431EF}D:\counter strike 1.5\hlsw\hlsw.exe" = protocol=6 | dir=in | app=d:\counter strike 1.5\hlsw\hlsw.exe | 
"TCP Query User{F2F9EC93-E7F4-48B8-8202-31120E876290}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{FA609952-2B4D-4BB9-BA58-71773C5A639D}D:\miranda alt\miranda32.exe" = protocol=6 | dir=in | app=d:\miranda alt\miranda32.exe | 
"TCP Query User{FA73D6BE-EB37-462A-A757-26C3373FA7B3}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{001C37FE-B9D4-4D59-B77A-9D071863C73B}D:\warcraft\world of warcraft\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\world of warcraft\launcher.exe | 
"UDP Query User{0321AA03-A4A3-4B45-B20C-591E3071179C}D:\counter strike 1.5\counter strike 1.5\cstrike.exe" = protocol=17 | dir=in | app=d:\counter strike 1.5\counter strike 1.5\cstrike.exe | 
"UDP Query User{0EEC9EAE-0F33-45C3-A1E3-8250562D475B}D:\miranda alt\miranda32.exe" = protocol=17 | dir=in | app=d:\miranda alt\miranda32.exe | 
"UDP Query User{102C81D6-F84D-4543-955C-DA6AFAFC511B}D:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\tmnationsforever\tmforever.exe | 
"UDP Query User{18CAFA5D-D1AC-47E1-A209-C9D23CE845A9}D:\warcraft\warcraft 3\warcraft 3 frozen throne v. 1.21\war3.exe" = protocol=17 | dir=in | app=d:\warcraft\warcraft 3\warcraft 3 frozen throne v. 1.21\war3.exe | 
"UDP Query User{203E9D7C-06E2-482F-9945-725C4F9E2F2A}D:\warcraft\world of warcraft\patches\wow-3.1.2.9901-to-3.1.3.9947-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.1.2.9901-to-3.1.3.9947-dede-downloader.exe | 
"UDP Query User{29FFAFEC-37D1-4357-A0CF-7CACCB7D69BA}C:\users\chris\desktop\blobby volley 2\blobby.exe" = protocol=17 | dir=in | app=c:\users\chris\desktop\blobby volley 2\blobby.exe | 
"UDP Query User{34AC9289-7BBF-4EDF-B3EF-3622C2E950B9}D:\counter strike 1.5\hlsw\hlsw.exe" = protocol=17 | dir=in | app=d:\counter strike 1.5\hlsw\hlsw.exe | 
"UDP Query User{57FB403D-F292-4830-A716-7984BB295C92}D:\warcraft\world of warcraft\patches\wow-3.0.2.9056-to-3.0.3.9183-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.0.2.9056-to-3.0.3.9183-dede-downloader.exe | 
"UDP Query User{630442D5-5FDF-4CA9-A9A1-E170EC1645C8}D:\warcraft\world of warcraft\wow-2.4.2.8278-to-2.4.3.8606-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\wow-2.4.2.8278-to-2.4.3.8606-dede-downloader.exe | 
"UDP Query User{63BC11C3-E2C4-4A05-A014-997C2C21C723}D:\warcraft\world of warcraft\patches\wow-3.1.1.9806-to-3.1.1.9835-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.1.1.9806-to-3.1.1.9835-dede-downloader.exe | 
"UDP Query User{6609D66B-1FD7-4B84-931C-FF3B926F8877}D:\warcraft\world of warcraft\patches\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"UDP Query User{6BFC8961-B66C-448B-A386-D2711DAD3F8E}D:\warcraft\world of warcraft\patches\wow-3.1.0.9767-to-3.1.1.9806-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.1.0.9767-to-3.1.1.9806-dede-downloader.exe | 
"UDP Query User{6F8D7D33-BB2E-43AF-9EB7-78A31A730F84}D:\miranda im\miranda32.exe" = protocol=17 | dir=in | app=d:\miranda im\miranda32.exe | 
"UDP Query User{754B791C-B261-480B-BB01-BA4C1B61240F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{75A82D63-B8F8-4864-9DBE-C5D49C0F5B6F}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{77F178E9-7F82-4A13-8AF8-A095BEE98647}D:\warcraft\world of warcraft\patches\wow-3.0.8.9506-to-3.0.9.9551-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.0.8.9506-to-3.0.9.9551-dede-downloader.exe | 
"UDP Query User{7D4A438A-C3B6-4F0C-96B5-F7EBE8EE5269}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | 
"UDP Query User{9F67A858-1B46-40FF-A177-5644B9722743}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{A42BE327-CDD0-4CF2-932E-356772662B06}D:\warcraft\world of warcraft\patches\wow-3.0.3.9183-to-3.0.8.9464-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.0.3.9183-to-3.0.8.9464-dede-downloader.exe | 
"UDP Query User{A64C5229-7FB5-4CE1-8195-3AC35BA862DC}D:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\tmnationsforever\tmforever.exe | 
"UDP Query User{B24D4E91-4F53-4907-AC68-B2425814FE4A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{B53B1BF0-FE3B-4FF5-97CF-CC741FF732D5}D:\warcraft\world of warcraft\patches\wow-3.0.8.9464-to-3.0.8.9506-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.0.8.9464-to-3.0.8.9506-dede-downloader.exe | 
"UDP Query User{B64C4508-09A2-4F21-B0E5-0FAC1415C2CD}D:\warcraft\world of warcraft\patches\wow-3.1.1.9835-to-3.1.2.9901-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.1.1.9835-to-3.1.2.9901-dede-downloader.exe | 
"UDP Query User{BB0828FB-6627-4813-BACC-AC651D691F8C}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | 
"UDP Query User{BC3D18CC-DD7F-4E7E-ABDD-938A10B002DD}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{C673AFC7-5A7D-45C8-9739-6D02E85CEF53}D:\miranda im\miranda alt\miranda32.exe" = protocol=17 | dir=in | app=d:\miranda im\miranda alt\miranda32.exe | 
"UDP Query User{C7BAD277-6407-4BEE-A7FE-4B87CD00FBC1}D:\warcraft\world of warcraft\patches\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe | 
"UDP Query User{CD7C9105-9C69-4F70-A287-6EDC8EC445F6}D:\warcraft\world of warcraft\world of warcraft\patches\wow-3.0.2.9056-to-3.0.3.9183-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\world of warcraft\patches\wow-3.0.2.9056-to-3.0.3.9183-dede-downloader.exe | 
"UDP Query User{D7BEEB7A-1829-4A3C-BAF4-04DE74ED55BF}D:\miranda im\miranda32.exe" = protocol=17 | dir=in | app=d:\miranda im\miranda32.exe | 
"UDP Query User{EE573A79-27BE-41A7-9375-5F2A9F8F830D}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{F92D07A5-953B-46D4-AE25-66EDFFC6099A}D:\counter strike 1.5\hlsw\hlsw.exe" = protocol=17 | dir=in | app=d:\counter strike 1.5\hlsw\hlsw.exe | 
"UDP Query User{F9BD23FC-06DC-413C-B143-5E9A32B2790F}D:\counter strike 1.5\counter strike 1.5\cstrike.exe" = protocol=17 | dir=in | app=d:\counter strike 1.5\counter strike 1.5\cstrike.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 20
"{294A97F8-CC15-41F7-8718-CEE6B0C7D7E0}" = D-Link Wireless N Dual Band DWA-160 
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2E2F9C65-38BC-4400-A27C-D65A507587D0}" = TubeBox!
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{818FB39B-1A57-4F1B-A54D-391C33D6C586}" = Tropico
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{92276389-DD58-4D04-ADB8-64416EE139AD}" = D-Link Wireless N Dual Band DWA-160 
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC14F40D-7C13-4F3A-9F4A-3835D7642036}" = PE585QAEncoder-32
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D761C5D2-E727-415A-BC4E-52642CEA1A1C}" = TubeBox!
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azureus" = Azureus
"BLASC 2.0" = BLASC 2.0
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miranda IM" = Miranda IM 0.8.4
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NVIDIA Drivers" = NVIDIA Drivers
"PowerStrip 3 (remove only)" = PowerStrip 3 (remove only)
"RollerCoaster Tycoon Setup" = Roll
"Tiberian Sun" = Command & Conquer Teil 3: Operation Tiberian Sun
"TmNationsForever_is1" = TmNationsForever
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.07.2010 06:21:56 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b14e, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x01bcb5ed,  Prozess-ID 0x114, Anwendungsstartzeit
 01cb2be333e2ead1.
 
Error - 25.07.2010 06:22:01 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b14e, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x02cdb5ed,  Prozess-ID 0x650, Anwendungsstartzeit
 01cb2be336528b41.
 
Error - 25.07.2010 06:22:06 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b14e, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0201b5ed,  Prozess-ID 0x17c0, Anwendungsstartzeit
 01cb2be339788361.
 
Error - 25.07.2010 06:22:10 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b14e, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x019cb5ed,  Prozess-ID 0x1f4, Anwendungsstartzeit
 01cb2be33c9d9121.
 
Error - 25.07.2010 06:22:15 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b14e, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0208b5ed,  Prozess-ID 0x1560, Anwendungsstartzeit
 01cb2be33f067ad1.
 
Error - 25.07.2010 06:29:53 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
 0x49e01da5, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00000080,  Prozess-ID 0xb98, Anwendungsstartzeit
 01cb2bd002829b61.
 
Error - 25.07.2010 11:50:37 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b14e, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0056b5ed,  Prozess-ID 0x17d0, Anwendungsstartzeit
 01cb2c111ef31b50.
 
Error - 25.07.2010 11:50:45 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b14e, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x020cb5ed,  Prozess-ID 0x1408, Anwendungsstartzeit
 01cb2c1122ddc300.
 
Error - 26.07.2010 00:11:47 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b14e, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0153b5ed,  Prozess-ID 0x1dc, Anwendungsstartzeit
 01cb2c78a963e528.
 
Error - 26.07.2010 11:51:50 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 09.08.2010 11:54:26 | Computer Name = Chris-PC | Source = nvstor32 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.
 
Error - 09.08.2010 11:54:39 | Computer Name = Chris-PC | Source = nvstor32 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.
 
Error - 09.08.2010 11:54:51 | Computer Name = Chris-PC | Source = nvstor32 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.
 
Error - 09.08.2010 11:55:04 | Computer Name = Chris-PC | Source = nvstor32 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.
 
Error - 09.08.2010 11:55:17 | Computer Name = Chris-PC | Source = nvstor32 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.
 
Error - 09.08.2010 11:55:30 | Computer Name = Chris-PC | Source = nvstor32 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.
 
Error - 10.08.2010 14:25:59 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.08.2010 14:43:57 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 11.08.2010 13:22:19 | Computer Name = Chris-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 11.08.2010 um 19:19:41 unerwartet heruntergefahren.
 
Error - 11.08.2010 13:22:47 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         

Gmer verursacht bei mir leider einen Systemcrash, daher kann ich den Log-File nicht beifügen.

Über eure Hilfe zur weiteren Vorgehensweise wäre ich dankbar. Ich hoffe das Problem lässt sich auch ohne Neuinstallation des Systems beheben.

by the way: Neue Bankzugangsdaten habe ich bereits angefodert. In Zukunft erfolgt die TAN mittels Handy, das sollte sicher sein.

Gruß Lucajoel

Alt 11.08.2010, 21:11   #2
Larusso
/// Selecta Jahrusso
 
Sperrung Online-Banking / "angeblicher" Trojaner - Standard

Sperrung Online-Banking / "angeblicher" Trojaner





Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig und genau durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Versuche bitte GMER im abgesicherten Modus zu starten. Entferne rechts den Haken bei EAT/ IAT und Sections


Poste mir wenn möglich die Logfile
__________________

__________________

Alt 11.08.2010, 22:10   #3
Lucajoel
 
Sperrung Online-Banking / "angeblicher" Trojaner - Standard

Sperrung Online-Banking / "angeblicher" Trojaner



Hallo Larusso,

vielen Dank für dein rasche Rückmeldung. Im abgesicherten Modus hat es mit GMER geklappt. Sry, habe vergessen den Haken bei EAT/ IAT zu entfernen.

Hier der Log-File

Code:
ATTFilter
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-11 22:03:04
Windows 6.0.6002 Service Pack 2
Running: zgy1mt84.exe; Driver: C:\Users\Chris\AppData\Local\Temp\fwrcqpod.sys


---- User IAT/EAT - GMER 1.0.15 ----

IAT  C:\Windows\Explorer.EXE[1360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                             [749B7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                              [74A0A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                          [749BBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                    [749AF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                              [749B75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                           [749AE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                               [749E8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                                  [749BDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                          [749AFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                           [749AFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                            [749A71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                                    [74A3CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                                       [749DC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                          [749AD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                    [749A6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                   [749A687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                      [749B2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1360] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                                       [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT  C:\Windows\Explorer.EXE[1360] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread]                           [10001D90] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT  C:\Windows\Explorer.EXE[1360] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                                     [10002B30] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT  C:\Windows\Explorer.EXE[1360] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                                       [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)

---- Registry - GMER 1.0.15 ----

Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{41F58EEE-B3F0-FE91-D928-4ABBEE06FB98}                   
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{41F58EEE-B3F0-FE91-D928-4ABBEE06FB98}@hadlflniapjdolkk  0x6B 0x61 0x68 0x6E ...

---- EOF - GMER 1.0.15 ----
         
--- --- ---
__________________

Alt 12.08.2010, 21:22   #4
Larusso
/// Selecta Jahrusso
 
Sperrung Online-Banking / "angeblicher" Trojaner - Standard

Sperrung Online-Banking / "angeblicher" Trojaner



Ok, sieht okay aus


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 12.08.2010, 22:21   #5
Lucajoel
 
Sperrung Online-Banking / "angeblicher" Trojaner - Standard

Sperrung Online-Banking / "angeblicher" Trojaner



Ich erhalte lediglich die OTL.txt. Die Abwahl nach Setzung des Hakens bei "Extra-Registrierung" (Benutze Safelist) erfolgt automatisch nach Klick auf "Quick Scan".

Code:
ATTFilter
OTL logfile created on: 12.08.2010 22:14:43 - Run 4
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,16 Gb Total Space | 85,68 Gb Free Space | 60,27% Space Free | Partition Type: NTFS
Drive D: | 142,93 Gb Total Space | 61,19 Gb Free Space | 42,81% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CHRIS-PC
Current User Name: Chris
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Chris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\D-Link\DWA-160\AirNCFG.exe (D-Link Corp.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\System32\sdclt.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\System32\ANIWConnService.exe ()
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Power Strip\PStrip.exe (EnTech Taiwan)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\SysMonitor.exe ()
PRC - C:\Programme\Acer\Empowering Technology\Framework.Launcher.exe ()
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Chris\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ANIWConnService) -- C:\Windows\System32\ANIWConnService.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (anodlwf) -- C:\Windows\System32\drivers\anodlwf.sys ()
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (arusb_lh) -- C:\Windows\System32\drivers\dwarusb_lh.sys (Atheros Communications, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan)
DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (PStrip) -- C:\Windows\System32\drivers\pstrip.sys (EnTech Taiwan)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1006&m=aspire_x1700
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1006&m=aspire_x1700
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1006&m=aspire_x1700
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.30
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.25 08:52:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.10 20:44:02 | 000,000,000 | ---D | M]
 
[2009.02.02 19:09:40 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions
[2010.08.11 19:36:03 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\4sb65u9t.default\extensions
[2010.07.05 18:42:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\4sb65u9t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.10 17:19:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\4sb65u9t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.08.10 18:59:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\4sb65u9t.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.03.14 14:43:55 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\4sb65u9t.default\extensions\firefox@tvunetworks.com
[2010.03.09 00:26:52 | 000,001,819 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\FireFox\Profiles\4sb65u9t.default\searchplugins\bing.xml
[2010.07.14 20:34:12 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.07.14 20:34:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.03.24 11:10:44 | 000,114,688 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010.07.22 12:12:16 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.22 12:12:16 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.22 12:12:16 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.22 12:12:16 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.22 12:12:16 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programme\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [D-Link D-Link Wireless N Dual Band DWA-160 ] C:\Programme\D-Link\DWA-160\AirNCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Lau File not found
O4 - HKLM..\Run: [EPSON Stylus DX3800 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [WinampAgent] D:\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerStrip.lnk = C:\Programme\Power Strip\PStrip.exe (EnTech Taiwan)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: treubau-gruppe.de ([owa] https in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.08.11 19:31:35 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2010.08.10 17:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010.08.10 17:03:58 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2010.08.10 17:03:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.10 17:03:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.10 17:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.10 17:03:34 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.10 13:32:48 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2010.08.10 13:32:26 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security
[2010.07.21 06:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010.07.14 20:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.07.14 20:34:26 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.06.17 15:17:13 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Zyasy
[2008.10.28 12:31:49 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 90 Days ==========
 
[2010.08.12 22:14:41 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.12 22:14:41 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.12 22:14:41 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.12 22:14:41 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.12 22:14:41 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.12 22:14:30 | 002,359,296 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT
[2010.08.12 22:14:05 | 000,003,284 | ---- | M] () -- C:\Windows\System32\ANIWZCS{06616A37-7624-4B51-9A2E-3F6DE1048D0B}
[2010.08.12 22:14:05 | 000,003,284 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\ANIWZCS{06616A37-7624-4B51-9A2E-3F6DE1048D0B}
[2010.08.12 22:06:44 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.12 21:56:40 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.12 21:56:31 | 000,000,006 | ---- | M] () -- C:\Windows\System32\ANIWZCSUSERNAME{06616A37-7624-4B51-9A2E-3F6DE1048D0B}
[2010.08.12 21:56:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.12 14:38:58 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.12 14:38:58 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.12 08:40:59 | 000,012,827 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\PStrip.ini
[2010.08.12 08:40:57 | 000,012,827 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\PStrip.bak
[2010.08.12 03:22:22 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010.08.12 03:22:14 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.12 03:22:08 | 000,293,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.12 03:20:23 | 000,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.12 03:20:23 | 000,065,536 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.12 03:19:56 | 001,893,957 | -H-- | M] () -- C:\Users\Chris\AppData\Local\IconCache.db
[2010.08.12 03:19:50 | 000,012,850 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\PStrip.bk!
[2010.08.11 23:54:49 | 000,080,384 | ---- | M] () -- C:\Users\Chris\Desktop\MBRCheck.exe
[2010.08.11 22:05:23 | 000,012,827 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\PStrip.bko
[2010.08.11 19:31:37 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2010.08.11 19:21:43 | 204,353,644 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.08.11 19:17:00 | 000,293,376 | ---- | M] () -- C:\Users\Chris\Desktop\zgy1mt84.exe
[2010.08.05 15:45:29 | 000,000,282 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\ANICONFIG_{06616A37-7624-4B51-9A2E-3F6DE1048D0B}.ini
[2010.08.05 15:45:24 | 000,000,121 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\ANIOIDCONFIG_{06616A37-7624-4B51-9A2E-3F6DE1048D0B}.ini
[2010.07.25 12:30:25 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.07.25 12:29:52 | 000,040,448 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.24 14:10:26 | 000,012,862 | ---- | M] () -- C:\Windows\EPISMG00.SWB
 
========== Files Created - No Company Name ==========
 
[2010.08.11 23:54:48 | 000,080,384 | ---- | C] () -- C:\Users\Chris\Desktop\MBRCheck.exe
[2010.08.11 19:21:43 | 204,353,644 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.08.11 19:16:58 | 000,293,376 | ---- | C] () -- C:\Users\Chris\Desktop\zgy1mt84.exe
[2010.07.24 14:10:26 | 000,012,862 | ---- | C] () -- C:\Windows\EPISMG00.SWB
[2010.01.15 21:03:01 | 000,315,392 | ---- | C] () -- C:\Windows\System32\ANIOApi.dll
[2010.01.15 21:02:51 | 000,258,048 | ---- | C] () -- C:\Windows\System32\wlanapp.dll
[2010.01.15 21:02:51 | 000,204,800 | ---- | C] () -- C:\Windows\System32\aIPH.dll
[2010.01.15 21:02:51 | 000,049,152 | ---- | C] () -- C:\Windows\System32\JJAKEn.dll
[2010.01.15 21:02:51 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AQCKGen.dll
[2010.01.15 21:02:51 | 000,045,115 | ---- | C] () -- C:\Windows\System32\ANICtl.dll
[2010.01.15 21:02:28 | 000,724,992 | ---- | C] () -- C:\Windows\System32\ANIOWPS.dll
[2010.01.15 20:53:30 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\anodlwf.sys
[2009.09.24 05:45:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.02.19 20:37:58 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.02.02 23:08:21 | 000,000,062 | ---- | C] () -- C:\Windows\wininit.ini
[2009.02.02 19:04:54 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008.10.28 04:18:39 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.10.10 15:27:58 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2006.10.10 15:27:58 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2008.10.28 04:31:38 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Acer GameZone Console
[2010.08.10 20:02:13 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Ahfer
[2010.04.11 20:27:45 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\AnvSoft
[2010.04.11 20:20:53 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\avidemux
[2010.07.25 08:52:40 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Azureus
[2009.02.02 18:50:42 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\eSobi
[2009.08.05 12:20:35 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\GetRightToGo
[2010.08.08 16:56:53 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Imycmi
[2009.08.23 19:11:29 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Miranda
[2009.04.10 09:05:43 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PeerNetworking
[2009.10.08 20:06:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TubeBox
[2010.07.30 21:18:59 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Urkayk
[2010.07.31 00:42:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Zyasy
[2010.08.12 03:20:11 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2010.08.12 03:21:17 | 000,062,044 | ---- | M] () -- C:\aaw7boot.log
[2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008.10.28 12:32:25 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009.02.02 18:59:55 | 000,000,090 | ---- | M] () -- C:\CLMS.log
[2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009.02.02 19:01:12 | 000,000,090 | ---- | M] () -- C:\Creator.log
[2009.02.02 18:58:40 | 000,000,090 | ---- | M] () -- C:\MDisc.log
[2009.02.02 18:59:09 | 000,000,090 | ---- | M] () -- C:\MDR.log
[2010.08.12 03:21:17 | 2460,491,776 | -HS- | M] () -- C:\pagefile.sys
[2009.02.02 19:00:26 | 000,000,090 | ---- | M] () -- C:\PnR.log
[2009.02.02 19:00:53 | 000,000,090 | ---- | M] () -- C:\PSD.log
[2006.10.10 15:20:03 | 000,000,791 | ---- | M] () -- C:\RHDSetup.log
[2009.02.02 18:59:31 | 000,000,090 | ---- | M] () -- C:\SDMA.log
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006.11.02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.12.29 07:42:54 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006.09.18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006.11.02 14:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006.10.26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
[2009.07.10 13:10:44 | 000,307,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
[2010.01.04 13:12:31 | 000,001,642 | -H-- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\LastFlashConfig.WFC
 
< %PROGRAMFILES%\*.* >
[2008.01.21 04:43:21 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\user32.dll /md5 >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-12 01:04:49
< End of report >
         


Alt 13.08.2010, 00:02   #6
Larusso
/// Selecta Jahrusso
 
Sperrung Online-Banking / "angeblicher" Trojaner - Standard

Sperrung Online-Banking / "angeblicher" Trojaner



Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Lade ComboFix von dem aufgeführten Link herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.
BleepingComputer
Firefox User: Mit Rechtsklick und "Ziel speichern unter" downloaden
**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**



  • Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
  • Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
    • Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
    • Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.
__________________
--> Sperrung Online-Banking / "angeblicher" Trojaner

Alt 13.08.2010, 10:47   #7
Lucajoel
 
Sperrung Online-Banking / "angeblicher" Trojaner - Standard

Sperrung Online-Banking / "angeblicher" Trojaner



Anbei der LOG aus Combo-Fix. Meinen PC musste ich nach Beendigung neu starten, da weder Mozilla noch der IE funktioniert haben.

Combofix Logfile:
Code:
ATTFilter
ComboFix 10-08-12.03 - Chris 13.08.2010  10:27:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2047.1153 [GMT 2:00]
ausgeführt von:: c:\users\Chris\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((   Dateien erstellt von 2010-07-13 bis 2010-08-13  ))))))))))))))))))))))))))))))
.

2010-08-13 08:33 . 2010-08-13 08:33	--------	d-----w-	c:\users\Chris\AppData\Local\temp
2010-08-13 08:33 . 2010-08-13 08:33	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-08-13 08:33 . 2010-08-13 08:33	--------	d-----w-	c:\users\Bird\AppData\Local\temp
2010-08-11 15:07 . 2010-05-27 20:08	81920	----a-w-	c:\windows\system32\iccvid.dll
2010-08-11 15:07 . 2010-06-29 15:47	834048	----a-w-	c:\windows\system32\wininet.dll
2010-08-11 15:07 . 2010-06-28 16:13	78336	----a-w-	c:\windows\system32\ieencode.dll
2010-08-11 15:07 . 2010-06-11 16:16	274944	----a-w-	c:\windows\system32\schannel.dll
2010-08-11 15:07 . 2010-06-21 13:37	2037760	----a-w-	c:\windows\system32\win32k.sys
2010-08-11 15:07 . 2010-06-18 17:31	36864	----a-w-	c:\windows\system32\rtutils.dll
2010-08-11 15:05 . 2010-06-08 17:35	3600768	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-08-11 15:05 . 2010-06-08 17:35	3548040	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-08-11 15:03 . 2010-06-11 16:15	1248768	----a-w-	c:\windows\system32\msxml3.dll
2010-08-11 15:03 . 2010-06-18 15:04	302080	----a-w-	c:\windows\system32\drivers\srv.sys
2010-08-11 15:03 . 2010-06-18 15:04	144896	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-08-11 15:03 . 2010-06-16 16:04	905088	----a-w-	c:\windows\system32\drivers\tcpip.sys
2010-08-10 16:59 . 2010-07-26 20:30	705208	----a-w-	c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\4sb65u9t.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-08-10 16:59 . 2010-07-26 20:30	978664	----a-w-	c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\4sb65u9t.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-08-10 15:47 . 2010-08-10 18:44	--------	d-----w-	c:\programdata\NOS
2010-08-10 15:03 . 2010-08-10 15:03	--------	d-----w-	c:\users\Chris\AppData\Roaming\Malwarebytes
2010-08-10 15:03 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-10 15:03 . 2010-08-10 15:03	--------	d-----w-	c:\programdata\Malwarebytes
2010-08-10 15:03 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-08-10 15:03 . 2010-08-10 15:03	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-08-10 11:32 . 2009-06-30 07:37	28552	----a-w-	c:\windows\system32\drivers\pavboot.sys
2010-08-10 11:32 . 2010-08-10 11:32	--------	d-----w-	c:\program files\Panda Security
2010-08-09 10:31 . 2010-08-09 10:31	1079048	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-07-21 04:20 . 2010-07-21 04:20	--------	d-----w-	c:\programdata\WindowsSearch
2010-07-14 18:34 . 2010-07-14 18:34	--------	d-----w-	c:\program files\Common Files\Java
2010-07-14 18:34 . 2010-04-12 15:29	411368	----a-w-	c:\windows\system32\deployJava1.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-12 20:14 . 2008-01-21 07:15	618204	----a-w-	c:\windows\system32\perfh007.dat
2010-08-12 20:14 . 2008-01-21 07:15	122636	----a-w-	c:\windows\system32\perfc007.dat
2010-08-12 01:01 . 2010-04-11 17:19	--------	d-----w-	c:\program files\Movie Maker 2.6
2010-08-11 15:49 . 2009-12-12 10:49	--------	d-----w-	c:\program files\CCleaner
2010-08-10 18:02 . 2009-07-28 03:15	--------	d-----w-	c:\users\Chris\AppData\Roaming\Ahfer
2010-08-10 16:15 . 2010-04-11 17:23	--------	d-----w-	c:\programdata\DivX
2010-08-10 16:15 . 2009-06-30 20:15	--------	d-----w-	c:\program files\Common Files\DivX Shared
2010-08-10 16:14 . 2009-02-27 15:29	--------	d-----w-	c:\program files\DivX
2010-08-08 14:56 . 2009-07-01 22:01	--------	d-----w-	c:\users\Chris\AppData\Roaming\Imycmi
2010-07-30 23:34 . 2009-04-10 12:29	--------	d-----w-	c:\programdata\TrackMania
2010-07-30 22:42 . 2010-06-17 13:17	--------	d-----w-	c:\users\Chris\AppData\Roaming\Zyasy
2010-07-30 19:18 . 2009-03-19 17:01	--------	d-----w-	c:\users\Chris\AppData\Roaming\Urkayk
2010-07-25 06:52 . 2009-02-17 18:44	--------	d-----w-	c:\users\Chris\AppData\Roaming\Azureus
2010-07-14 18:34 . 2009-02-17 18:43	--------	d-----w-	c:\program files\Java
2010-05-31 03:47 . 2010-05-31 03:47	501872	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbEB4B.tmp.exe
2010-05-26 17:06 . 2010-06-09 19:49	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-09 19:49	289792	----a-w-	c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-10-02 15:54	221568	------w-	c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-02-02 16:38	157168	----a-w-	c:\programdata\Partner\partner.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:52	121392	----a-w-	c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-02 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-06-02 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-06-02 319488]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-06 6707744]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-06 1833504]
"WinampAgent"="d:\winamp\winampa.exe" [2008-08-03 36352]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13584928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-05-07 98304]
"D-Link D-Link Wireless N Dual Band DWA-160 "="c:\program files\D-Link\DWA-160\AirNCFG.exe" [2009-05-19 1683456]

c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PowerStrip.lnk - c:\program files\Power Strip\PStrip.exe [2008-11-19 737312]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44	3883840	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
"VistaSp2"=hex(b):60,d7,5b,34,b6,88,ca,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 135664]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R3 arusb_lh;D-Link DWA-160 device driver;c:\windows\system32\DRIVERS\dwarusb_lh.sys [2008-11-25 452096]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-12-02 64288]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwf.sys [2009-03-06 12800]
S1 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992]
S2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [2009-02-26 147456]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-05 1181328]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]

.
Inhalt des "geplante Tasks" Ordners

2010-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 04:58]

2010-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 04:58]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1006&m=aspire_x1700
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1006&m=aspire_x1700
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\programme\Microsoft Office\Office10\EXCEL.EXE/3000
Trusted Zone: treubau-gruppe.de\owa
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\4sb65u9t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\4sb65u9t.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\4sb65u9t.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\4sb65u9t.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-eRecoveryService - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-13 10:33
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-3919667963-1840100510-3150002934-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{41F58EEE-B3F0-FE91-D928-4ABBEE06FB98}*]
"hadlflniapjdolkk"=hex:6b,61,68,6e,61,70,65,6a,63,6a,69,6d,6d,6b,6f,6b,70,6a,
   69,68,6c,65,00,00
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(5948)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\program files\Power Strip\pshook.dll
.
Zeit der Fertigstellung: 2010-08-13  10:36:45
ComboFix-quarantined-files.txt  2010-08-13 08:36

Vor Suchlauf: 8 Verzeichnis(se), 90.468.007.936 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 90.431.442.944 Bytes frei

- - End Of File - - 7674ADCD8F2E7293F0141BEB03E79B1D
         
--- --- ---

Alt 13.08.2010, 12:40   #8
Larusso
/// Selecta Jahrusso
 
Sperrung Online-Banking / "angeblicher" Trojaner - Standard

Sperrung Online-Banking / "angeblicher" Trojaner



Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
Folder::
c:\users\Chris\AppData\Roaming\Zyasy
c:\users\Chris\AppData\Roaming\Urkayk
         
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.

  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.


Schritt 2

Update bitte Malwarebytes und lass einen Quickscan laufen


Schritt 3

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Hacken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Remove found threads" und "Scan archives".
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.


Schritt 4

Downloade Dir bitte SecurityCheck
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.
Poste den Inhalt bitte hier.


Bitte poste in deiner nächsten Antwort
Combofix.txt
MBAM Log
Eset Log
checkup.txt
Berichte wie der Rechner läuft
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 13.08.2010, 16:23   #9
Lucajoel
 
Sperrung Online-Banking / "angeblicher" Trojaner - Standard

Sperrung Online-Banking / "angeblicher" Trojaner



Hier die Log-Files

zu Schritt 1:

Code:
ATTFilter
ComboFix 10-08-12.03 - Chris 13.08.2010  13:39:44.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2047.1081 [GMT 2:00]
ausgeführt von:: c:\users\Chris\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Chris\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Chris\AppData\Roaming\Urkayk
c:\users\Chris\AppData\Roaming\Zyasy

.
(((((((((((((((((((((((   Dateien erstellt von 2010-07-13 bis 2010-08-13  ))))))))))))))))))))))))))))))
.

2010-08-13 11:46 . 2010-08-13 11:46	--------	d-----w-	c:\users\Chris\AppData\Local\temp
2010-08-13 11:46 . 2010-08-13 11:46	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-08-13 11:46 . 2010-08-13 11:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-08-13 11:46 . 2010-08-13 11:46	--------	d-----w-	c:\users\Bird\AppData\Local\temp
2010-08-13 11:35 . 2010-08-13 11:35	--------	d-----w-	c:\program files\ESET
2010-08-11 15:07 . 2010-05-27 20:08	81920	----a-w-	c:\windows\system32\iccvid.dll
2010-08-11 15:07 . 2010-06-29 15:47	834048	----a-w-	c:\windows\system32\wininet.dll
2010-08-11 15:07 . 2010-06-28 16:13	78336	----a-w-	c:\windows\system32\ieencode.dll
2010-08-11 15:07 . 2010-06-11 16:16	274944	----a-w-	c:\windows\system32\schannel.dll
2010-08-11 15:07 . 2010-06-21 13:37	2037760	----a-w-	c:\windows\system32\win32k.sys
2010-08-11 15:07 . 2010-06-18 17:31	36864	----a-w-	c:\windows\system32\rtutils.dll
2010-08-11 15:05 . 2010-06-08 17:35	3600768	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-08-11 15:05 . 2010-06-08 17:35	3548040	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-08-11 15:03 . 2010-06-11 16:15	1248768	----a-w-	c:\windows\system32\msxml3.dll
2010-08-11 15:03 . 2010-06-18 15:04	302080	----a-w-	c:\windows\system32\drivers\srv.sys
2010-08-11 15:03 . 2010-06-18 15:04	144896	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-08-11 15:03 . 2010-06-16 16:04	905088	----a-w-	c:\windows\system32\drivers\tcpip.sys
2010-08-10 16:59 . 2010-07-26 20:30	705208	----a-w-	c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\4sb65u9t.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-08-10 16:59 . 2010-07-26 20:30	978664	----a-w-	c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\4sb65u9t.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-08-10 15:47 . 2010-08-10 18:44	--------	d-----w-	c:\programdata\NOS
2010-08-10 15:03 . 2010-08-10 15:03	--------	d-----w-	c:\users\Chris\AppData\Roaming\Malwarebytes
2010-08-10 15:03 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-10 15:03 . 2010-08-10 15:03	--------	d-----w-	c:\programdata\Malwarebytes
2010-08-10 15:03 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-08-10 15:03 . 2010-08-10 15:03	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-08-10 11:32 . 2009-06-30 07:37	28552	----a-w-	c:\windows\system32\drivers\pavboot.sys
2010-08-10 11:32 . 2010-08-10 11:32	--------	d-----w-	c:\program files\Panda Security
2010-08-09 10:31 . 2010-08-09 10:31	1079048	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-07-21 04:20 . 2010-07-21 04:20	--------	d-----w-	c:\programdata\WindowsSearch
2010-07-14 18:34 . 2010-07-14 18:34	--------	d-----w-	c:\program files\Common Files\Java
2010-07-14 18:34 . 2010-04-12 15:29	411368	----a-w-	c:\windows\system32\deployJava1.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-12 20:14 . 2008-01-21 07:15	618204	----a-w-	c:\windows\system32\perfh007.dat
2010-08-12 20:14 . 2008-01-21 07:15	122636	----a-w-	c:\windows\system32\perfc007.dat
2010-08-12 01:01 . 2010-04-11 17:19	--------	d-----w-	c:\program files\Movie Maker 2.6
2010-08-11 15:49 . 2009-12-12 10:49	--------	d-----w-	c:\program files\CCleaner
2010-08-10 18:02 . 2009-07-28 03:15	--------	d-----w-	c:\users\Chris\AppData\Roaming\Ahfer
2010-08-10 16:15 . 2010-04-11 17:23	--------	d-----w-	c:\programdata\DivX
2010-08-10 16:15 . 2009-06-30 20:15	--------	d-----w-	c:\program files\Common Files\DivX Shared
2010-08-10 16:14 . 2009-02-27 15:29	--------	d-----w-	c:\program files\DivX
2010-08-08 14:56 . 2009-07-01 22:01	--------	d-----w-	c:\users\Chris\AppData\Roaming\Imycmi
2010-07-30 23:34 . 2009-04-10 12:29	--------	d-----w-	c:\programdata\TrackMania
2010-07-25 06:52 . 2009-02-17 18:44	--------	d-----w-	c:\users\Chris\AppData\Roaming\Azureus
2010-07-14 18:34 . 2009-02-17 18:43	--------	d-----w-	c:\program files\Java
2010-05-31 03:47 . 2010-05-31 03:47	501872	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbEB4B.tmp.exe
2010-05-26 17:06 . 2010-06-09 19:49	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-09 19:49	289792	----a-w-	c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-10-02 15:54	221568	------w-	c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-02-02 16:38	157168	----a-w-	c:\programdata\Partner\partner.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:52	121392	----a-w-	c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-02 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-06-02 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-06-02 319488]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-06 6707744]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-06 1833504]
"WinampAgent"="d:\winamp\winampa.exe" [2008-08-03 36352]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13584928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-05-07 98304]
"D-Link D-Link Wireless N Dual Band DWA-160 "="c:\program files\D-Link\DWA-160\AirNCFG.exe" [2009-05-19 1683456]

c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PowerStrip.lnk - c:\program files\Power Strip\PStrip.exe [2008-11-19 737312]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44	3883840	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
"VistaSp2"=hex(b):60,d7,5b,34,b6,88,ca,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 135664]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R3 arusb_lh;D-Link DWA-160 device driver;c:\windows\system32\DRIVERS\dwarusb_lh.sys [2008-11-25 452096]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-12-02 64288]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwf.sys [2009-03-06 12800]
S1 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992]
S2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [2009-02-26 147456]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-05 1181328]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]

.
Inhalt des "geplante Tasks" Ordners

2010-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 04:58]

2010-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 04:58]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1006&m=aspire_x1700
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1006&m=aspire_x1700
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\programme\Microsoft Office\Office10\EXCEL.EXE/3000
Trusted Zone: treubau-gruppe.de\owa
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\4sb65u9t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\4sb65u9t.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\4sb65u9t.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\4sb65u9t.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-13 13:46
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-3919667963-1840100510-3150002934-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{41F58EEE-B3F0-FE91-D928-4ABBEE06FB98}*]
"hadlflniapjdolkk"=hex:6b,61,68,6e,61,70,65,6a,63,6a,69,6d,6d,6b,6f,6b,70,6a,
   69,68,6c,65,00,00
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(2464)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Zeit der Fertigstellung: 2010-08-13  13:49:12
ComboFix-quarantined-files.txt  2010-08-13 11:49

Vor Suchlauf: 10 Verzeichnis(se), 90.335.154.176 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 90.306.215.936 Bytes frei

- - End Of File - - 3130D1FD92CEA3388FCF838657A0F4BB
         
zu Schritt 2:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4424

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

13.08.2010 14:00:30
mbam-log-2010-08-13 (14-00-30).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 144448
Laufzeit: 6 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

zu Schritt 3:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=06978120c02ffe4f9c6040443f7c6ee4
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-13 02:12:00
# local_time=2010-08-13 04:12:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 236475 57216515 50967 0
# compatibility_mode=5892 16776573 100 100 14413 119233936 0 0
# compatibility_mode=8192 67108863 100 0 1899 1899 0 0
# scanned=124322
# found=0
# cleaned=0
# scan_time=7512
         

zu Schritt 4:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.5  
 Windows Vista Service Pack 2 (UAC is enabled) 
 Internet Explorer 7 Out of date! 
`````````````````````````````` 
Antivirus/Firewall Check: 
 Avira AntiVir Personal - Free Antivirus 
 ESET Online Scanner v3   
 WMI entry may not exist for antivirus; attempting automatic update. 
 Avira successfully updated! 
``````````````````````````````` 
Anti-malware/Other Utilities Check: 
 Ad-Aware 
 Malwarebytes' Anti-Malware    
 CCleaner     
 Java(TM) 6 Update 20  
 Out of date Java installed! 
 Adobe Flash Player 10.1.82.76  
Adobe Reader 8.1.4 - Deutsch 
Out of date Adobe Reader installed! 
```````````````````````````````` 
Process Check:  
objlist.exe by Laurent 
 Windows Defender MSASCui.exe 
 Ad-Aware AAWService.exe 
 Ad-Aware AAWTray.exe 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Windows Defender MSASCui.exe   
````````````````````````````````
DNS Vulnerability Check:
 GREAT! (Not vulnerable to DNS cache poisoning) 

``````````End of Log````````````
         
m. E. läuft der Rechner weiterhin stabil wie bisher. Merkliche Veränderungen kann ich zum aktuellen Zeitpunkt nicht erkennen.

Alt 15.08.2010, 00:36   #10
Larusso
/// Selecta Jahrusso
 
Sperrung Online-Banking / "angeblicher" Trojaner - Standard

Sperrung Online-Banking / "angeblicher" Trojaner



Sorry für die Verzögerung.

Schritt 1

Deine Javaversion ist veraltet. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, muss Java aktualisiert werden und alte Versionen müssen vom System entfernt werden, da die alten Versionen ein Sicherheitsrisiko darstellen. Lade JavaRa von prm753 herunter und entpacke es auf den Desktop. JavaRA ist geeignet für Windows 9x, 2k, XP und Vista (mit deaktivierter Benuterkontensteuerung).
  • Schließe alle Browserfenster.
  • Doppelklicke die JavaRa.exe, um das Programm zu starten.
  • Die Sprache auswählen, nimm Englisch und klicke "Select".
  • Klicke auf Additional Task, mache Haken bei Remove Useless JRE Files und [b]Remove Sun Download Manager[b].
  • Klicke auf Go und jeweils auf Ok und schließe das Fenster "Additional Tasks" wieder.
  • Klicke auf Remove Older Versions, um alte Java-Versionen, die auf dem Rechner installiert sind, zu entfernen.
  • Klicke auf Yes wenn es verlangt wird. Wenn JavaRa fertig, erscheint eine Notiz, dass ein Logfile erstellt wurde, klicke OK.
  • Das Logfile wird im Editor geöffnet, bitte speichern und später hier posten.
  • Kontrolliere in Systemsteuerung => Programme, ob noch Java-Versionen vorhanden sind und deinstalliere diese.
  • Rechner neu starten.
Downloade nun Java (Java Runtime Environment (JRE) 6 Update XX) von Oracle und installiere es. Vor dem Download musst Du die Lizenzbedingungen akzeptieren, indem Du "Accept License Agreement" aktivierst. Erweiterte Optionen anhaken, Sponsoren-Programm (Toolbar oder ähnliches) ggfs. abwählen.


Schritt 2

Downloade Dir bitte den Internet Explorer 8 von hier und installiere diesen.
Auch wenn dieser nicht dein Standard-Browser ist, sollte sich die aktuelle Version am Rechner befinden. Es gibt noch genug Software die diesen zum Updaten verwendet.


Schritt 3

Deinstalliere bitte deine aktuelle Version von Adobe Reader
Start--> Systemsteuerung--> Software--> Adobe Reader
und lade dir die neue Version von Hier herunter-
Entferne den Hacken für den McAfee SecurityScan.
Als alternative würde ich dir den schlankeren Foxit Reader empfehlen


Schritt 4

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.


Bitte poste in deiner nächsten Antwort
OTL.txt
Extras.txt
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 15.08.2010, 12:03   #11
Lucajoel
 
Sperrung Online-Banking / "angeblicher" Trojaner - Standard

Sperrung Online-Banking / "angeblicher" Trojaner



Vielen Dank für deine Rückmeldung.

Zu Schritt 1:

Die veraltete Java Version wurde entfernt und durch die aktuelle ersetzt. Zwar wurde am Ende von JavaRA ein Log-File angekündigt, geöffnet wurde aber keiner. Auch mit der Suchfunktion konnte ich die Datei nicht finden. Das Programm habe ich 2x ausgeführt, aber ein Log wurde mir nicht angezeigt.

Per Hand gelöscht habe ich Java TM 6.xx, dass einzige Programm was noch unter Software zu finden war. Dies wurde durch das aktuelle (wie oben beschrieben) ersetzt.

zu Schritt 2:

erledigt

zu Schritt 3:

vom Adobe Reader habe ich mich getrennt und durch Foxit Reader ersetzt.

erledigt

zu Schritt 4: OTL.txt

Code:
ATTFilter
OTL logfile created on: 15.08.2010 11:33:02 - Run 5
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,16 Gb Total Space | 83,39 Gb Free Space | 58,66% Space Free | Partition Type: NTFS
Drive D: | 142,93 Gb Total Space | 58,60 Gb Free Space | 41,00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CHRIS-PC
Current User Name: Chris
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Chris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\D-Link\DWA-160\AirNCFG.exe (D-Link Corp.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
PRC - C:\Windows\System32\sdclt.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\System32\ANIWConnService.exe ()
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Power Strip\PStrip.exe (EnTech Taiwan)
PRC - D:\Winamp\winampa.exe ()
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\SysMonitor.exe ()
PRC - C:\Programme\Acer\Empowering Technology\Framework.Launcher.exe ()
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Chris\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ANIWConnService) -- C:\Windows\System32\ANIWConnService.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Chris\AppData\Local\Temp\catchme.sys File not found
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (anodlwf) -- C:\Windows\System32\drivers\anodlwf.sys ()
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (arusb_lh) -- C:\Windows\System32\drivers\dwarusb_lh.sys (Atheros Communications, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan)
DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (PStrip) -- C:\Windows\System32\drivers\pstrip.sys (EnTech Taiwan)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1006&m=aspire_x1700
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1006&m=aspire_x1700
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.30
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.25 08:52:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.15 11:10:14 | 000,000,000 | ---D | M]
 
[2009.02.02 19:09:40 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions
[2010.08.15 11:11:12 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\4sb65u9t.default\extensions
[2010.07.05 18:42:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\4sb65u9t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.10 17:19:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\4sb65u9t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.08.10 18:59:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\4sb65u9t.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.03.14 14:43:55 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\4sb65u9t.default\extensions\firefox@tvunetworks.com
[2010.08.15 10:48:01 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\4sb65u9t.default\extensions\toolbar@ask.com
[2010.03.09 00:26:52 | 000,001,819 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\FireFox\Profiles\4sb65u9t.default\searchplugins\bing.xml
[2010.08.15 10:56:30 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.08.15 10:56:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.08.15 10:56:16 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.08.15 09:34:59 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009.09.21 11:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\Mozilla Firefox\plugins\NpFv522.dll
[2009.03.24 11:10:44 | 000,114,688 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010.07.22 12:12:16 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.22 12:12:16 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.22 12:12:16 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.22 12:12:16 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.22 12:12:16 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programme\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [D-Link D-Link Wireless N Dual Band DWA-160 ] C:\Programme\D-Link\DWA-160\AirNCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Lau File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [WinampAgent] D:\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerStrip.lnk = C:\Programme\Power Strip\PStrip.exe (EnTech Taiwan)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: treubau-gruppe.de ([owa] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.15 11:03:40 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.15 11:03:39 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.15 11:03:39 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.15 11:03:39 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.15 11:03:38 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.15 11:03:38 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.15 11:03:38 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.15 11:03:38 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.15 11:03:37 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.15 11:03:37 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.15 11:03:37 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.15 11:03:37 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.15 11:03:36 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.15 11:03:36 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.15 11:03:35 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.15 10:59:14 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010.08.15 10:59:14 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010.08.15 10:59:14 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010.08.15 10:59:14 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2010.08.15 10:59:13 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010.08.15 10:59:13 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010.08.15 10:59:13 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010.08.15 10:59:13 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010.08.15 10:59:12 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010.08.15 10:59:12 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010.08.15 10:59:12 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010.08.15 10:59:12 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.08.15 10:59:11 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2010.08.15 10:59:11 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010.08.15 10:59:11 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010.08.15 10:59:10 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.08.15 10:59:10 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010.08.15 10:59:09 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.08.15 10:59:09 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.08.15 10:59:09 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010.08.15 10:59:07 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010.08.15 10:59:07 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.08.15 10:59:07 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010.08.15 10:59:07 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2010.08.15 10:59:07 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010.08.15 10:59:07 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010.08.15 10:59:07 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2010.08.15 10:57:48 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.08.15 10:56:28 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.08.15 10:56:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.08.15 10:56:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.08.15 10:56:11 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2010.08.15 10:51:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\JavaRa
[2010.08.15 10:16:21 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Foxit Software
[2010.08.15 09:35:44 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com
[2010.08.15 09:35:31 | 000,000,000 | ---D | C] -- C:\Programme\Foxit Software
[2010.08.15 09:34:34 | 007,019,008 | ---- | C] (Foxit Software Company) -- C:\Users\Chris\Desktop\FoxitReader411_enu_Setup.exe
[2010.08.15 09:32:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.08.15 09:29:22 | 014,938,992 | ---- | C] (Microsoft Corporation) -- C:\Users\Chris\Desktop\IE8-WindowsVista-x86-DEU.exe
[2010.08.15 09:27:55 | 000,875,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Chris\Desktop\jre-6u21-windows-i586-iftw-rv.exe
[2010.08.13 21:09:02 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Flatcast
[2010.08.13 13:49:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.08.13 13:49:14 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\temp
[2010.08.13 13:48:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.08.13 13:37:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.08.13 13:35:09 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2010.08.13 10:26:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.08.13 10:26:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.08.13 10:26:45 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.08.13 10:26:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.08.13 10:25:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.08.11 19:31:35 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2010.08.11 17:07:35 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.11 17:07:05 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.11 17:07:02 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.11 17:05:34 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.11 17:05:33 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.10 17:03:58 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2010.08.10 17:03:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.10 17:03:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.10 17:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.10 17:03:34 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.10 13:32:48 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2010.08.10 13:32:26 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security
[2010.07.21 06:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2008.10.28 12:31:49 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.15 11:30:41 | 002,359,296 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT
[2010.08.15 11:19:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.15 11:10:56 | 000,012,827 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\PStrip.ini
[2010.08.15 11:10:56 | 000,003,284 | ---- | M] () -- C:\Windows\System32\ANIWZCS{06616A37-7624-4B51-9A2E-3F6DE1048D0B}
[2010.08.15 11:10:56 | 000,003,284 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\ANIWZCS{06616A37-7624-4B51-9A2E-3F6DE1048D0B}
[2010.08.15 11:10:40 | 000,012,827 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\PStrip.bak
[2010.08.15 11:10:37 | 000,000,006 | ---- | M] () -- C:\Windows\System32\ANIWZCSUSERNAME{06616A37-7624-4B51-9A2E-3F6DE1048D0B}
[2010.08.15 11:10:11 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.15 11:07:38 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010.08.15 11:07:36 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.15 11:07:36 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.15 11:07:34 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.15 11:07:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.15 11:06:05 | 000,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.15 11:06:05 | 000,065,536 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.15 11:05:14 | 003,112,303 | -H-- | M] () -- C:\Users\Chris\AppData\Local\IconCache.db
[2010.08.15 11:05:05 | 000,012,850 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\PStrip.bk!
[2010.08.15 10:56:15 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.08.15 10:56:15 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.08.15 10:56:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.08.15 10:56:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.08.15 09:43:09 | 000,227,179 | ---- | M] () -- C:\Users\Chris\Desktop\Unbenannt.jpg
[2010.08.15 09:34:48 | 007,019,008 | ---- | M] (Foxit Software Company) -- C:\Users\Chris\Desktop\FoxitReader411_enu_Setup.exe
[2010.08.15 09:29:44 | 014,938,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Chris\Desktop\IE8-WindowsVista-x86-DEU.exe
[2010.08.15 09:28:07 | 000,875,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Chris\Desktop\jre-6u21-windows-i586-iftw-rv.exe
[2010.08.13 21:10:13 | 000,001,207 | ---- | M] () -- C:\Windows\unins000.dat
[2010.08.13 21:10:10 | 000,695,578 | ---- | M] () -- C:\Windows\unins000.exe
[2010.08.13 13:52:04 | 000,012,827 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\PStrip.bko
[2010.08.13 13:46:23 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.08.13 13:35:18 | 000,869,051 | ---- | M] () -- C:\Users\Chris\Desktop\SecurityCheck.exe
[2010.08.13 13:34:23 | 002,672,312 | ---- | M] () -- C:\Users\Chris\Desktop\esetsmartinstaller_enu.exe
[2010.08.13 13:20:05 | 003,816,958 | R--- | M] () -- C:\Users\Chris\Desktop\ComboFix.exe
[2010.08.12 22:14:41 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.12 22:14:41 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.12 22:14:41 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.12 22:14:41 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.12 22:14:41 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.12 03:22:08 | 000,293,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.11 23:54:49 | 000,080,384 | ---- | M] () -- C:\Users\Chris\Desktop\MBRCheck.exe
[2010.08.11 19:31:37 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2010.08.11 19:21:43 | 204,353,644 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.08.11 19:17:00 | 000,293,376 | ---- | M] () -- C:\Users\Chris\Desktop\zgy1mt84.exe
[2010.08.05 15:45:29 | 000,000,282 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\ANICONFIG_{06616A37-7624-4B51-9A2E-3F6DE1048D0B}.ini
[2010.08.05 15:45:24 | 000,000,121 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\ANIOIDCONFIG_{06616A37-7624-4B51-9A2E-3F6DE1048D0B}.ini
[2010.07.25 12:30:25 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.07.25 12:29:52 | 000,040,448 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.24 14:10:26 | 000,012,862 | ---- | M] () -- C:\Windows\EPISMG00.SWB
 
========== Files Created - No Company Name ==========
 
[2010.08.15 11:02:06 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010.08.15 09:43:09 | 000,227,179 | ---- | C] () -- C:\Users\Chris\Desktop\Unbenannt.jpg
[2010.08.13 21:09:02 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe
[2010.08.13 21:09:02 | 000,001,207 | ---- | C] () -- C:\Windows\unins000.dat
[2010.08.13 13:34:57 | 000,869,051 | ---- | C] () -- C:\Users\Chris\Desktop\SecurityCheck.exe
[2010.08.13 13:34:20 | 002,672,312 | ---- | C] () -- C:\Users\Chris\Desktop\esetsmartinstaller_enu.exe
[2010.08.13 13:19:54 | 003,816,958 | R--- | C] () -- C:\Users\Chris\Desktop\ComboFix.exe
[2010.08.13 10:26:45 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.08.13 10:26:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.08.13 10:26:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.08.13 10:26:45 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.08.13 10:26:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.08.11 23:54:48 | 000,080,384 | ---- | C] () -- C:\Users\Chris\Desktop\MBRCheck.exe
[2010.08.11 19:21:43 | 204,353,644 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.08.11 19:16:58 | 000,293,376 | ---- | C] () -- C:\Users\Chris\Desktop\zgy1mt84.exe
[2010.07.24 14:10:26 | 000,012,862 | ---- | C] () -- C:\Windows\EPISMG00.SWB
[2010.01.15 21:03:01 | 000,315,392 | ---- | C] () -- C:\Windows\System32\ANIOApi.dll
[2010.01.15 21:02:51 | 000,258,048 | ---- | C] () -- C:\Windows\System32\wlanapp.dll
[2010.01.15 21:02:51 | 000,204,800 | ---- | C] () -- C:\Windows\System32\aIPH.dll
[2010.01.15 21:02:51 | 000,049,152 | ---- | C] () -- C:\Windows\System32\JJAKEn.dll
[2010.01.15 21:02:51 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AQCKGen.dll
[2010.01.15 21:02:51 | 000,045,115 | ---- | C] () -- C:\Windows\System32\ANICtl.dll
[2010.01.15 21:02:28 | 000,724,992 | ---- | C] () -- C:\Windows\System32\ANIOWPS.dll
[2010.01.15 20:53:30 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\anodlwf.sys
[2009.09.24 05:45:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.02.19 20:37:58 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.02.02 23:08:21 | 000,000,062 | ---- | C] () -- C:\Windows\wininit.ini
[2009.02.02 19:04:54 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008.10.28 04:18:39 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.10.10 15:27:58 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2006.10.10 15:27:58 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
< End of report >
         
Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 15.08.2010 11:33:02 - Run 5
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,16 Gb Total Space | 83,39 Gb Free Space | 58,66% Space Free | Partition Type: NTFS
Drive D: | 142,93 Gb Total Space | 58,60 Gb Free Space | 41,00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CHRIS-PC
Current User Name: Chris
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01202F56-BFCD-4119-8DED-93C79D345CCD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{03B1F42F-3A86-44E8-BA96-CCA9528E9ECB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{0539BCC1-5619-4A2B-AAB6-53CEA4326EBA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{2863C0E5-6AA6-4FD0-8634-EC8074CD786A}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{303B9833-829A-4443-8487-E2C562B37B71}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{49E6D984-37B6-4BD8-B34C-F6F1E2BFFE1E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4C8244BF-7018-404E-9C3F-1DA07E406802}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4F930617-4056-4F2F-A7C4-4F3A3E82DB01}" = rport=445 | protocol=6 | dir=out | app=system | 
"{52749251-141B-43B5-B8BE-9B7A68C32F5A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6D45D379-934C-42D4-8EA2-F34BCB06EFE7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{792FA573-14E0-4606-A49D-CB0AD56A24AC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7E1A018E-143C-40BB-9CB5-322AC4D4ED93}" = lport=139 | protocol=6 | dir=in | app=system | 
"{81F4B982-A58A-4590-A2ED-7FD2E7B13288}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{87278016-2AF7-446B-A8D1-8FEBC05D5B0D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8C07B478-C5CB-46BD-A89F-35F48A35510D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8FC0A167-1505-4ED7-86E9-AD57F60C7B8D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B6B2D2DC-C325-488F-80C3-C7069A492FDD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B9936AB1-DAC9-40EC-B3F4-3454EBCE2BCB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DAE3323A-8144-4512-8635-22F1303D0D15}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{E664FFF8-1090-42BB-A82C-66A020978686}" = lport=138 | protocol=17 | dir=in | app=system | 
"{EB36BD36-44E6-4FC5-AFBC-B0571A9D24E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1664C17B-6F3B-4D2A-8234-F6EEBCE33813}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1717417E-9345-41C8-9E41-453C81BD5999}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{368E7E64-B9F3-4895-941E-EF0172E7D41C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{39FE307D-7C1F-4C21-BF5A-D4816C694FED}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9806-to-3.1.1.9835-dede-downloader.exe | 
"{3D5B035F-E003-45CD-AD96-14016954783E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{3E8B8BA7-3305-438F-9E46-8D8D23AD3398}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{44D23A5C-A8B9-4910-8D54-6114A675812B}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9806-to-3.1.1.9835-dede-downloader.exe | 
"{57AAD4A5-C6E0-4AD0-A25A-CDB95318CE99}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{5F89F8FF-8526-464D-9B28-89C616B0372D}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{6E65AC75-4CA4-4AD0-A274-6FF8A64CAF07}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{73E4476F-54FF-45C7-8254-0BF021677B59}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9901-to-3.1.3.9947-dede-downloader.exe | 
"{79ECD430-582B-46BB-A582-26C091A3FF9A}" = protocol=6 | dir=in | app=c:\program files\jens lorek\tubebox!\tubebox.exe | 
"{885C914C-43B7-416B-961F-E0BC9263789A}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{93584CCF-EAE5-4A64-9DF9-CA191EFF64F8}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{9A9AEA28-60B1-477D-A276-B7AE37A3EF71}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A3AE6129-E81D-4EF6-92C0-B8818468DC92}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{A8009488-FE58-4CBD-A059-A16419BAF846}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{AB48091C-8AEA-4F1A-AE09-DBD32E13303E}" = protocol=17 | dir=in | app=c:\program files\jens lorek\tubebox!\tubebox.exe | 
"{B1624835-E67E-45E6-AD63-83171307DAEE}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{B2F79A4A-36D5-4345-9107-7CBE019BCAB7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B4DD9959-42D2-4C03-80EE-31CC48E85113}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{B787436A-0A53-4300-9B0E-80931B5F9FD6}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{B7CAD3B5-28AE-4F9F-9986-8B40B05D4CFB}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{BD6FCBF4-95AE-4754-950B-FB6C785B60E6}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{C288CB0C-06E3-49F3-815E-DBFC5879FD64}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9901-to-3.1.3.9947-dede-downloader.exe | 
"{D03357EE-B605-4380-80EF-C2B3235848AB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{DCF03822-3B16-42DC-94B9-D9EF76A43448}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{F0465D2A-2F77-4DD9-BEB7-D5AA9D689123}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"TCP Query User{014D3408-3C8F-4F3F-9E0E-0461E1B06404}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{0F53EE23-665E-4D04-84DD-E7DC0E70C97B}D:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\tmnationsforever\tmforever.exe | 
"TCP Query User{10AA69B9-369C-4CFF-B7DD-F423CAC9A0AC}D:\warcraft\world of warcraft\patches\wow-3.0.8.9464-to-3.0.8.9506-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.0.8.9464-to-3.0.8.9506-dede-downloader.exe | 
"TCP Query User{14D9CAAE-6081-4949-BA2E-357D01E0B3AE}D:\miranda im\miranda32.exe" = protocol=6 | dir=in | app=d:\miranda im\miranda32.exe | 
"TCP Query User{172259A5-EEC0-43DF-A5F2-5DAEC54FEDF3}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"TCP Query User{1BDF797E-FCAE-4454-AD0E-D56D802A7C7E}D:\warcraft\warcraft 3\warcraft 3 frozen throne v. 1.21\war3.exe" = protocol=6 | dir=in | app=d:\warcraft\warcraft 3\warcraft 3 frozen throne v. 1.21\war3.exe | 
"TCP Query User{265D2892-F7A6-4951-911F-1EB22A52FC77}D:\warcraft\world of warcraft\patches\wow-3.1.2.9901-to-3.1.3.9947-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.1.2.9901-to-3.1.3.9947-dede-downloader.exe | 
"TCP Query User{3BAEC50A-B945-4FA1-838A-65FE58D0E9E1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{3EF5B1A5-1468-46EF-BFC3-9AC9438B3E57}D:\counter strike 1.5\counter strike 1.5\cstrike.exe" = protocol=6 | dir=in | app=d:\counter strike 1.5\counter strike 1.5\cstrike.exe | 
"TCP Query User{483EE4B4-5341-40AD-910A-5FA9BCBE3459}D:\counter strike 1.5\hlsw\hlsw.exe" = protocol=6 | dir=in | app=d:\counter strike 1.5\hlsw\hlsw.exe | 
"TCP Query User{489EF77D-089E-434D-A074-EBB451F9C8A0}D:\warcraft\world of warcraft\patches\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe | 
"TCP Query User{53EFC16D-12E6-45A2-9A5E-C1BA63DDD292}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{5C3715B6-68F8-4445-8717-CB0CE6BC6449}D:\warcraft\world of warcraft\patches\wow-3.0.2.9056-to-3.0.3.9183-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.0.2.9056-to-3.0.3.9183-dede-downloader.exe | 
"TCP Query User{688FEDB5-43C2-4743-8BB2-F77CB96202FB}D:\warcraft\world of warcraft\patches\wow-3.0.8.9506-to-3.0.9.9551-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.0.8.9506-to-3.0.9.9551-dede-downloader.exe | 
"TCP Query User{6C046E32-2983-441B-AB3C-F74A78BF6EEC}D:\counter strike 1.5\counter strike 1.5\cstrike.exe" = protocol=6 | dir=in | app=d:\counter strike 1.5\counter strike 1.5\cstrike.exe | 
"TCP Query User{76FE9FFA-F89A-4E0C-B8DD-FA5DAF950841}D:\warcraft\world of warcraft\patches\wow-3.1.1.9835-to-3.1.2.9901-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.1.1.9835-to-3.1.2.9901-dede-downloader.exe | 
"TCP Query User{77853F1A-8F8B-41BF-A10F-0084CA0AD795}D:\miranda im\miranda32.exe" = protocol=6 | dir=in | app=d:\miranda im\miranda32.exe | 
"TCP Query User{81C5F0A0-AC4D-4E15-825D-60D2E287F972}D:\warcraft\world of warcraft\patches\wow-3.1.0.9767-to-3.1.1.9806-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.1.0.9767-to-3.1.1.9806-dede-downloader.exe | 
"TCP Query User{85E47EDB-6260-4140-9F5D-269D79318A37}D:\warcraft\world of warcraft\patches\wow-3.1.1.9806-to-3.1.1.9835-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.1.1.9806-to-3.1.1.9835-dede-downloader.exe | 
"TCP Query User{8A89D7D4-A33E-4A06-97CD-44DD8434F326}D:\warcraft\world of warcraft\patches\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"TCP Query User{8DCFC606-F15C-4BC8-80BB-4E08D37545C3}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | 
"TCP Query User{968B9B75-8BD4-48E5-94A6-12C03AAAC963}D:\warcraft\world of warcraft\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\world of warcraft\launcher.exe | 
"TCP Query User{A4AE7975-5CE4-498C-B901-E72449C6441E}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | 
"TCP Query User{ABF42030-69E4-4260-8A0B-7DADFEC6CFE3}D:\warcraft\world of warcraft\world of warcraft\patches\wow-3.0.2.9056-to-3.0.3.9183-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\world of warcraft\patches\wow-3.0.2.9056-to-3.0.3.9183-dede-downloader.exe | 
"TCP Query User{B596A1EC-BA91-47D3-B55B-6DC0CB50682F}D:\miranda im\miranda alt\miranda32.exe" = protocol=6 | dir=in | app=d:\miranda im\miranda alt\miranda32.exe | 
"TCP Query User{B6329C39-84D8-406D-BB93-7B61264660F1}C:\users\chris\desktop\blobby volley 2\blobby.exe" = protocol=6 | dir=in | app=c:\users\chris\desktop\blobby volley 2\blobby.exe | 
"TCP Query User{B9B856C8-E444-433E-9693-EC39841C49CD}D:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\tmnationsforever\tmforever.exe | 
"TCP Query User{DDF01C1C-0888-47BB-8AF1-6E5B71835265}D:\warcraft\world of warcraft\patches\wow-3.0.3.9183-to-3.0.8.9464-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.0.3.9183-to-3.0.8.9464-dede-downloader.exe | 
"TCP Query User{E3122978-473C-4F2F-8ACF-96B229892C6C}D:\warcraft\world of warcraft\wow-2.4.2.8278-to-2.4.3.8606-dede-downloader.exe" = protocol=6 | dir=in | app=d:\warcraft\world of warcraft\wow-2.4.2.8278-to-2.4.3.8606-dede-downloader.exe | 
"TCP Query User{EFD4302E-99BF-4CFD-BE23-78839D3431EF}D:\counter strike 1.5\hlsw\hlsw.exe" = protocol=6 | dir=in | app=d:\counter strike 1.5\hlsw\hlsw.exe | 
"TCP Query User{F2F9EC93-E7F4-48B8-8202-31120E876290}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{FA609952-2B4D-4BB9-BA58-71773C5A639D}D:\miranda alt\miranda32.exe" = protocol=6 | dir=in | app=d:\miranda alt\miranda32.exe | 
"TCP Query User{FA73D6BE-EB37-462A-A757-26C3373FA7B3}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{001C37FE-B9D4-4D59-B77A-9D071863C73B}D:\warcraft\world of warcraft\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\world of warcraft\launcher.exe | 
"UDP Query User{0321AA03-A4A3-4B45-B20C-591E3071179C}D:\counter strike 1.5\counter strike 1.5\cstrike.exe" = protocol=17 | dir=in | app=d:\counter strike 1.5\counter strike 1.5\cstrike.exe | 
"UDP Query User{0EEC9EAE-0F33-45C3-A1E3-8250562D475B}D:\miranda alt\miranda32.exe" = protocol=17 | dir=in | app=d:\miranda alt\miranda32.exe | 
"UDP Query User{102C81D6-F84D-4543-955C-DA6AFAFC511B}D:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\tmnationsforever\tmforever.exe | 
"UDP Query User{18CAFA5D-D1AC-47E1-A209-C9D23CE845A9}D:\warcraft\warcraft 3\warcraft 3 frozen throne v. 1.21\war3.exe" = protocol=17 | dir=in | app=d:\warcraft\warcraft 3\warcraft 3 frozen throne v. 1.21\war3.exe | 
"UDP Query User{203E9D7C-06E2-482F-9945-725C4F9E2F2A}D:\warcraft\world of warcraft\patches\wow-3.1.2.9901-to-3.1.3.9947-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.1.2.9901-to-3.1.3.9947-dede-downloader.exe | 
"UDP Query User{29FFAFEC-37D1-4357-A0CF-7CACCB7D69BA}C:\users\chris\desktop\blobby volley 2\blobby.exe" = protocol=17 | dir=in | app=c:\users\chris\desktop\blobby volley 2\blobby.exe | 
"UDP Query User{34AC9289-7BBF-4EDF-B3EF-3622C2E950B9}D:\counter strike 1.5\hlsw\hlsw.exe" = protocol=17 | dir=in | app=d:\counter strike 1.5\hlsw\hlsw.exe | 
"UDP Query User{57FB403D-F292-4830-A716-7984BB295C92}D:\warcraft\world of warcraft\patches\wow-3.0.2.9056-to-3.0.3.9183-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.0.2.9056-to-3.0.3.9183-dede-downloader.exe | 
"UDP Query User{630442D5-5FDF-4CA9-A9A1-E170EC1645C8}D:\warcraft\world of warcraft\wow-2.4.2.8278-to-2.4.3.8606-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\wow-2.4.2.8278-to-2.4.3.8606-dede-downloader.exe | 
"UDP Query User{63BC11C3-E2C4-4A05-A014-997C2C21C723}D:\warcraft\world of warcraft\patches\wow-3.1.1.9806-to-3.1.1.9835-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.1.1.9806-to-3.1.1.9835-dede-downloader.exe | 
"UDP Query User{6609D66B-1FD7-4B84-931C-FF3B926F8877}D:\warcraft\world of warcraft\patches\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"UDP Query User{6BFC8961-B66C-448B-A386-D2711DAD3F8E}D:\warcraft\world of warcraft\patches\wow-3.1.0.9767-to-3.1.1.9806-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.1.0.9767-to-3.1.1.9806-dede-downloader.exe | 
"UDP Query User{6F8D7D33-BB2E-43AF-9EB7-78A31A730F84}D:\miranda im\miranda32.exe" = protocol=17 | dir=in | app=d:\miranda im\miranda32.exe | 
"UDP Query User{754B791C-B261-480B-BB01-BA4C1B61240F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{75A82D63-B8F8-4864-9DBE-C5D49C0F5B6F}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{77F178E9-7F82-4A13-8AF8-A095BEE98647}D:\warcraft\world of warcraft\patches\wow-3.0.8.9506-to-3.0.9.9551-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.0.8.9506-to-3.0.9.9551-dede-downloader.exe | 
"UDP Query User{7D4A438A-C3B6-4F0C-96B5-F7EBE8EE5269}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | 
"UDP Query User{9F67A858-1B46-40FF-A177-5644B9722743}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{A42BE327-CDD0-4CF2-932E-356772662B06}D:\warcraft\world of warcraft\patches\wow-3.0.3.9183-to-3.0.8.9464-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.0.3.9183-to-3.0.8.9464-dede-downloader.exe | 
"UDP Query User{A64C5229-7FB5-4CE1-8195-3AC35BA862DC}D:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\tmnationsforever\tmforever.exe | 
"UDP Query User{B24D4E91-4F53-4907-AC68-B2425814FE4A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{B53B1BF0-FE3B-4FF5-97CF-CC741FF732D5}D:\warcraft\world of warcraft\patches\wow-3.0.8.9464-to-3.0.8.9506-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.0.8.9464-to-3.0.8.9506-dede-downloader.exe | 
"UDP Query User{B64C4508-09A2-4F21-B0E5-0FAC1415C2CD}D:\warcraft\world of warcraft\patches\wow-3.1.1.9835-to-3.1.2.9901-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.1.1.9835-to-3.1.2.9901-dede-downloader.exe | 
"UDP Query User{BB0828FB-6627-4813-BACC-AC651D691F8C}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | 
"UDP Query User{BC3D18CC-DD7F-4E7E-ABDD-938A10B002DD}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{C673AFC7-5A7D-45C8-9739-6D02E85CEF53}D:\miranda im\miranda alt\miranda32.exe" = protocol=17 | dir=in | app=d:\miranda im\miranda alt\miranda32.exe | 
"UDP Query User{C7BAD277-6407-4BEE-A7FE-4B87CD00FBC1}D:\warcraft\world of warcraft\patches\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\patches\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe | 
"UDP Query User{CD7C9105-9C69-4F70-A287-6EDC8EC445F6}D:\warcraft\world of warcraft\world of warcraft\patches\wow-3.0.2.9056-to-3.0.3.9183-dede-downloader.exe" = protocol=17 | dir=in | app=d:\warcraft\world of warcraft\world of warcraft\patches\wow-3.0.2.9056-to-3.0.3.9183-dede-downloader.exe | 
"UDP Query User{D7BEEB7A-1829-4A3C-BAF4-04DE74ED55BF}D:\miranda im\miranda32.exe" = protocol=17 | dir=in | app=d:\miranda im\miranda32.exe | 
"UDP Query User{EE573A79-27BE-41A7-9375-5F2A9F8F830D}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{F92D07A5-953B-46D4-AE25-66EDFFC6099A}D:\counter strike 1.5\hlsw\hlsw.exe" = protocol=17 | dir=in | app=d:\counter strike 1.5\hlsw\hlsw.exe | 
"UDP Query User{F9BD23FC-06DC-413C-B143-5E9A32B2790F}D:\counter strike 1.5\counter strike 1.5\cstrike.exe" = protocol=17 | dir=in | app=d:\counter strike 1.5\counter strike 1.5\cstrike.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{294A97F8-CC15-41F7-8718-CEE6B0C7D7E0}" = D-Link Wireless N Dual Band DWA-160 
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2E2F9C65-38BC-4400-A27C-D65A507587D0}" = TubeBox!
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{818FB39B-1A57-4F1B-A54D-391C33D6C586}" = Tropico
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{92276389-DD58-4D04-ADB8-64416EE139AD}" = D-Link Wireless N Dual Band DWA-160 
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC14F40D-7C13-4F3A-9F4A-3835D7642036}" = PE585QAEncoder-32
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D761C5D2-E727-415A-BC4E-52642CEA1A1C}" = TubeBox!
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azureus" = Azureus
"BLASC 2.0" = BLASC 2.0
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Flatcast_is1" = Flatcast Viewer Plugin 5.2.2.454
"Foxit Reader" = Foxit Reader
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miranda IM" = Miranda IM 0.8.4
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NVIDIA Drivers" = NVIDIA Drivers
"PowerStrip 3 (remove only)" = PowerStrip 3 (remove only)
"RollerCoaster Tycoon Setup" = Roll
"Tiberian Sun" = Command & Conquer Teil 3: Operation Tiberian Sun
"TmNationsForever_is1" = TmNationsForever
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 30.07.2010 16:30:29 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.07.2010 18:19:15 | Computer Name = Chris-PC | Source = Google Update | ID = 20
Description = 
 
Error - 30.07.2010 18:42:07 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.07.2010 19:19:16 | Computer Name = Chris-PC | Source = Google Update | ID = 20
Description = 
 
Error - 30.07.2010 20:19:15 | Computer Name = Chris-PC | Source = Google Update | ID = 20
Description = 
 
Error - 30.07.2010 21:19:15 | Computer Name = Chris-PC | Source = Google Update | ID = 20
Description = 
 
Error - 30.07.2010 22:19:17 | Computer Name = Chris-PC | Source = Google Update | ID = 20
Description = 
 
Error - 30.07.2010 23:19:18 | Computer Name = Chris-PC | Source = Google Update | ID = 20
Description = 
 
Error - 31.07.2010 00:19:16 | Computer Name = Chris-PC | Source = Google Update | ID = 20
Description = 
 
Error - 31.07.2010 01:48:01 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 13.08.2010 07:39:33 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 13.08.2010 07:39:34 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 13.08.2010 07:46:20 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 13.08.2010 07:51:55 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.08.2010 05:47:17 | Computer Name = Chris-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 14.08.2010 um 11:45:06 unerwartet heruntergefahren.
 
Error - 14.08.2010 05:47:42 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.08.2010 03:32:17 | Computer Name = Chris-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 15.08.2010 03:32:17 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 15.08.2010 03:32:17 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.08.2010 05:07:50 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         

Alt 15.08.2010, 16:40   #12
Larusso
/// Selecta Jahrusso
 
Sperrung Online-Banking / "angeblicher" Trojaner - Standard

Sperrung Online-Banking / "angeblicher" Trojaner



Schritt 1

Deinstalliere bitte Ask Toolbar


Schritt 2

Peer to peer oder filesharing software

Deine Logfile(s) zeigen mir das Du sogenannte Peer to Peer oder Filesharing Programme verwendest ( Bei Dir Azureus ). Diese Programme erlauben es Dir, Daten mit anderen Usern auszutauschen. Heutzutage bekommt Cyber Crime einen immer höher werdenden Status und die Ausmaße sind enorm. Leider ist auch p2p oder Filesharing davon nicht ausgenommen. Es dient auch dazu, infizierte Dateien zu verbreiten und ist auch ein Grund warum sich Malware so schnell verbreitet.
Es ist also möglich, dass Du Dir eine Infizierte Datei herunter ladest. Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art Software mit äusserster Vorsicht benutzt werden.

Ein ebenfalls wichtiger Punkt ist, dass das verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt.
Du setzt Dich also selbst dem Risiko einer Anklage durch Orginastionen ( oder dem Author der "Datei" selbst ) die diese Rechte überwachen
Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service. Zum Beispiel zum Downloaden von Linux oder Open Office.
Denoch würde ich Dich ersuchen, diese Art von Software nicht weiterhin zu verwenden.
Bitte gehe zu

Start --> Systemsteuerung --> Software

und deinstalliere (falls vorhanden) Azureus

Bitte sag bescheid wenn Du eines der gelisteten Software nicht finden kannst.


Schritt 3
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:OTL
[2010.08.15 09:35:44 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
[2010.08.15 10:48:01 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\4sb65u9t.default\extensions\toolbar@ask.com
:services
:files
:reg
:Commands
[purity]
[emptytemp]
[reboot]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf .
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Schritt 4

Starte bitte OTL und drücke den QuickScan Button


Bitte poste in deiner nächsten Antwort
OTL Fix Log
OTL.txt
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 15.08.2010, 18:31   #13
Lucajoel
 
Sperrung Online-Banking / "angeblicher" Trojaner - Standard

Sperrung Online-Banking / "angeblicher" Trojaner



zu Schritt 1:

erledigt

zu Schritt 2:

Azureus wurde entfernt

erledigt

zu Schritt 3:

Code:
ATTFilter
All processes killed
========== OTL ==========
Folder move failed. C:\Programme\Ask.com scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Folder C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\4sb65u9t.default\extensions\toolbar@ask.com\ not found.
========== SERVICES/DRIVERS ==========
========== FILES ==========
========== REGISTRY ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Bird
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 13689500 bytes
->FireFox cache emptied: 14618672 bytes
 
User: Chris
->Temp folder emptied: 1017170 bytes
->Temporary Internet Files folder emptied: 785041 bytes
->Java cache emptied: 90207578 bytes
->FireFox cache emptied: 88821197 bytes
->Flash cache emptied: 175304 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 824 bytes
RecycleBin emptied: 229752 bytes
 
Total Files Cleaned = 200,00 mb
 
 
OTL by OldTimer - Version 3.2.9.1 log created on 08152010_181248

Files\Folders moved on Reboot...
Folder move failed. C:\Programme\Ask.com scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         
zu Schritt 4:

Code:
ATTFilter
OTL logfile created on: 15.08.2010 18:25:22 - Run 6
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,16 Gb Total Space | 83,40 Gb Free Space | 58,67% Space Free | Partition Type: NTFS
Drive D: | 142,93 Gb Total Space | 58,60 Gb Free Space | 41,00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CHRIS-PC
Current User Name: Chris
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Chris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\D-Link\DWA-160\AirNCFG.exe (D-Link Corp.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\System32\ANIWConnService.exe ()
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Power Strip\PStrip.exe (EnTech Taiwan)
PRC - D:\Winamp\winampa.exe ()
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\SysMonitor.exe ()
PRC - C:\Programme\Acer\Empowering Technology\Framework.Launcher.exe ()
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Chris\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ANIWConnService) -- C:\Windows\System32\ANIWConnService.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Chris\AppData\Local\Temp\catchme.sys File not found
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (anodlwf) -- C:\Windows\System32\drivers\anodlwf.sys ()
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (arusb_lh) -- C:\Windows\System32\drivers\dwarusb_lh.sys (Atheros Communications, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan)
DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (PStrip) -- C:\Windows\System32\drivers\pstrip.sys (EnTech Taiwan)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1006&m=aspire_x1700
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1006&m=aspire_x1700
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.30
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.25 08:52:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.15 11:10:14 | 000,000,000 | ---D | M]
 
[2009.02.02 19:09:40 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions
[2010.08.15 17:54:48 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\4sb65u9t.default\extensions
[2010.07.05 18:42:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\4sb65u9t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.10 17:19:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\4sb65u9t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.08.10 18:59:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\4sb65u9t.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.03.14 14:43:55 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\4sb65u9t.default\extensions\firefox@tvunetworks.com
[2010.03.09 00:26:52 | 000,001,819 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\FireFox\Profiles\4sb65u9t.default\searchplugins\bing.xml
[2010.08.15 10:56:30 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.08.15 10:56:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.08.15 10:56:16 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.08.15 09:34:59 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009.09.21 11:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\Mozilla Firefox\plugins\NpFv522.dll
[2009.03.24 11:10:44 | 000,114,688 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010.07.22 12:12:16 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.22 12:12:16 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.22 12:12:16 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.22 12:12:16 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.22 12:12:16 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programme\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [D-Link D-Link Wireless N Dual Band DWA-160 ] C:\Programme\D-Link\DWA-160\AirNCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Lau File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [WinampAgent] D:\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerStrip.lnk = C:\Programme\Power Strip\PStrip.exe (EnTech Taiwan)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: treubau-gruppe.de ([owa] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.08.15 18:12:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.08.15 10:57:48 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.08.15 10:56:11 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2010.08.15 10:51:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\JavaRa
[2010.08.15 10:16:21 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Foxit Software
[2010.08.15 09:35:44 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com
[2010.08.15 09:35:31 | 000,000,000 | ---D | C] -- C:\Programme\Foxit Software
[2010.08.15 09:34:34 | 007,019,008 | ---- | C] (Foxit Software Company) -- C:\Users\Chris\Desktop\FoxitReader411_enu_Setup.exe
[2010.08.15 09:32:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.08.13 21:09:02 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Flatcast
[2010.08.13 13:49:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.08.13 13:49:14 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\temp
[2010.08.13 13:48:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.08.13 13:37:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.08.13 13:35:09 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2010.08.13 10:26:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.08.13 10:26:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.08.13 10:26:45 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.08.13 10:26:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.08.13 10:25:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.08.11 19:31:35 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2010.08.10 17:03:58 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2010.08.10 17:03:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.10 17:03:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.10 17:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.10 17:03:34 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.10 13:32:48 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2010.08.10 13:32:26 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security
[2010.07.21 06:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010.07.14 20:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2008.10.28 12:31:49 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 90 Days ==========
 
[2010.08.15 18:21:04 | 002,359,296 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT
[2010.08.15 18:19:56 | 000,012,827 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\PStrip.ini
[2010.08.15 18:19:53 | 000,003,284 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\ANIWZCS{06616A37-7624-4B51-9A2E-3F6DE1048D0B}
[2010.08.15 18:19:41 | 000,000,006 | ---- | M] () -- C:\Windows\System32\ANIWZCSUSERNAME{06616A37-7624-4B51-9A2E-3F6DE1048D0B}
[2010.08.15 18:19:14 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.15 18:19:14 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.15 18:19:13 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.15 18:19:04 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010.08.15 18:19:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.15 18:18:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.15 18:17:33 | 000,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.15 18:17:33 | 000,065,536 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.15 17:44:09 | 000,041,472 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.15 17:36:29 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.15 17:36:26 | 000,003,284 | ---- | M] () -- C:\Windows\System32\ANIWZCS{06616A37-7624-4B51-9A2E-3F6DE1048D0B}
[2010.08.15 11:10:56 | 000,012,827 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\PStrip.bak
[2010.08.15 11:10:40 | 000,012,827 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\PStrip.bko
[2010.08.15 11:05:14 | 003,112,303 | -H-- | M] () -- C:\Users\Chris\AppData\Local\IconCache.db
[2010.08.15 11:05:05 | 000,012,850 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\PStrip.bk!
[2010.08.15 09:34:48 | 007,019,008 | ---- | M] (Foxit Software Company) -- C:\Users\Chris\Desktop\FoxitReader411_enu_Setup.exe
[2010.08.13 21:10:13 | 000,001,207 | ---- | M] () -- C:\Windows\unins000.dat
[2010.08.13 21:10:10 | 000,695,578 | ---- | M] () -- C:\Windows\unins000.exe
[2010.08.13 13:46:23 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.08.13 13:35:18 | 000,869,051 | ---- | M] () -- C:\Users\Chris\Desktop\SecurityCheck.exe
[2010.08.13 13:34:23 | 002,672,312 | ---- | M] () -- C:\Users\Chris\Desktop\esetsmartinstaller_enu.exe
[2010.08.13 13:20:05 | 003,816,958 | R--- | M] () -- C:\Users\Chris\Desktop\ComboFix.exe
[2010.08.12 22:14:41 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.12 22:14:41 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.12 22:14:41 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.12 22:14:41 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.12 22:14:41 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.12 03:22:08 | 000,293,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.11 23:54:49 | 000,080,384 | ---- | M] () -- C:\Users\Chris\Desktop\MBRCheck.exe
[2010.08.11 19:31:37 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2010.08.11 19:21:43 | 204,353,644 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.08.11 19:17:00 | 000,293,376 | ---- | M] () -- C:\Users\Chris\Desktop\zgy1mt84.exe
[2010.08.05 15:45:29 | 000,000,282 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\ANICONFIG_{06616A37-7624-4B51-9A2E-3F6DE1048D0B}.ini
[2010.08.05 15:45:24 | 000,000,121 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\ANIOIDCONFIG_{06616A37-7624-4B51-9A2E-3F6DE1048D0B}.ini
[2010.07.25 12:30:25 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.07.24 14:10:26 | 000,012,862 | ---- | M] () -- C:\Windows\EPISMG00.SWB
 
========== Files Created - No Company Name ==========
 
[2010.08.15 11:02:06 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010.08.13 21:09:02 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe
[2010.08.13 21:09:02 | 000,001,207 | ---- | C] () -- C:\Windows\unins000.dat
[2010.08.13 13:34:57 | 000,869,051 | ---- | C] () -- C:\Users\Chris\Desktop\SecurityCheck.exe
[2010.08.13 13:34:20 | 002,672,312 | ---- | C] () -- C:\Users\Chris\Desktop\esetsmartinstaller_enu.exe
[2010.08.13 13:19:54 | 003,816,958 | R--- | C] () -- C:\Users\Chris\Desktop\ComboFix.exe
[2010.08.13 10:26:45 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.08.13 10:26:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.08.13 10:26:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.08.13 10:26:45 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.08.13 10:26:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.08.11 23:54:48 | 000,080,384 | ---- | C] () -- C:\Users\Chris\Desktop\MBRCheck.exe
[2010.08.11 19:21:43 | 204,353,644 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.08.11 19:16:58 | 000,293,376 | ---- | C] () -- C:\Users\Chris\Desktop\zgy1mt84.exe
[2010.07.24 14:10:26 | 000,012,862 | ---- | C] () -- C:\Windows\EPISMG00.SWB
[2010.01.15 21:03:01 | 000,315,392 | ---- | C] () -- C:\Windows\System32\ANIOApi.dll
[2010.01.15 21:02:51 | 000,258,048 | ---- | C] () -- C:\Windows\System32\wlanapp.dll
[2010.01.15 21:02:51 | 000,204,800 | ---- | C] () -- C:\Windows\System32\aIPH.dll
[2010.01.15 21:02:51 | 000,049,152 | ---- | C] () -- C:\Windows\System32\JJAKEn.dll
[2010.01.15 21:02:51 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AQCKGen.dll
[2010.01.15 21:02:51 | 000,045,115 | ---- | C] () -- C:\Windows\System32\ANICtl.dll
[2010.01.15 21:02:28 | 000,724,992 | ---- | C] () -- C:\Windows\System32\ANIOWPS.dll
[2010.01.15 20:53:30 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\anodlwf.sys
[2009.09.24 05:45:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.02.19 20:37:58 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.02.02 23:08:21 | 000,000,062 | ---- | C] () -- C:\Windows\wininit.ini
[2009.02.02 19:04:54 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008.10.28 04:18:39 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.10.10 15:27:58 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2006.10.10 15:27:58 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2008.10.28 04:31:38 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Acer GameZone Console
[2010.08.10 20:02:13 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Ahfer
[2010.04.11 20:27:45 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\AnvSoft
[2010.04.11 20:20:53 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\avidemux
[2010.07.25 08:52:40 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Azureus
[2009.02.02 18:50:42 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\eSobi
[2010.08.13 21:10:12 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Flatcast
[2010.08.15 10:16:21 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Foxit Software
[2009.08.05 12:20:35 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\GetRightToGo
[2010.08.08 16:56:53 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Imycmi
[2009.08.23 19:11:29 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Miranda
[2009.04.10 09:05:43 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PeerNetworking
[2009.10.08 20:06:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TubeBox
[2010.08.15 18:17:23 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
         

Alt 15.08.2010, 18:47   #14
Larusso
/// Selecta Jahrusso
 
Sperrung Online-Banking / "angeblicher" Trojaner - Standard

Sperrung Online-Banking / "angeblicher" Trojaner



Kannst Du bitte mal in folgenden Ordner nachsehen was da drinn ist ?

C:\Users\Chris\AppData\Roaming\Imycmi
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 15.08.2010, 18:58   #15
Lucajoel
 
Sperrung Online-Banking / "angeblicher" Trojaner - Standard

Sperrung Online-Banking / "angeblicher" Trojaner



Der Ordner ist leer, kein Inhalt. Alle Dateien würden über die Ordneroption sichtbar gemacht.

Antwort

Themen zu Sperrung Online-Banking / "angeblicher" Trojaner
0x00000001, acroiehelper.dll, ad-aware, adblock, antivir, avgntflt.sys, avira, bho, components, corp./icp, dllhost.exe, downloader, e-banking, error, excel, excel.exe, firefox, firefox.exe, flash player, google, home, home premium, install.exe, location, logfile, maleware, mozilla, nvlddmkm.sys, nvstor.sys, oldtimer, otl.exe, popup, problem, programdata, realtek, registry, saver, scan, sched.exe, searchplugins, shell32.dll, software, start menu, studio, svchost.exe, trojane, trojaner, tubebox, usb, vista



Ähnliche Themen: Sperrung Online-Banking / "angeblicher" Trojaner


  1. Danke an COSINUS betr. "Online-Banking-Account gesperrt - Verdacht auf Trojaner"
    Lob, Kritik und Wünsche - 06.09.2015 (1)
  2. Meldung Sperrung des Browsers durch "Interpol" mit Paysafe Zahlungsaufforderung
    Plagegeister aller Art und deren Bekämpfung - 29.06.2015 (14)
  3. Warnung vor E-Banking Trojaner "Dyre" in der Schweiz
    Diskussionsforum - 11.05.2015 (2)
  4. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  5. Windows 7 Trojaner führt zur Sperrung von Online Banking
    Log-Analyse und Auswertung - 29.06.2014 (16)
  6. Wiederholte sperrung der Online-Banking funktion
    Plagegeister aller Art und deren Bekämpfung - 13.08.2013 (11)
  7. Online Banking – Sicherheitsabfrage und andere Probleme - laut Kripo "guter Virus"
    Plagegeister aller Art und deren Bekämpfung - 11.07.2013 (17)
  8. Angeblicher "LulzSec-Anführer" nur ein Möchtegern-Hacker
    Nachrichten - 26.04.2013 (0)
  9. Banking-Trojaner "Gauss" vermutlich mit staatlichem Auftrag
    Nachrichten - 09.08.2012 (0)
  10. Trojaner stört Online-Banking "Umstrukturierung..."
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (3)
  11. Links auf Antiviren Seiten werden mit Google 404 abgefangen, Online Banking Daten "gestohlen"
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (2)
  12. größere Downloads brechen ab / Online Banking wird mit "Sicherheitsmaske" überdeckt
    Log-Analyse und Auswertung - 12.04.2012 (18)
  13. Sparkasse Online Banking Meldung "Ihrer Computer wird identifiziert..."
    Plagegeister aller Art und deren Bekämpfung - 07.12.2011 (6)
  14. Online Banking Trojaner "AppData\Local\Temp\charover.dll"
    Plagegeister aller Art und deren Bekämpfung - 06.11.2010 (14)
  15. Online-Banking wegen Trojaner "gozi" gesperrt
    Plagegeister aller Art und deren Bekämpfung - 04.11.2010 (28)
  16. Trojanerangriff auf Comdirect-Konto und Sperrung, Java-Virus, "Christian..."??
    Plagegeister aller Art und deren Bekämpfung - 28.10.2010 (10)
  17. "gutmütiger" Trojaner - online in "befreundeten" pc einloggen
    Alles rund um Windows - 19.10.2007 (5)

Zum Thema Sperrung Online-Banking / "angeblicher" Trojaner - Hallo zusammen, wie viele andere hier in den letzten Tagen kann auch ich aufgrund eines "angeblichen" Trojaners mein Online Banking bei meiner Bank nicht mehr nutzen. Folgende Programme habe ich - Sperrung Online-Banking / "angeblicher" Trojaner...
Archiv
Du betrachtest: Sperrung Online-Banking / "angeblicher" Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.